0

Here in Nmap we have -sS option, which starts a "half-open scan."

    ➜  ~ sudo nmap -sS 192.168.1.4
    Password:
    Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
    Nmap scan report for 192.168.1.4
    Host is up (0.000082s latency).
    Not shown: 999 closed ports
    PORT      STATE SERVICE
    49159/tcp open  unknown

then I use -sT option, which start a "full connection"

    ➜  ~ sudo nmap -sT 192.168.1.4
    Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
    Nmap scan report for 192.168.1.4
    Host is up (0.00018s latency).
    Not shown: 999 closed ports
    PORT      STATE SERVICE
    49159/tcp open  unknown

The results of these two scans are exactly the same.

Question: How does a "half-open" TCP scan work, and can I simply use it instead of "full connection scan"?

Improve this question
1

1 Answer 1

Reset to default
1

The -sT option does a full 3 way handshake. The -sS option is a SYN only scan. It never makes the full connection. A syn scan waits for a SYN/ACK (SA) or a RESET packet. If it gets either it knows how to mark the connection. The -sT option performs a full connection waiting for the S/SA/A flags.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.