TCP SYN Scan
TCP SYN scan is a most popular and default scan in Nmap because it perform quickly compare to other scan types and it is also less likely to block from firewalls.Another reason is that when it comes to states open,closed and filtered ,TCP SYN scan gives a clear definition.Main concept behind this scan is TCP three way handshake. TCP SYN scan required raw-packet privileges that needs root access.
Open state :
What happened there is that Nmap tries to establish a connection between scanme.nmap.org by sending TCP SYN packet.In this situation server sends a SYN/ACK packets to establish the connection.This is the result that Nmap uses to determine whether the port is open. Nmap reset the connection at the end.
Close state:
TCP SYN packet is sends to the server as the last time and what happned here is server directly reject the connection with RST packet due to the closed port.
filtered port:
In the filtered state, Server doesn't sends a reply back,not even a RST packet to terminate the connection. Most accurate reason can be a firewall on the server side blocks reply packets.So Nmap decides this type of ports as filtered.
Another things is that default SYN scan is not enough for slip through a network with firewalls and intrusion prevention systems.It needs more improved techniques.
TCP Connect Scan
In the Nmap TCP connection scan, Nmap asks its underlying Operating network to establish a connection with the target server by issuing the “connect” system call.But the problem with this scan is that it takes time to complete and it require to generate more packets to obtain information.In the other hand, targets are more likely to allow the connection because it tries to establish a connection with target same as network enabled applications like web browsers.
Open state :
First two steps are exactly the same as TCP SYN scan and instead of sending a reset(RST) packet ,TCP Connect Scan sends a ACK packet and establish the connection.After the establish the connection, it resets the connection.
Other steps of SYN Connect scan is same as SYN scan which is mentioned in the above section.
So the difference between these two scan types is TCP Connect scan establish a full connection with the target but SYN scan completes only a half of the connection with target.
