In CEH v13 Module 03: Scanning Networks, stealth scanning refers to a method of scanning that avoids detection by not completing the TCP handshake.
-sS = TCP SYN scan (Stealth scan)
Sends SYN packet.
If SYN-ACK is returned, the port is open; then a RST is sent back instead of completing handshake.
Harder to detect via IDS/IPS.
Option Analysis:
A. -sM: TCP Maimon scan (rarely used).
B. -sU: UDP scan.
C. -sS: Stealth SYN scan.
D. -sT: TCP Connect scan (not stealthy).
[Reference:, Module 03 – Nmap Scan Types, CEH Labs: Using -sS for Low-Profile Port Scanning, , ]
Submit