What is SYN scan? How does SYN scan work?

punam gupta
2 min readJul 11, 2023

--

SYN scan is a form of network scan in which the TCP three-way handshake is used to detect whether a port is open or closed, and SYN scanning is also a technique that a malicious hacker can use to determine the condition of a communications port without establishing a full connection. SYN scans are stealthy because they do not finish the TCP handshake, making them less likely to be blocked by firewalls.

The following are the steps involved in a SYN scan:

The attacker sent SYN packet to the target port. If the server responds with an ACK (acknowledgment) answer or SYN/ACK (synchronization/acknowledgment) packet from a specific port, it indicates that the port is open. The malicious client then sends an RST (reset) packet. As a result, the server assumes there was a communications failure and that the client did not establish a connection. In this case, the assumption is incorrect. The open port is still operational and subject to exploitation.

If the server responds with an RST message from a certain port, it means the port is closed and cannot be used.

When a hacker sends a significant number of SYN packets to a server, the server’s resources are consumed. As a result, few or no communications from reputable clients can take place.

Because they are quick and dependable, SYN scans are a common choice for port scanning. SYN scans can be blocked by firewalls that have been configured to block SYN packets.

The following are some of the advantages of using SYN scans:

  • SYN scans are relatively fast, making them an excellent choice for analyzing extensive networks.
  • SYN scans are generally trustworthy and can detect open ports with high accuracy.
  • SYN scans are undetectable and can overcome firewalls that are set to block SYN packets.

The following are some of the negative aspects of using SYN scans:

. Firewalls have the ability to block: Firewalls that are configured to block SYN packets can prevent SYN scans.

. SYN scans are unable to discover filtered ports.

. False positives: SYN scans can occasionally produce false positives, resulting in wasted time and resources.

Overall, SYN scans are an excellent solution for port scanning, where speed and reliability are critical. On the other hand, it should not be used if the target host is protected by a firewall that is set to prevent SYN packets.

--

--

punam gupta

Content writer, OSINT specialist, Cybersecurity Specialist .