Introduction to SYN Scanning

Learn how SYN scans work in preparation for building one using Scapy.

Port scanning and the TCP handshake

Port scans are designed to identify which ports on a system are open and have programs actively listening to them and which are not. Scans can be performed in a variety of different ways, taking advantage of how various operating systems respond to different packets and scenarios.

As discussed in the previous lesson, the TCP handshake is made up of three main stages:

  • SYN: The client indicates their interest in communicating

  • SYN/ACK: The server acknowledges receipt of the client’s SYN packet and indicates that it is also open to communicating

  • ACK: The client acknowledges receipt of the server’s SYN/ACK packet

At the end of this process, a session is established between the client and the server, and they can start sending data to one another.

Introduction to SYN scanning

A SYN or “half-open” scan starts this process but doesn’t finish it. The client sends out the SYN packet and analyzes the response, as shown in the diagram below.

Get hands-on with 1400+ tech skills courses.