Port Scanning

Port scanning is the process of identify the running services on a remote host. Administrator (or an attacker) that wishes to port scan their hosts will use software application that was designed to probe for open ports

Port Scanning Types

TCP scanning - connect()

The simplest port scanning use the system call connect(). The scanning host will init a full TCP connection with the remote machine and will bring the socket to a full established state (three-way-handshake). The advantage of this method is that the user does not require special privileges.

SYN scanning - half open

SYN scanning is another type of TCP scanning. The port scanner application will not use the system call connect but will generate raw IP packets and will monitor the response from the target. Using raw IP packets requires special privileges but the port scanner have more control over the packets and can produce detailed report. The port scanner will start by sending a SYN packet as of the machine machine is going to open a real connection and then wait for a response. a SYN/ACK indicates the port is listening(open), while a REST (reset) is indicative of a non-listener.

ACK scanning

ACK scanning is one of the more unique scan types, as it does not exactly determine whether the port is open or closed, but whether the port is filtered or unfiltered. This is especially good when attempting to probe for the existence of a firewall and its rule sets. Simple packet filtering will allow established connections (packets with the ACK bit set) whereas a more sophisticated stateful firewall might not.

Simulation

Press the buttons and watch the packets traversing from the port scanner host to the target.