Nmap SYN and TCP Connect Scans

Learn how the Nmap SYN scan and TCP connect scan work.

We'll cover the following

Nmap runs the default scan when no options are provided. The exact process of the default scan can be categorized into two different types. Let’s look at the two types of scans Nmap performs by default: the SYN scan and the TCP connect scan.

Nmap SYN scan

The SYN scan is the default scan Nmap runs if we run the command as root without any flags. This scan tries to invoke a three-way handshake but drops it midway. Nmap determines whether a port is open, closed, or filtered based on the response from the target.

The following picture shows how the SYN scan works. We can see that Nmap sends the RST flag instead of the ACK flag. This helps Nmap gather information about a port without establishing a full connection with the target.

Get hands-on with 1400+ tech skills courses.