Port scanning is a method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities. This scanning process can’t take place without identifying a list of active hosts and mapping those hosts to their IP addresses. After a thorough network scan is complete and a host list is compiled, a proper port scan can take place. The organization of IP addresses, hosts, and ports allows the scanner to properly identify open or vulnerable server locations with the goal of diagnosing security levels.
These scans reveal the presence of security in place such as a firewall between the server and the user’s device.
Both cyberattackers and administrators are able to use these scans to verify or check the security policies of a network and identify vulnerabilities; and in the attackers’ case, to exploit weak entry points.
The general protocols used for port scanning are TCP (transmission control protocol) and UDP (user datagram protocol). They are both data transmission methods for the internet but have different mechanisms. TCP is a reliable, two-way connection-based transmission of data that relies on the destination’s status in order to complete a successful send. UDP is connectionless and unreliable. The data is sent without concern for the destination; therefore, it is not guaranteed that the data will even make it. There are several different methods of performing port scans using these two protocols, which will be explained in the techniques section below.