TCP SYN Scan
A TCP SYN scan runs by default when running Nmap as root or Administrator. It is the most popular scan option according to Nmap.org. Quick and efficient, this scan can indicate open, filtered, and closed port states. Also known as the half-open scan, it never completes the full TCP connection, so is less likely to be blocked by firewalls.
Syntax
To perform a TCP SYN scan the -sS option is passed to Nmap. Root privileges are required and the target can be any system with an established network connection. The following command performs a scan on <target> after entering the user password when prompted:
sudo nmap -sS <target>
Note: If logged as root or Administrator, both
sudoand-sScan be omitted.sudostands for “superuser do” and grants root or Administrator access.
Example
The example below executes a TCP SYN scan on the target scanme.nmap.org:
sudo nmap -sS scanme.nmap.org
Note: Explicit permission from the domain target owner must be granted to scan. Scanme.Nmap.Org is a service provided by the Nmap Security Scanner Project for test purposes.
The command above will output:
Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-17 09:43 ESTNmap scan report for scanme.nmap.org (45.33.32.156)Host is up (0.18s latency).Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2fNot shown: 993 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh25/tcp filtered smtp80/tcp open http139/tcp filtered netbios-ssn445/tcp filtered microsoft-ds9929/tcp open nping-echo31337/tcp open EliteNmap done: 1 IP address (1 host up) scanned in 14.76 seconds
Looking to contribute?
- Learn more about how to get involved.
- Edit this page on GitHub to fix an error or make an improvement.
- Submit feedback to let us know how we can improve Docs.
