Of TCP IP

 # SYN, used to establish a TCP session. When the target responds back, we know the host is active. When it doesn't respond to ping, we know the host is blocked.

# FIN, which uses a bare packet as the probe to determine if a port is open or closed. From this we could guess what well-known services may be running based on what the open ports are generally used for. Even if the port is closed, it's required to respond with a reset packet (RST). If a RST bounces back, the port is closed. If nothing is returned, it means the port is open.

# Fragmentation scanning. When a packet reaches a host, the target has to reassemble the packet in order to make sense of it. Fragmented packets confuse these machines and can potentially bypass access controls.