TCP Connect Scan (-sT)
TCP connect scanning is the default type of TCP scanning when SYN scanning is not possible. This is the case when the user does not have sufficient privileges to perform SYN scans. Instead of writing raw packets like most other scanning types do, Nmap requests the operating system to establish a connection to the target machine and port by sending a connect system call. This is the same high-level system call that web browsers and most other networked applications use to establish a connection. When SYN scanning is available, it is usually the better choice. Nmap has less control over the high-level connect call compared to raw packets, which makes it less efficient. The system call establishes connections to open target ports instead of performing a half-open conversation like SYN scanning. This takes more time and requires more packets to obtain the same information.
The image shows the operation of a connect scan on an open port 22. This only required three packets in the previous example. The exact behavior against an open port depends on the platform on which Nmap is running and the type of service responding at the other end, but this example of five packets is typical. As soon as Nmap receives information from the host operating system that the connection was successfully established, it terminates the connection.
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.