Introduction to SYN Scanning

Port scanning and the TCP handshake

Port scans are designed to identify which ports on a system are open and have programs actively listening to them and which are not. Scans can be performed in a variety of different ways, taking advantage of how various operating systems respond to different packets and scenarios.

As discussed in the previous lesson, the TCP handshake is made up of three main stages:

• SYN: The client indicates their interest in communicating

• SYN/ACK: The server acknowledges receipt of the client’s SYN packet and indicates that it is also open to communicating

• ACK: The client acknowledges receipt of the server’s SYN/ACK packet

At the end of this process, a session is established between the client and the server, and they can start sending data to one another.

Introduction to SYN scanning

A SYN or “half-open” scan starts this process but doesn’t finish it. The client sends out the SYN packet and analyzes the response, as shown in the diagram below.