Methods for counting synchronization (SYN) packets to identify a SYN attack, applicable to network device, are provided. The network device includes a field programmable gate array (FPGA) for counting the total number of received SYN packets and a high-speed hardware memory connected to the FPGA. One of the methods includes: periodically traversing the count entries stored in the high-speed hardware memory, and aging any count entry for which a time difference between a current time and a creation time reaches a preset aging time interval; obtaining a first number of SYN packets and a second number of SYN packets; and updating the total number of the received SYN packets with a sum of the first number of SYN packets and the second number of SYN packets.