How does a half-open scan work in Nmap?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
Here in Nmap we have -sS
option, which starts a "half-open scan."
â ~ sudo nmap -sS 192.168.1.4
Password:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
Nmap scan report for 192.168.1.4
Host is up (0.000082s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
49159/tcp open unknown
then I use -sT
option, which start a "full connection"
â ~ sudo nmap -sT 192.168.1.4
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
Nmap scan report for 192.168.1.4
Host is up (0.00018s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
49159/tcp open unknown
The results of these two scans are exactly the same.
Question: How does a "half-open" TCP scan work, and can I simply use it instead of "full connection scan"?
nmap
add a comment |Â
up vote
0
down vote
favorite
Here in Nmap we have -sS
option, which starts a "half-open scan."
â ~ sudo nmap -sS 192.168.1.4
Password:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
Nmap scan report for 192.168.1.4
Host is up (0.000082s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
49159/tcp open unknown
then I use -sT
option, which start a "full connection"
â ~ sudo nmap -sT 192.168.1.4
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
Nmap scan report for 192.168.1.4
Host is up (0.00018s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
49159/tcp open unknown
The results of these two scans are exactly the same.
Question: How does a "half-open" TCP scan work, and can I simply use it instead of "full connection scan"?
nmap
Relevant documentation: nmap.org/book/man-port-scanning-techniques.html
â bonsaiviking
Jul 5 at 21:12
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Here in Nmap we have -sS
option, which starts a "half-open scan."
â ~ sudo nmap -sS 192.168.1.4
Password:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
Nmap scan report for 192.168.1.4
Host is up (0.000082s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
49159/tcp open unknown
then I use -sT
option, which start a "full connection"
â ~ sudo nmap -sT 192.168.1.4
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
Nmap scan report for 192.168.1.4
Host is up (0.00018s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
49159/tcp open unknown
The results of these two scans are exactly the same.
Question: How does a "half-open" TCP scan work, and can I simply use it instead of "full connection scan"?
nmap
Here in Nmap we have -sS
option, which starts a "half-open scan."
â ~ sudo nmap -sS 192.168.1.4
Password:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
Nmap scan report for 192.168.1.4
Host is up (0.000082s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
49159/tcp open unknown
then I use -sT
option, which start a "full connection"
â ~ sudo nmap -sT 192.168.1.4
Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-04 20:23 CST
Nmap scan report for 192.168.1.4
Host is up (0.00018s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
49159/tcp open unknown
The results of these two scans are exactly the same.
Question: How does a "half-open" TCP scan work, and can I simply use it instead of "full connection scan"?
nmap
edited Jul 4 at 12:44
Kusalananda
101k13199312
101k13199312
asked Jul 4 at 12:33
Albert Zhang
172
172
Relevant documentation: nmap.org/book/man-port-scanning-techniques.html
â bonsaiviking
Jul 5 at 21:12
add a comment |Â
Relevant documentation: nmap.org/book/man-port-scanning-techniques.html
â bonsaiviking
Jul 5 at 21:12
Relevant documentation: nmap.org/book/man-port-scanning-techniques.html
â bonsaiviking
Jul 5 at 21:12
Relevant documentation: nmap.org/book/man-port-scanning-techniques.html
â bonsaiviking
Jul 5 at 21:12
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
The -sT option does a full 3 way handshake. The -sS option is a SYN only scan. It never makes the full connection. A syn scan waits for a SYN/ACK (SA) or a RESET packet. If it gets either it knows how to mark the connection. The -sT option performs a full connection waiting for the S/SA/A flags.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
The -sT option does a full 3 way handshake. The -sS option is a SYN only scan. It never makes the full connection. A syn scan waits for a SYN/ACK (SA) or a RESET packet. If it gets either it knows how to mark the connection. The -sT option performs a full connection waiting for the S/SA/A flags.
add a comment |Â
up vote
1
down vote
The -sT option does a full 3 way handshake. The -sS option is a SYN only scan. It never makes the full connection. A syn scan waits for a SYN/ACK (SA) or a RESET packet. If it gets either it knows how to mark the connection. The -sT option performs a full connection waiting for the S/SA/A flags.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
The -sT option does a full 3 way handshake. The -sS option is a SYN only scan. It never makes the full connection. A syn scan waits for a SYN/ACK (SA) or a RESET packet. If it gets either it knows how to mark the connection. The -sT option performs a full connection waiting for the S/SA/A flags.
The -sT option does a full 3 way handshake. The -sS option is a SYN only scan. It never makes the full connection. A syn scan waits for a SYN/ACK (SA) or a RESET packet. If it gets either it knows how to mark the connection. The -sT option performs a full connection waiting for the S/SA/A flags.
answered Jul 4 at 12:48
Joe M
5964
5964
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f453421%2fhow-does-a-half-open-scan-work-in-nmap%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Relevant documentation: nmap.org/book/man-port-scanning-techniques.html
â bonsaiviking
Jul 5 at 21:12