Concepts Behind Network Scanning using NMAP

TCP 3-Way Handshake

The TCP three-way handshake in Transmission Control Protocol is the method used by TCP set up a TCP/IP connection over an Internet Protocol based network. TCP’s three way handshaking technique is often referred to as “SYN-SYN-ACK” (or more accurately SYN, SYN-ACK, ACK)[1]

TCP Communication Flags

In TCP most popular flags are the “SYN”, “ACK” and “FIN” which are used to establish connections, acknowledge successful segment transfers and finally terminate connections. In addition to these 3 flags there are other 3 additional flags which are used for the below purposes

• RST — Aborts a connection in response to an error
• URG,PSH — Data contained in the packets should be processed immediately

TCP Connect/ Full Open Scan

TCP connect scan is the default TCP scan.The connect() system call of the host system is used to open a connection to every interesting port on the target machine. If the port is listening, connect() will succeed