Common Port Scanning Techniques: An Introduction

by Tashina

A port is a communication endpoint for the flow of information from one point to another in a network. It’s the central point for data exchange through programming, electronic and software-related mechanisms. A port scanning tool examines network ports to detect closed, open, or filtered status. They are quite valuable for network security assessment and diagnosing connectivity issues. Hackers make use of port scanners for identifying the access points vulnerable to any infiltration and for identifying the running devices like proxy servers, firewalls, or VPN.
Port scanning is a method of determining open ports on a network that could be receiving or sending data. It is a process for sending packets to specific hosts for network security assessment of their system. Port scanning is quite common for network security assessments and hackers use this method likewise for infiltration.

 Common Port Scanning Techniques

Port scanners send a UDP or TCP packet and inquire the port of its current status. The scanner receives one of the three responses i.e. open, closed, or dropped. Some common port scanning techniques are:

  • Ping Scan: Ping scanning is not port scanning because you can only find if there is a computer device on the other side or not. In Ping scans, you look for any Internet Control Message Protocol (ICMP) replies which confirm that the target is alive. Administrators use this method for network security assessment.
  • TCP Half-Open: TCP half open port scanning is a sneaky and quick scan that tries to detect open ports in the system. It is also known as a synchronize (SYN) scan. SYN packets request response from the system, and record an acknowledge (ACK) packet as a response.
  • TCP Connect: TCP Connect technique is basically similar to TCP Half-Open scan. However, it is not as popular. In TCP connect, instead of leaving the target to hang, it completes TCP 3-way handshake. TCP 3-way handshake is a full duplex connection, in which both sides synchronize (SYN) and acknowledge (ACK) each other.
  • UDP: User Datagram Protocol (UDP) scan is slower than a TCP scan, but attackers can exploit many UDP services, such as DNS exfiltration. Network security administrators need to safeguard their UDP ports with the same severity as a TCP port.
  • Stealth Scanning: Stealth scanning is also known as XMAS scan. It is quiet and unobvious. Hackers mostly use this method because it doesn’t show up in logs.

The above-mentioned techniques have some pros and cons. For network security assessments, we use some of them, but there are few other techniques that hackers use for their infiltration purposes. To avoid such attacks, we can use intrusion detection software or port scan detection tools. These tools can save our system from attackers.

You may also like