- by x32x01 ||
A port scan is a technique used to identify open doors 🔓 or weak points in a network. It helps network administrators detect vulnerabilities by sending packets to specific ports and analyzing their responses. Tools like Nmap, Netcat, and IP Scanner are commonly used to test network security.
However, the same method can be exploited by cyber attackers ⚠️ to find entry points. By scanning ports, attackers can determine whether they’re open, closed, or filtered, and even identify the services, programs, or firewalls protecting the system.
A malicious port scan can reveal sensitive information like:
Each port has a unique number (0-65,535) that works with an IP address to identify specific services. These port numbers fall into three main categories 👇
Ports primarily use two protocols:
Once the network is mapped, port scanning helps classify ports as:
However, the same method can be exploited by cyber attackers ⚠️ to find entry points. By scanning ports, attackers can determine whether they’re open, closed, or filtered, and even identify the services, programs, or firewalls protecting the system.
A malicious port scan can reveal sensitive information like:
- 🧩 Services running on specific ports
- 👤 Users who own those services
- 🔐 Authentication requirements
- 🚫 Whether anonymous logins are allowed
💡 What Are Ports?
A port is a virtual connection point where data is exchanged between applications and network devices.Each port has a unique number (0-65,535) that works with an IP address to identify specific services. These port numbers fall into three main categories 👇
⚙️ 1. Well-Known Ports (0-1,023)
Assigned by IANA, these are used by standard internet services like HTTP, FTP, and SSH.🧭 2. Registered Ports (1,024-49,151)
Used by software vendors and specific applications.💻 3. Dynamic/Private Ports (49,152-65,535)
Available for general or temporary connections.Ports primarily use two protocols:
- TCP (Transmission Control Protocol) - ensures reliable data delivery.
- UDP (User Datagram Protocol) - offers faster but less reliable communication.
🚀 Commonly Used Ports
| Port | Protocol | Description |
|---|---|---|
| 20 (UDP) | FTP | Transfers data between devices |
| 21 (UDP) | FTP Control | Manages FTP commands |
| 22 (TCP) | SSH | Secure shell for remote logins |
| 23 (TCP) | Telnet | Unencrypted text communication |
| 43 (TCP) | SMTP | Email systems |
| 53 (UDP) | DNS | Translates domain names into IPs |
| 80 (TCP) | HTTP | Web browsing traffic |
| 443 (TCP) | HTTPS | Secure web traffic |
⚔️ Major Port Scanning Techniques
Different port scanning techniques reveal different levels of information. Here are the most common ones 👇📡 Ping Scan
Sends multiple ICMP requests to check which systems are active. Often used for troubleshooting, but can be blocked via a firewall.🌐 Vanilla Scan (Full Connect)
Attempts to connect to all 65,536 ports using a full TCP handshake (SYN, SYN-ACK, ACK). Highly accurate but easily detected.⚡ SYN Scan (Half-Open)
Sends a SYN and waits for a SYN-ACK, without completing the connection. It’s stealthier, often used by hackers to find open ports undetected.🎄 XMAS & FIN Scans
- XMAS Scan: Sends packets with multiple flags “lit up,” resembling a Christmas tree 🎄.
- FIN Scan: Sends a FIN flag to see how a system reacts - revealing whether a port is open or filtered.
🌀 FTP Bounce Scan
Hides the attacker’s identity by routing traffic through an FTP server, making detection difficult.🧭 Sweep Scan
Pings the same port across multiple hosts to find active devices - used for network mapping before deeper scanning.🕵️♂️ Network Scanning Before Port Scanning
Before a port scan, attackers often perform network scanning to find active hosts and map IP addresses.- Inside a LAN, they use ARP Scans to map IPs to MACs.
- Outside a LAN, they rely on ICMP Scans for ping and echo requests.
Once the network is mapped, port scanning helps classify ports as:
- 🟢 Open: Accepting connections or datagrams.
- 🔴 Closed: No service listening, but the host is reachable.
- 🟡 Filtered: Blocked by a firewall or filter; no response received.
🔒 How to Defend Against Port Scanning
Protecting your network from port scanning is essential for cybersecurity. Here are the best defense techniques 👇🧱 1. Use a Network-Based IPS
An Intrusion Prevention System detects and blocks malicious port scans automatically.🔥 2. Strengthen Your Firewall
A strong firewall can filter unauthorized traffic, detect scans, and close open ports immediately.⚖️ 3. Implement TCP Wrappers
Control access to servers based on IP addresses or domain names, giving you more flexibility and control.🧩 4. Conduct Internal Scans
Regularly perform your own port scans to find and close unnecessary open ports before attackers exploit them.🧠 5. Use Monitoring & Mapping Tools
Use network monitoring, packet filtering, and IP mapping tools to detect suspicious activities early and maintain visibility across your systems.💭 Final Thoughts
Port scanning isn’t inherently evil - it’s a diagnostic tool 🧰 when used ethically, but a weapon 🦠 when used by attackers. Understanding how it works helps you strengthen your defenses, safeguard your systems, and stay one step ahead of potential threats 🚀. Last edited: