A port scanner is a tool that checks the sate of port or ports on a target host. It can be used to check what ports are currently open on the target host.
What is a port scanner anyway?
Port scanner can also be used to check a range of host, several IP addresses or a range of IP address, in general, a network administrator will use this method to check if there are open ports on the network. Ports that do not need to be open.
Using a port scanner finding open port on the network can revile what is the service (process) that respond to opening the port. Te admin will understand if it needs to be closed it or he might want to change some security-related configuration with the service responsible for opening the port.
Port Scanner and Hacking:
In the old day of hacking, hackers used to scan for open port using a port scanner tool on a range of subnet, aka range of IP addresses.
In those days there was no security awareness like we have today. Users did not install a firewall on their computers, and if they do they did not configure it properly (in some cases).
Due to that, they were unaware that using a port scanner tool hackers can find open ports that, with the help of some other tools or knowledge, can be used to gain access to the computer and control it.
TCP Manipulation with port scanning:
As security evolves and the basic port scanner was not so useful. The developer of the port scanner tool started to evolves also. Creating more advanced scanning techniques like manipulation of the TCP/UDP protocols. Tools become more powerful and were able to gain more information about open ports.
An example will be – SYC port scanner.
In TCP when a connection is established. There is a mechanism that calls the 3 way handshake. RE: the one that initializes the connection sends an SYN to the target. The target returns an SYN-ACK. Now, instead of establishing the connection the initiated will close it. It is possible to know that this port is open because it replay with the SYN-ACK.
That way it is possible to know if the tested port is accepting connections = open, closed, or even filtered by a firewall.
As there is some other TCP protocol behavior. Port scanner tools can use some other scan type to check if the remote port is open, closed, or filtered using other manipulation of the TCP protocol.
By manipulation of the TCP protocol, it is possible to get the information, as for some scan name you can find:
There is more scanning method but they are out of the scope of this article.
Port scanning and security:
Nowadays, as security is almost every day on the news and end-user are more security-aware. Most of the operating system has a built-in firewall mechanism and antivirus software. The end-users are more aware regarding their private information and privacy. The old days of scanning are not as worthy as it was.
Even thou, today, port scanning is still a good method that can be used in a process of finding what is the service that responsible for opening the port.=.
If we look at today’s hacking method, vulnerabilities are the main issue used by the hacker to hack into systems.
Even in this method, the entrance to the system is using an open port. A port that is related to the service. Keep in mind that the port is just the gateway or a window and the application is the problem.
What are the vulnerabilities in software:
Well in short term vulnerability is a bug a weakness in the software, and the software can be online or offline.
When a vulnerability is found an attacker can use it to gain access into a remote system without the need for credentials.
For more information about vulnerability please refer to the Vulnerability section on the Wikipedia website.
NMAP – The network Mapper:
A well knows free port scanner is NMAP a Network Mapper. It was originally created for the Linux operating system but there is a porting version for the windows operating system.
The tool uses the command-line interface for running the command, or scans. The Nmap team builds a user interface for the tool. I think that the user interfaces version of the tool still not support all of the commands that the command line version has.
NMAP can be used to scan ports, hosts, and an entire network. It is free and it supports a lot of scan types. The tool has other great features and a build-in NSE scripts engine for customization and other extra options.
More information about NMAP can be found on their web site: NMAP
In this article, we talk about a port scanner related to hacking, security, vulnerabilities. We dive into TCP Manipulation and we mentioned SYC, ACK, FIN, and X-mas scanning method. We also introduce you to NMAP, the network Mapper tool.