Port Scanner Tutorial - Know your Ports | HackerTarget.com
A port scanner is a program that is used in network security testing and troubleshooting. An online port scanner is a scan that is able to externally test your network firewall and open ports because it is sourced from an external IP address. It is powered by a simple port scanner program that is hosted on another system usually with an easy to use web interface.
To understand what a port scanner does we need to first understand the basics of how the network "works". In referencing the network this could be a local area network in your home or office or it could be the Internet.
A network is compromised of systems with addresses and on those systems you have services.
The address is called an "IP Address" and the Service could be many things but is basically software that is running on the system and accessible over the network on a port number. It could be a web server, email server or gaming server.
An IP Address looks like this: 192.168.1.3
A service will run on 192.168.1.3 and listen on a port. Example Ports;
- web server : port 80
- mail server (smtp) : port 25
- mail server (pop3) : port 110
- game server : port 49001
There are many resources that cover the more technical details of port scanning and the different types of port scanning. In this guide we are going to stick to the basics.
The missing part of this introduction to network basics is the hostname, DNS record or domain name. It is a reference to the IP address using an easier to remember name. For example what is easier to remember: 74.125.237.17 or www.google.com ?
When you type www.google.com into your browser you are directed via
the domain name system to 74.125.237.17 on port 80. The port 80 is done
by the browser automatically. If you type https:// into the browser you go to a different port 443. As this is the standard port for the encrypted SSL protocol.
Here are some common ports that you will find when using a port scanner:
- 25 Email (SMTP)
- 53 Domain Name Server
- 80 Web Server (HTTP)
- 110 Email Server (POP3)
- 143 Email Server (IMAP)
- 443 Web Server (HTTPS)
- 445 Windows Communication Protocol (File Sharing etc)
- 8080 Proxy Server
A more complete list of ports can be found at Wikipedia.
Testing a Home Router or Small Business for Open Ports
In the diagram below we have a number of devices behind a typical broadband router. It is important to understand if any ports are open on the Internet facing interface. As these are accessible by anyone on the Internet. Open ports on a broadband router could be management ports on the router that allow a remote user to change the configuration of the router. Another form of open port on the broadband router would be ports that are forwarded to internal systems.
Port forwarding allows internal hosts to provide services on the Internet facing device. Port forwarding is often used in gaming or to host something such as a web server or email server on the broadband Internet connection.
The Nmap port scanner is the worlds leading port scanner. It is very accurate, stable and has more options than we are going to get into here, for more information and installation instructions head over to the nmap page.
Sample Nmap Scan from HackerTarget.com
Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-16 23:12 UTC Interesting ports on 123.123.123.123: Not shown: 997 filtered ports PORT STATE SERVICE VERSION 25/tcp open smtp 80/tcp open http Apache httpd 443/tcp closed https Service Info: OS: Linux Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 64.27 seconds We have scanned the IP Address: 123.123.123.123
What can be inferred from Port Scanner Results?
An open port is one that has allowed a full three way TCP connection to be established. The port scanner in this case has found a port that responded as available to the scan and the connection was established. Secondary data from an open port is known as a banner, this is a text response that includes the type and sometimes version of the server listening.
A Closed Port indicates that the port scan on that port was allowed through the firewall (or NAT device) but no port was listening. Instead the device responded with a TCP RST or RESET.
Filtered Ports are those that did not respond at all and these are typical of the response from a firewall. The actual firewall simply drops the port scan packet and does not respond in anyway.
From outside the firewall, a Port Scanner can test every port on the servers IP address. There are 65535 total TCP ports on every IP address. There are also 65535 ports on the UDP protocol.
Now that you have an understanding of what a port scanner is you can jump over to our Online Nmap Scan testing page and run a Free port scan. The advantage of using our server is that it is external facing to your network and will see what any other external attacker on the Internet will see. You can also install Nmap yourself and run it against your network, you will likely see a different result to that of the external facing scan.
Know when your attack surface changes
Hosted Nmap scanning allows you to scan any IP adddress to find open services and firewall configuration.
Comments
Post a Comment