What is portscan?

Today we would like to explain to you what exactly a portscan is. Because this question may arise if one worries about the security of the company network.

In the worldwide data network computers can be identified by their IP address. With these addresses, such as, ports represent another logical subdivision.

What is portscan
What is portscan | Image by Sumanley xulx from Pixabay

If you think of your IP address as a telephone number that you dial to reach a subscriber, then the port represents the extension number so that you are connected to a certain department in the company. A port is used to handle any service on the Internet via UDP/IP or TCP/IP. The services range from the transmission of data to fetching mails, to the transmission of web pages. The number of ports is much smaller compared to IP addresses. There are exactly 65,536 and these are divided into unprivileged and privileged ports. The ports from 1 to 1023 are privileged and all others are unprivileged.

This is a historical distinction, and it originated in the Unix world because ports up to 1024 require root privileges for administrative access. This means you have to be the administrator of the system. These special rights are not needed for the unprivileged ports. Internet surfers use ports every day and these are for example 110, 80, 53, 25, 21 and 20. The transmission of a web page, i.e. the HTTP connection, is therefore usually offered under port 80. So if you enter a web page, you are only expressing that you are connected to port 80 of the desired page.

Ports 21 and 20 TCP are used for the transfer of files, port 53 UDP and TCP are used for the assignment of names to IP addresses, port 110 TCP is used for fetching e-mails, port 25 TCP is used for sending e-mails and port 80 TCP is used for the transfer of web pages.


The port scan is a targeted attempt to scan open ports and thus offered services on a computer. The scan can be compared to a person walking from car to car in a parking lot and testing if a door is not locked. Unnecessary holes can be sealed at the ports or everyone is reminded that the doors are locked if possible and necessary. The scan is thus a technique to allow the condition to be examined by a computer over the network. The observer systematically sends special data packets to the different ports of a target system. The error messages and responses are analyzed.

A port scanner program can provide a lot of information about the status of a target system in a few minutes. The information in a port scan includes which ports are closed or opened, how long a PC has been switched on, what operating system the computer is running and what types of server programs are active.

For system administrators, the port scan is a very important tool. It enables networks to be controlled. In the true sense of the word, it is not an attack, because the systems under investigation are not affected. However, the scan provides some information that is of interest to a potential attacker in practice. It is not uncommon for the scans to precede the actual attacks.

The port scan is seen by many monitoring systems and system administrators as the beginning of an attack and then they react accordingly.


With the help of the scan, it is possible to determine which ports are active on a computer.

The port scanner is a program where data packets are sent to the target computer and the response is then analyzed. The scanner can usually detect which services are active and which operating system a target computer has. With the portscan the principle is very simple. It simply tries to establish a connection to the target computer. An ascending port number is used, starting with a starting value or port no. 1.

The packet that is sent to a target computer is called a SYN packet. SYN stands for Synchronization and this means the request for a connection. Now a target computer has three ways in which it can respond. If the port is open, the response is an ACK packet and ACK stands for Acknowledgement. This means that the connection is acknowledged. An RST packet is sent by the target computer if the port addressed is closed. RST stands for Reset and the connection cannot or will not be accepted by the computer.

A third possibility would be that the target computer does not respond. The desired port is then considered hidden and is neither classified as closed nor open. The behavior is in accordance with TCP/IP and therefore the port scans are not attacks and are not harmful. It is often said that hackers use scans to attack other computers. There is a possibility that a computer is blocked with the port scan and then the computer cannot establish any more connections. But first and foremost, the scan is always a way of checking computers and networks.


Find your IT contact person if you need help with the review of security issues. If you are specifically looking for a service provider who can check your network for security gaps, they will be happy to help you. We would also like to take over the subsequent ongoing support for you. Just give them call and your IT service will be happy to help you.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.