While Nmap still has to contend with many of the same challenges associated with UDP scanning, it is still a highly effective solution because it is optimized to use a combination of the most effective and quickest techniques possible to identify live services.

The underlying principle behind how SYN scanning is performed with Nmap is the same as has already been discussed. However, with multithreaded capabilities, Nmap is a fast and highly effective way to perform these types of scans.

Tools that perform TCP connect scans operate by performing a full three-way handshake to establish a connection with all scanned ports on the remote target system. A port's status is determined based on whether a connection was established or not. If a connection was established, the port is determined to be open. If a connection could not be established, the port is determined to be closed.

The underlying principle behind zombie scanning is the same as was discussed when performing this task with Scapy in the previous recipe. However, using the Nmap zombie-scanning mode allows us to use an integrated and well-known tool to perform this same task quickly.