The process of scanning ports, like Linux Port Scan or Window Port Scan, on a PC or a server is often used by System Admins and cyber criminals/hackers.
Both of which are looking for open and available ports – the malicious ones searching for “fingerprint services”.
On Linux, a port scan can be conducted for TCP (Transmission Control Protocol ) ports as well as UDP (User Datagram Protocol) ports – both of which have their own specific methodology for scanning.
Choosing the right method is going to help you be a lot more efficient with the scanning process. This is regardless of what the main port scanning intentions are.
In this quick guide we touch on not only how to conduct Linux port scanning but also how to “pop the hood” on port scanning in general.
It’s important to understand that port scanning outside of your own personally owned and operated network is illegal in many countries.
It’s important that you either constrain yourself to networks that you own or administer. This is where you have the permission, do it before you start the scanning process.
Let’s dig right in!
TCP Linux Port Scanning:
At its very core, TCP is technically a “stateful” protocol – simply because it works to maintain the active state of individual connections across devices and servers.
A TCP connection is going to inevitably involve three different “handshakes” that happened between both the server and the client that is interacting with that server.
When servers ports are open and listening for a connection the individual client (on the Linux machine) is going to send what is called a SYN signal. In response, the server is going to send back what is called a SYN-ACK signal, and to complete the entire communication between server and client a final confirmation ACK signal is sent out to close the “handshake” between these two different network components.
TCP SYN scanning method:
In the process of scanning for a TCP open port, individual scanners are going to work to send out a mass of initial SYN packets.
This is done to essentially bombard the server with these kinds of initial handshakes hoping that the server will send back the second part of the connection – the SYN-ACK part of the handshake – which the client can then use to determine that a particular port or socket is open.
Any port that does not respond with this secondary part of the handshake but instead sends out an RST is going to be considered closed. That allows the Linux port scanning solution to automate the process and handle all of the heavy lifting of finding these kinds of open ports without the individual user having to do the work on their own manually.
UDP Scanning
The process for running a Linux port scanning protocol on UDP is a little bit different, it simply because the UDP protocol is classified as “stateless”.
This means that UDP isn’t actively maintaining a specific state of any one particular kind of connection, but it also means that UDP isn’t going to involve the same kind of three-way handshake that we described with the TCP protocol above.
Instead, anyone looking to go through Linux port scanning for UDP open ports will have two use UDP specific methodologies that send out UDP packets to each individual port.
UDP ICMP scanning method:
Closed off UDP ports are going to generate ICMP packets and then send them back to the originating source – the Linux port scanner in this case.
Any port that does not send back this specific type of packet can be considered to be opened.
The trouble with this methodology, however, is that it can be pretty unreliable.
ICMP packets are regularly dropped by firewalls which means that they can generate all kinds of issues for port scanners, reporting false positives and screwing up the overall Linux port scanning entirely.
List of Linux port scan tools:
For those that want to move forward with port scanning on a Linux environment there are a couple of different options, some of which are a lot more attractive than others.
Nmap – Then Network Mapper:
Nmap is probably the most popular and versatile of all the port scanning options out there today.
Effortlessly handling everything from:
- Fingerprinting individual operating systems.
- Locating new vulnerabilities with in-depth scans.
- Tackling all of your port scanning needs regardless of whether or not you are moving forward with a TCP or UDP scan in the first place.
- More options.
Another nice feature of this particular tool is that it includes both CLI (command line interface) as well as GUI interfaces.
This gives Linux users – and Linux power users – the freedom to really dive deep into everything that this platform has to offer.
ZenMap Scanner:
ZenMap is another quality tool from the creators of the Nmap. It is the GUI, multi platform port scanning solution. Good for Linux port scanning as well as Windows and Mac.
It adds a much more user-friendly GUI interface for those just getting started with everything Linux has to offer.
This alone makes this tool a lot easier to use, but it also adds the extended ability that a lot of Linux platforms provide built right in.
This shouldn’t find it challenging to navigate the world of port scanning with this platform. Especially since it offers the horsepower that more powerful tools provide with a prettier and easier to leverage interface as well.
NetCat Scanner:
Netcat the listener tool can also be use as a Linux port scan tool should really only be used by those that are comfortable diving headfirst into the world of port scanning as a power user.
Not sot user-friendly because of its lack of a coherent GUI interface. It has been described as a “raw” port scanner that takes full advantage of port writing tools to handle the heavy lifting.
This leaves it a little weak in the feature department, but certainly makes it more streamlined and ineffective solution for those that are willing to dive headfirst into the heavy lifting of port scanning at their own.
The fact that it uses a “connect scan” solution to handle the port scanning makes a little bit slower to leverage as well, which is definitely something you’re going to want to consider before you start moving forward with this particular setup.
In conclusion:
Port scanning is a process to find open ports. Open port contain a service that listen to that port. Linux Port Scan or Window Port Scan can be use to find those ports. Once you find them you need to understand if you need them open.