> PORT SCANNER_

What Is Port Scanning?

Port scanning is the process of probing a network host to discover which TCP or UDP ports are open and accepting connections. Every internet-facing server has 65,535 possible TCP ports and 65,535 UDP ports. Each open port represents a running service — a web server on port 80, a database on port 3306, an SSH daemon on port 22.

Port scanning is a fundamental tool in both network administration (knowing what's exposed) and security testing (finding attack surface). System administrators run regular port scans to verify that only intended services are accessible and that no unauthorized services have been started. Security professionals use port scans as the first step in understanding a target's attack surface during authorized penetration tests.

TCP Port States Explained

Open

An open port means a service is actively listening and accepted our TCP connection (completed the SYN → SYN-ACK → ACK handshake). Open ports represent services that are accessible from the internet. Examples: a web server on port 443, an SSH server on port 22, a mail server on port 25. Open ports are not inherently dangerous — a secure, patched HTTPS server on port 443 is perfectly safe. Danger arises when unnecessary or unpatched services are open.

Closed

A closed port means the host is reachable and responded with a TCP RST (reset) packet — the port is accessible but no service is currently listening. Closed ports tell an attacker the host is alive and the port is reachable (useful reconnaissance), but no immediate service is exploitable. Consider firewalling off closed ports to prevent this information leakage.

Filtered

A filtered port returns no response (timeout). A firewall, packet filter, or router is silently discarding the probe packets. From a security perspective, filtered is better than closed because it gives attackers less information. Most cloud providers (AWS, Azure, GCP) default to filtering all ports not explicitly opened in security group rules.

Critical Ports You Should Monitor

How to Secure Open Ports

Use a Firewall (First Line of Defence)

Only open ports that are absolutely necessary. On Linux servers, use ufw or iptables. On cloud providers, use security groups (AWS), firewall rules (GCP/DigitalOcean), or NSGs (Azure). The default rule should be: deny all inbound, then explicitly allow only what's needed.

Keep Services Patched

An open port running an outdated, unpatched service is a critical vulnerability. Subscribe to security advisories for every service you run and apply patches promptly. Most large-scale breaches exploit known vulnerabilities for which patches already exist.

Use Port Knocking or VPN for Administrative Access

For services like SSH, RDP, or database management tools, consider placing them behind a VPN and keeping the ports filtered to all public IPs. Port knocking is another technique that keeps ports invisible until a specific sequence of connection attempts is made.

Monitor for Unexpected Open Ports

Malware, misconfigured applications, and unauthorized services can open new ports. Run regular port scans against your own systems and alert on any newly opened port. Tools like nmap and this online scanner can help establish a baseline and detect drift.

Port Scanning Tools for Deeper Analysis

For comprehensive port scanning beyond what a browser-based tool can offer, these tools are industry standard:

• nmap: The most widely used port scanner. Supports SYN scan, UDP scan, OS detection, service version detection, and script-based vulnerability assessment. Command: nmap -sV -p 1-65535 target-ip
• masscan: Extremely fast scanner capable of scanning the entire internet IPv4 space in under 6 minutes. Good for quickly scanning large IP ranges you own.
• netcat (nc): Simple tool for manual port probing: nc -zv target-ip port
• Shodan: Search engine for internet-connected devices. Shows historical open port data for IPs — useful for passive reconnaissance on your own assets.