As what I know, an open TCP scan is just a normal TCP 3-way handshake followed by RST. It is detectable because the target will log this connection.
For the half-open TCP scan, it is defined as "stealth". The explanation is that only a SYN packet is sent, which is also a 3-way handshake.
But these two seems same. I do not find what are the true difference?
Best Answer
This is the initiation of the 3-way handshake. but the scanner has no intend to complete it. This means it receives the SYN+ACK from the target (now knowing it's there), but never sends the final ACK itself (maintaining stealth).