What type of scanning is called TCP SYN scanning?

TCP SYN scanning is a technique used for port scanning that operates at the transmission control protocol (TCP) level. This method sends a single packet with the SYN (synchronize) flag set to the target port to determine its status. The response received helps the scanner infer whether the port is open, closed, or filtered, without establishing a full TCP connection.

When the scanner sends a SYN packet to a port, there are three possible responses: if the port is open, the target typically responds with a SYN-ACK (synchronize-acknowledge) packet; if closed, it responds with an RST (reset) packet; and if no response is received or an ICMP unreachable message is sent, it may indicate that the port is filtered (possibly by a firewall). This stealthy approach is advantageous because it does not complete the TCP handshake, making it harder for intrusion detection systems to log the scan activity.

This distinct operation differentiates TCP SYN scanning from other methods, such as full connection scans that establish a complete TCP connection, which would require the handshake to be completed and potentially alert security mechanisms. Other scanning techniques may not utilize the specific response behaviors induced by the SYN flag or may focus on different aspects of network testing, such as logging