Which scan is AKA 'half-open' or 'SYN Stealth'?

Half-open or SYN Stealth refers to a TCP SYN scan. In this approach you send a SYN to a target port and do not complete the TCP three-way handshake. If the port is open, the target responds with SYN-ACK, but you don’t send the final ACK; you may reset the connection or simply leave it, which helps avoid establishing a full session and can reduce logging. This is what gives the scan its “half-open” name—the connection is not fully established. A Connect scan, by contrast, completes the TCP handshake, establishing a full connection before closing. That makes it non-stealthy and easily detectable in logs, so it doesn’t fit the “half-open” description. The other options (Xmas Tree and Null) use different flag patterns to probe ports and can be stealthy in other ways, but they are not described as half-open or SYN Stealth. The key idea of half-open is specifically the SYN scan.