Port Scanning - what is-

Posted on Friday, July 20, 2012 by Tenderfoot


What is Port Scanning?
Port scanning is where a port or a range of ports are scanned to find out I they are open or closed and what service or program is listening on that port.

I should also point out that port scanning can cause the devices to crash or may have other unintentional effects. a service may hang or become unresponsive or a printer may print out garbage. So always get permission, be aware of the effects if scanning production systems and know your tools.


Why Port Scan?

A good port scanner such as nmap will often be able to identify the port is open or closed or is filtered by a firewall, and if open, details of the program listening on that port. This information is very useful to both a systems administrator and an attacker. From a system administration point of view you may want to test firewall rules. Or if you were to discover a unauthorised program such as a trojan on your network that is listening on a port you may want to see if other hosts are also affected. Also when hardening hosts a port scan of that host is very useful to look for open ports.

From an attackers point of view, he may want to discover what programs or services are on a host to identify it’s role or to see if these programs are vulnerable to a known exploit.

What is a Port?

Often the analogy used to describe a port is that of a window in a house. Think of your computer as a house and each window or door as a port. Now, the port can either be open or closed, if it’s closed nothing can get in through that port, if it’s open, it will have a program listening that will accept connections through the port. There are 2 types of port, TCP and UDP and each type there are 65536 (0-65535) ports of each type.

Port scanning is akin to rattling the windows and doors to see if any of them are open.

Common Ports

Certain programs and services have standard ports they listen on, such as web servers listening on TCP port 80. This is so your browser knows where to go to by default when just browsing to a web page with HTTP. DNS knows to listen on UDP port 53 and Telnet knows to use TCP port 23. The range of ports between 0-1024 are reserved for use by the computer for standard programs such as FTP, Telnet, DNS, SNMP, SMTP etc…. and ports above this range, known as ephemeral ports, can then be set up with other services such as MSRDP on port 3389 or MSSQL on 1334. It is useful to note that almost any service can be set up to listen on almost an port and in almost all cases the port that a packet is destined for (destination port) is not the port it will go out on (source port).


The link below provides details of known port assignments:

http://www.iana.org/assignments/port-numbers

Knowledge of the standard port assignments is very useful when port scanning as it will help you to recognise the ports you are interested in and prevent scanning an entire range which may trigger an IDS or IPS. However, it should be noted that in some situations it may be necessary to scan the entire range because as i said, most services can be set to listen on non-standard ports.

Labels: , , , , ,

No Response to "Port Scanning - what is-"

Leave A Reply

Subscribe to: Post Comments (Atom)