What is a SYN scan?

A SYN scan tests a host’s response to the first step of TCP connection establishment without completing the handshake. In TCP, starting a connection involves sending a SYN, receiving a SYN-ACK if the port is listening, and then sending an ACK to finish the three-way handshake. A SYN scan sends only the initial SYN to a target port. If the port is open, the host typically replies with a SYN-ACK, and the scanner immediately tears down the half-open connection with an RST to avoid completing the handshake. If the port is closed, a RST or no response may be observed. If a firewall or filter blocks the probe, there may be no reply at all. This behavior—probing with SYNs to detect open ports without completing the handshake—matches the described option. The other descriptions refer to different scan types: completing the handshake would be a connect scan; using FIN packets describes a FIN scan; relying on UDP packets describes a UDP scan. In Wireshark, you’d primarily see SYN packets and, depending on the port’s state, either a SYN-ACK (followed by an RST) or a RST/no response.