Port scanning definition
Port scanning is a technique used to discover open ports (communication endpoints for sending and receiving data) on a computer network. Open ports represent potential targets, so port scanning is used by both cybersecurity professionals and hackers to probe networks for vulnerabilities.
See also: port knocking, Nmap, network port, cyberattack
How port scanning works
Port scanning works by sending a series of messages (called probes) to try to establish connections with ports on the target network. The response from the network tells the port scanner whether a port is open, closed, or filtered.
Common types of port scanning
- TCP (Connect) scan: The simplest and most reliable type of port scanning, TCP scanning is also the easiest to detect. In TCP scanning, the probes try to establish a connection to each port on the target network — if an open port is discovered, the port scanner completes the TCP handshake and closes the connection to prevent DDoS attacks.
- SYN scan: SYN scanning is a type of TCP scanning that uses a more stealthy approach. In SYN scanning, the port scanner sends SYN packets to each port on the target network and analyzes the response. A returning SYN/ACK packet means the port is open, while a RST packet means the port is closed.
- UDP scan: In UDP scanning, the port scanner sends UDP packets to each port on the target network. If a port is closed, the network will respond with an ICMP message stating that the port is unreachable. If the port scanner receives no response from the network, the port is considered to be potentially open (although it may be filtered or firewalled).