# TCP half-open

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/TCP_half-open
> Markdown URL: https://mediated.wiki/source/TCP_half-open.md
> Source: https://en.wikipedia.org/wiki/TCP_half-open
> Source revision: 1341938395
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{Short description|TCP connection state}}
{{More citations needed|date=March 2026}} 
The term '''half-open''' refers to [TCP](/source/Transmission_Control_Protocol) connections whose state is out of synchronization between the two communicating hosts, possibly due to a crash of one side. A connection which is in the process of being established is also known as '''embryonic connection'''.  The lack of synchronization could be due to  [malicious intent](/source/SYN_flood).

== RFC 793 ==
A TCP connection is referred to as ''half-open'' when the host at one end of that TCP connection has crashed, or has otherwise removed the socket without notifying the other end.<ref>{{Cite IETF
|author=Postel, J.
|title=Transmission Control Protocol
|type=RFC
|number=793
|series=RFC
|date=September 1981
|doi=10.17487/RFC0793
|publisher=Internet Engineering Task Force
}}</ref>
If the remaining end is idle, the connection may remain in the half-open state for unbounded periods of time.

== Stateful Firewall Timeout ==
Another circumstance that can lead to half-open connections is if a [stateful firewall](/source/stateful_firewall) times out a connection that is idle for too long. In this case, the firewall clears its internal state, and if either side of the connection sends a packet, the firewall will drop the packet. This will often result in a half-open connection as the two sides of the connection can end up with inconsistent connection states.

== Embryonic connection ==
The term ''half-open connection'' can also be used to describe an '''embryonic connection''', i.e. a [TCP](/source/Transmission_Control_Protocol) connection that is in the process of being established.

[TCP](/source/Transmission_Control_Protocol) has a [three state system](/source/Three-way_handshake) for opening a connection. First, the originating endpoint (A) sends a [SYN packet](/source/SYN_(TCP)) to the destination (B). A is now in an embryonic state (specifically, SYN_SENT), and awaiting a response. B now updates its kernel information to indicate the incoming connection from A, and sends out a request to open a channel back (the [SYN/ACK](/source/SYN%2FACK) packet).

At this point, B is also in an embryonic state (specifically, SYN_RCVD). Note that B was put into this state by another machine, outside of B's control.

Under normal circumstances (see [denial-of-service attack](/source/denial-of-service_attack) for deliberate failure cases), A will receive the SYN/ACK from B, update its tables (which now have enough information for A to both send and receive), and send a final ACK back to B.  

Once B receives this final ACK, it also has sufficient information for two-way communication, and the connection is fully open.  Both endpoints are now in an established state.

== See also ==
* [SYN flood](/source/SYN_flood)
* [SYN cookies](/source/SYN_cookies)
* [Stateful firewall](/source/Stateful_firewall)

== References ==
{{reflist}}

== External links == 
*Twingate. (n.d.). ''What is a TCP Half Open Scan?''. Retrieved May 2, 2025, from [https://www.twingate.com/blog/glossary/tcp-half-open-scan](https://www.twingate.com/blog/glossary/tcp-half-open-scan)
*Palo Alto Networks. (n.d.). ''TCP Half Closed and TCP Time Wait Timers''. Retrieved May 2, 2025, from [https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/session-settings-and-timeouts/tcp/tcp-half-closed-and-tcp-time-wait-timers](https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/session-settings-and-timeouts/tcp/tcp-half-closed-and-tcp-time-wait-timers)
*Sanchit Gurukul. (n.d.). ''Understanding TCP Half-Open Connections''. Retrieved May 2, 2025, from [https://sanchitgurukul.com/understanding-tcp-half-open-connections](https://sanchitgurukul.com/understanding-tcp-half-open-connections)

Half-Open

---
Adapted from the Wikipedia article [TCP half-open](https://en.wikipedia.org/wiki/TCP_half-open) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/TCP_half-open?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
