Scribd
Upload
69 views1 page

37-TCP SYN or Half-Open Scan

The TCP SYN scan, also known as a half-open or stealth scan, involves sending a SYN packet to a target port and analyzing the response to determine if the port is open, closed, or filtered. If the port is open, a SYN-ACK packet is returned, while a closed port sends a RST packet; no response indicates a filtered port. This method is faster and less detectable than a full TCP connect scan as it does not complete the TCP 3-way handshake.

Uploaded by

ilias ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
69 views1 page

37-TCP SYN or Half-Open Scan

The TCP SYN scan, also known as a half-open or stealth scan, involves sending a SYN packet to a target port and analyzing the response to determine if the port is open, closed, or filtered. If the port is open, a SYN-ACK packet is returned, while a closed port sends a RST packet; no response indicates a filtered port. This method is faster and less detectable than a full TCP connect scan as it does not complete the TCP 3-way handshake.

Uploaded by

ilias ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

TCP SYN or Half-Open Scan:

In a SYN scan, Nmap sends a SYN packet to the target port. If the port is open, the target sends
a SYN/ACK set packet. Then Nmap instead of sending a packet with ACK flag set, sends a packet
with RST flag set to terminate the connection. Since the Three-way handshake is not complete,
it is known as half-open scan. Similarly, since the TCP connection is not complete it is not logged
and hence considered a stealthy scan. Also, unlike TCP connect scan this scan is fast.
If the port is closed, the target sends a RST (Reset) packet. If the target doesn’t respond, the
port can be considered filtered.

o Also known as a half-open or stealth scan.


o Sends a SYN packet and waits for a response.
o Does not complete the TCP 3-way handshake.
o Sends SYN packets to the target port is open, closed, or filtered.
o If the port is open, the target sends back a SYN-ACK packet.
o If the port is closed, the target sends a RST (Reset) packet.
o If the target doesn’t respond, the port can be considered filtered.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

You might also like