What is TCP Connect scanning and when is it used

0 votes
TCP Connect scanning completes the full TCP handshake. In what scenarios is this basic yet reliable scanning method preferred?
Apr 14 in Cyber Security & Ethical Hacking by Anupam
• 18,960 points
405 views

1 answer to this question.

0 votes

TCP Connect scanning is a fundamental port scanning technique that completes the full TCP three-way handshake to determine if a port is open on a target system.​

How TCP Connect Scanning Works?

In TCP Connect scanning, the scanning tool (such as Nmap) initiates a full connection to each target port by performing the standard TCP three-way handshake:​

  1. SYN: The scanner sends a SYN (synchronize) packet to the target port.

  2. SYN-ACK: If the port is open, the target responds with a SYN-ACK (synchronize-acknowledge) packet.

  3. ACK: The scanner completes the handshake by sending an ACK (acknowledge) packet.

After establishing the connection, the scanner immediately closes it, typically by sending a RST (reset) packet. This process allows the scanner to determine the status of each port:​

  • Open: Full handshake completed.

  • Closed: Received a RST in response to the initial SYN.

  • Filtered: No response received, possibly due to a firewall.​

When Is TCP Connect Scanning Used?

TCP Connect scanning is particularly useful in the following scenarios:​

  • Lack of Raw Packet Privileges: On systems where the user does not have the necessary permissions to send raw packets (required for more stealthy scans like SYN scans), TCP Connect is the default method.

  • Scanning IPv6 Networks: Some scanning techniques are not compatible with IPv6. TCP Connect scanning, which relies on the operating system's networking stack, works seamlessly with IPv6. ​

  • Firewall and IDS Testing: Since TCP Connect scanning establishes full connections, it is more likely to be logged by firewalls and intrusion detection systems (IDS). This makes it useful for testing how these security systems respond to connection attempts.​

  • Simplicity and Reliability: TCP Connect scanning is straightforward to implement and does not require special privileges, making it a reliable choice for quick assessments.​

Limitations

While TCP Connect scanning is reliable, it has some drawbacks:​

  • Easily Detectable: Because it completes full connections, it is more likely to be detected and logged by target systems.​

  • Slower Performance: Establishing and closing full connections for each port can be time-consuming, especially when scanning a large number of ports or hosts.​

Example Use Case

A system administrator wants to verify which services are running on a server but does not have administrative privileges on their scanning machine. They can use TCP Connect scanning with Nmap as follows:​

nmap -sT 192.168.1.100

This command will perform a TCP Connect scan on the target IP address, identifying open ports by completing the TCP handshake for each.​

answered Apr 15 by CaLLmeDaDDY
• 31,260 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
1 answer

What is ICMP address mask scanning, and how is it used?

ICMP Address Mask Scanning is a network ...READ MORE

answered May 2 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,242 views
0 votes
1 answer

What is active vs passive enumeration, and when is each used?

Active vs. Passive Enumeration: Understanding the Differences ...READ MORE

answered Apr 14 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
389 views
0 votes
1 answer

What is PTR record scanning, and how does it work?

​PTR (Pointer) record scanning is a technique ...READ MORE

answered Apr 25 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,485 views
0 votes
1 answer
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
3,329 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,182 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,038 views
+1 vote
1 answer

How can I use Python for web scraping to gather information during reconnaissance?

Python is considered to be an excellent ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,088 views
0 votes
1 answer

What is NULL scanning, and how is it used?

​A NULL scan is a network reconnaissance ...READ MORE

answered Apr 14 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
653 views
0 votes
1 answer

What is TCP window size scanning, and how does it detect OS?

TCP Window Size Scanning is a technique ...READ MORE

answered May 2 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,572 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP