Port Scanning
A port scan is a way to figure out which ports on a network are open and which are listening and possibly show whether there are any security devices such as firewalls between the sender and receiver. This process is called fingerprinting.
Ports are numbered from 0 to 65,535, but the lower range of 0 to 1,023 consists of the “well‐known” ones. A port scan will carefully craft a packet to each destination port. There are some basic techniques to choose from, depending on the network topology and scanning goals.
- Vanilla scan: This is the most basic scan, fully connecting to 65,536 ports. It's accurate but easily detectable.
- SYN scan: This scan sends a SYN but does not wait for a response. It's faster, but you still learn if the port is open.
- Strobe scan: This selectively attempts to connect to only a few ports, typically fewer than 20.
There are some other techniques that penetration testers use, such as Stealth, FTP Bounce, and XMAS, which...
