SYN vs Connect scans

[Gregg Doherty <gregg () gmdoherty com>]

Can someone explain why SYN Scan isn't finding all the open ports?   But
TCP connect scan does.   Both would require the ACK from the target.


---------- SYNSCAN.GNMAP (-T3)

# Nmap 7.93 scan initiated Thu May 11 13:22:34 2023 as: nmap -sS -p - -v -v
-n -oA output.file-Pn xxx.xxx.xxx.xxx

Host: xxx.xxx.xxx.xxx ()  Status: Up

Host: xxx.xxx.xxx.xxx ()  Ports: 17/closed/tcp//qotd///,
20/closed/tcp//ftp-data///, 21/closed/tcp//ftp///, 22/closed/tcp//ssh///,
256/closed/tcp//fw1-secureremote///, 264/closed/tcp//bgmp///,
443/closed/tcp//https///, 586/closed/tcp//password-chg///,
990/closed/tcp//ftps///, 1080/closed/tcp//socks///,
1723/closed/tcp//pptp///, 18231/closed/tcp//unknown///,
18234/closed/tcp///// Ignored State: filtered (65522)



---------- TCPCONNECT.GNMAP

# Nmap 7.93 scan initiated Thu May 11 13:25:07 2023 as: nmap -sT -p - -v -v
-n -oA output.file -Pn xxx.xxx.xxx.xxx

Host: xxx.xxx.xxx.xxx ()  Ports: 53/open/tcp//domain///,
88/open/tcp//kerberos-sec///, 135/open/tcp//msrpc///,
139/open/tcp//netbios-ssn///, 389/open/tcp//ldap///,
445/open/tcp//microsoft-ds///, 464/open/tcp//kpasswd5///,
636/open/tcp//ldapssl///, 3268/open/tcp//globalcatLDAP///,
3269/open/tcp//globalcatLDAPssl///, 9389/open/tcp//adws///,
17472/open/tcp/////, 47001/open/tcp//winrm///, 48089/open/tcp/////,
49664/open/tcp/////, 49665/open/tcp/////, 50666/open/tcp/////,
58584/open/tcp/////, 58654/open/tcp/////, 58681/open/tcp/////,
58816/open/tcp/////, 58846/open/tcp/////, 65173/open/tcp/////,
65218/open/tcp/////, 65221/open/tcp/////, 65223/open/tcp/////,
65236/open/tcp/////, 65241/open/tcp/////, 65242/open/tcp/////
Ignored State: filtered (65506)

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/