What is the meaning of a half-open SYN scan in practice?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Nmap and ZenMap Tests. Access flashcards and multiple choice questions, with hints and explanations for each question. Ensure success in your exam!

Multiple Choice

What is the meaning of a half-open SYN scan in practice?

Explanation:
A half-open SYN scan probes TCP ports by starting the handshake but never completing it. The scanner sends a SYN to the target port; if the port is open, the host replies with SYN-ACK, and the scanner then immediately sends an RST to tear down the connection before the third step completes. Because the full three-way handshake never finishes, no actual connection is established, making the scan fast and less likely to leave a trace in some logs. If the port is closed, the target responds with RST after the initial SYN, indicating closed. If the port is filtered, there may be no reply at all. This technique uses TCP, not UDP, so claims about UDP are incorrect. The idea isn’t that the handshake is ignored; it’s that it is started and then aborted to avoid establishing a full connection.

A half-open SYN scan probes TCP ports by starting the handshake but never completing it. The scanner sends a SYN to the target port; if the port is open, the host replies with SYN-ACK, and the scanner then immediately sends an RST to tear down the connection before the third step completes. Because the full three-way handshake never finishes, no actual connection is established, making the scan fast and less likely to leave a trace in some logs. If the port is closed, the target responds with RST after the initial SYN, indicating closed. If the port is filtered, there may be no reply at all. This technique uses TCP, not UDP, so claims about UDP are incorrect. The idea isn’t that the handshake is ignored; it’s that it is started and then aborted to avoid establishing a full connection.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy