What is port scanner anyway?
A port scanner is a tool that check the sate of port on a host, it can be use to check what port are currently open on the target host.
Port scanner can also be used to check a range of host, several ip address or a range of ip address, in general network administrator will use this method to check if there are open ports on the network that does not need to be open.
Using port scanner finding open port on the network can revile what is the service (process) that responsible to the open port and will understand if it need to be closed or he might want to change some security related configuration with the service..
Port Scanner and Hacking:
In the old day of hacking, hackers used to scan for open port using a port scanner tool on range of subnet, aka range of ip addresses.
In those days there was no security awareness as today, users did not install a firewall on their computers, and if they do they did not configure it properly (in some cases).
Due to that they where unaware that using a port scanner tool hackers can find open ports that, with the help of some tools, can be use to gain access to the computer and control it.
TCP Manipulation with port scanning
As security evolve and the basic port scanner was not so useful, port scanner tool started to be more advanced by manipulation the TCP/UDP protocols and by that was able to gain more information about ports that open.
An example will be a SYC port scanner.
In TCP when a connection is establish there is a mechanism that call 3 way handshake, as the one that initiate the connection send a SYN to the target the target return SYN-ACK and instead of establish the connection the initiated will close it.
That way it is possible to know if the tested port is accepting connections – open, closed or filtered by firewall.
As there are some other TCP protocol behavior port scanner tools can use some other scan type to check if port is open, closed or filtered using other manipulation of the TCP protocol.
By manipulation of the TCP protocol it is possible to get the information, as for some scan name you can find: ACK, FIN and X-mas, there are more but it is out of the scope of this article.
Port scanning and security
Now days, as security is almost every day on the news and most of the operation system has a build in firewall mechanism, an antivirus and more user awareness regarding their private information, the old days of scanning is not as worthy as it was.
Even thou today port scanning is still a good method in a process to find what is the service that responsible for the port that open.
If we look on todays hacking method, the vulnerabilities are the main issue that used by hacker to hack into systems.
Even in this method the enters to the system is using an open port that responsible to the service, but the port is just the gateway and the application is the problem.
What are vulnerabilities in software
Well in short term a vulnerability is a bug a weakness in the software, and software can be online and offline.
When a vulnerability is found an attacker can use it to gain access into a remote system without the needs of credential.
For more information about vulnerability please refer to the Vulnerability section on Wikipedia.
NMAP – The network Mapper
A well know free port scanner is NMAP a Network Mapper, it was original created for the Linux operation system but there is a porting to version for the windows operation system.
It was original use the command line interface for running the tool, but they build a user interface for the tool.
NMAP can be use to scan ports, hosts and an entire network and it support a lot of scan types and other great features and a build in NSE scripts engine for customization and other extra options.
More information about NMAP can be found on their web site: NMAP