Port Scanner
Description[edit | edit source]
Port Scanners at the most basic level are applications which connect to systems on a network, checking for listening services on specified network ports. This is typically done simply to identify services on a network which are accessible to other systems. Beyond this, most port scanners add other features to enhance security policy checks when used.
There are many kinds of port scanning, although most often you will hear about TCP scanning and SYN scanning. Beyond these most common forms of scanning, there are many other means of checking network ports - UDP, ACK, FIN, X-Mas, ICMP, and many more. See below for descriptions of these and other types of network or port scanning.
Common Tools[edit | edit source]
- Advanced Port Scanner
- Angry IP Scanner
- MASSSCAN
- NetCat
- NetScanTools Pro
- Network Scanner
- Port Authority
- PortQry and PortQryUI
- SMap
- TCP Port Scanner
More Details[edit | edit source]
Here we will expound upon some of the different types of port scans, including brief descriptions of the scans and why one would use different types of scans.
- TCP Scan
- Perhaps the most common form of scanning, a TCP scan is also known as a connect scan because it makes a complete network connection to a TCP network port. It is the "noisiest" scan in that it makes a full three-way handshake to check for a listening service on an TCP network port. On the upside, due to the way TCP connections work, this type of scan is typically very fast. For port scans run by users without administrator privileges, this and UDP scanning (see below) are the only types of scans that can be performed.
- UDP Scan
- A slower means of scanning, the UDP scan is performed by connecting instead to UDP ports and awaiting a response. Because UDP is connectionless, this type of scan may have to wait the default UDP timeout (most often 30 seconds if not modified by changes in the port scanning tool) for each network port to determine if a service is listening/responding before moving on.
- SYN scan
- Another type of TCP scan, a SYN scan works by only sending the SYN packet of the three-way handshake, which results in a SYN-ACK response from a listening service or a RST response if there is no listening service on the port.
- ACK Scan
- To be written
- FIN Scan
- To be written
- X-Mas Scan
- To be written - this should be an interesting scan-type to detail