The process of initiating a
series of connections to a remote host on pre-defined
port numbers, in order to determine which of the ports are "
open", thereby giving a suggestion of what
services might be running on that
host. Port scanning is often used by
crackers to glean information about a potential
victim. Port scanning can also be a useful tool for
network engineers attempting to
troubleshoot a bothersome
network.
There are many different types of port scans, ranging from the stealthy to the overt.
The primary types of port scan, according to Fydor's "The Art Of Port Scanning" (Phrack Magazine Volume 7, Issue 51 September 01, 1997, article 11) are as follows:
"
- vanilla TCP connect() scanning,
- TCP SYN (half open) scanning,
- TCP FIN (stealth) scanning,
- TCP ftp proxy (bounce attack) scanning
- SYN/FIN scanning using IP fragments
- UDP recvfrom() scanning,
- UDP raw ICMP port unreachable scanning,
- ICMP scanning (ping-sweep), and
- reverse-ident scanning.
"