TCP Connect Scan
A TCP connect scan establishes a complete connection to the target host by completing a TCP three-way handshake. After the scan is complete, Nmap terminates the connection.
Note: This is not to be confused with another common scan technique, the TCP SYN stealth scan (
-sS), which completes up to half of its connection with the target host. Therefore, the TCP connect scan takes longer and requires more packets to perform.
The following image shows how this scan connects with the TCP three-way handshake and then terminates afterward:
nmap -sT <target>
A TCP connect scan connects to a
The following example performs a TCP connect scan on the site scanme.nmap.org:
nmap -sT scanme.nmap.org
Note: This is a site explicitly set up for testing Nmap. Scans should only be performed on domains with explicit permissions given to the user.
This results in the following output:
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-24 17:08 ESTNmap scan report for scanme.nmap.org (220.127.116.11)Host is up (0.095s latency).Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2fNot shown: 992 closed portsPORT STATE SERVICE22/tcp open ssh25/tcp filtered smtp80/tcp open http135/tcp filtered msrpc139/tcp filtered netbios-ssn445/tcp filtered microsoft-ds9929/tcp open nping-echo31337/tcp open EliteNmap done: 1 IP address (1 host up) scanned in 4.03 seconds