PSH – push data bit is used to signify that the
                   data in this packet should be put at the
                   beginning of the queue of data to be processed
                   URG – urgent data bit is used to signify that
                   there is urgent control characters in this
                   packet that need to be processed immediately

                   TCP three-way Handshake – TCP connection
                   begin with a system sending a SYN packet to
                   the server. The server responds with a
                   SYN/ACK. Then your system responds with an
                   ACK, and the connection is established.

                   TCP Connect Port Scan – with a TCP connect
                   port scan, the attacker sends SYN packets to
                   sequential port numbers on a target, to see
                   which port numbers reply. A connection is
                   tried on port 1, then port 2, then port 3, etc. An
                   open port will reply with a SYN/ACK, a closed
                   port will reply with a RST/ACK, or no reply, if
                   filtered.

                   Half-open Scan (SynScan) – a half-open TCP
                   SYN port scan is the same as the vanilla TCP
                   open scan, however, the attacker does not
                   complete the three-way handshake. An open
                   port will still reply with a SYN/ACK, a closed
                   port will reply with a RST/ACK. Advantage
                   over TCP connect scan: may not be detected
                   by simple IDS and no law has been broken at
                   this time.



                                                               413