windows 11 and xmas scans

Observing Windows 11 during a XMAS scan
I encourage people to spend a few minutes and learn how devices respond to certain scenarios. This is one of the tasks my regular clients ask me to perform.
One of those examples would be to download Nmap and run the scan on a device within your network.
The benefits of this example are countless; You get to practice and develop nmap skills, you get more practice with Wireshark and protocol analysis, and lastly you get to learn the real behavior of various devices on the wire, not by reading a theoretical white paper.
In this video I take a windows 11 device and run a nmap/Xmas scan against it, change one simple variable, disable the windows firewall and repeat. This exercise was inspired from a conversation I had one in one my onsite training sessions where people were debating if a windows 11 device would respond to a Xmas scan. As the discussion progressed, people were throwing in variables such as what if the firewall was enabled?
I interrupted and simply suggested to the group “Why not find out instead of theorizing?”. So we started our captures, randomly scanned a windows 11 host, and reviewed the results.
In the following video I cover the basics of what we did and encourage you to do the same. Feel free to try all sorts of devices you might have available to you within your network such as printers, phones, cameras, routers, switches and anything else you can think of.