NEVER scan a computer you do
not own or have the owner's permission to
- Last Review: November 22, 2012
Home > NetScanTools
Pro > Technical Details > Port
Port Scanner Tool Description - look for open, listening
ports on a target system
Port Scanner is an essential security tool for finding open ports
corresponding to the TCP or UDP services (daemons to *nix users) running on a target
This scanner is multithreaded, configurable, and it allows you to
run four different types of scanning patterns. You can scan a linear
range of ports on one IP address or several contiguous IP addresses.
You can build lists of target IP Addresses and lists of ports to
scan. You can specify connection timeouts and other parameters.
Additionally, any data that is received from the target port upon
connection is saved for viewing (Full connect or UDP modes
only). The results are presented in spreadsheet form for easy
review of results.
Five types of port scans are supported
- TCP Full Connect.
This mode makes a full TCP connection to the target
and optionally saves any data or banners returned from the target. This
mode is the most accurate for determining open TCP ports, but
it is also easily recognized by Intrusion Detection Systems
(IDS). Windows XP sp2 limits the effective use of this mode because the operating system
has introduced new limits on 'unanswered' SYN packets -- we monitor
for signs that those limits have been reached. The SYN half open feature
is a better choice for detecting open TCP ports.
- UDP ICMP Port Unreachable Connect.
This mode sends a short UDP packet to the target's UDP ports
and looks for an ICMP Port Unreachable message in return. The
absence of that message indicates either the port is used or
the target does not normally return the ICMP Port Unreachable
message which can lead to false positives. We can save any data
or banners returned from the target. This mode is also easily
recognized by IDS.
- TCP Full/UDP ICMP Combined.
This mode combines the previous two modes into one operation.
- TCP SYN Half Open.
This mode sends out a SYN packet
to the target port and listens for the appropriate response.
Open ports respond one way and closed ports respond differently.
This mode is less likely to be noted by an IDS. Since the TCP
connection is not fully completed, we cannot gather data or
banner information. You have full control over TTL, Source Port,
MTU, Sequence number, and Window parameters in the SYN packet.
which we offer to install. This feature is designed for wired ethernet cards, it may or
may not work with wireless interfaces.
- TCP Other. This mode sends out a TCP
packet with any combination of the SYN, FIN, ACK, RST, PSH,
URG flags set to the target port and listens for the response.
You have full control over TTL, Source Port, MTU, Sequence number,
and Window parameters in the custom TCP packet. The Analyze
feature helps you with analyzing the response based on the flag
settings you have chosen. Each operating system responds differently
to these special combinations. We include presets for XMAS,
NULL, FIN and ACK flag settings. Requires
WinPcap. This feature is designed for
wired ethernet cards, it may or may not work with wireless interfaces.
Four types of scan patterns are available
- Scan Range of Ports.
This option scans a linear range of ports as defined by the
start/end port numbers targeting one IPv4 address or
- Scan Common Ports.
This option scans only the ports listed in the Port List.
You can edit the port list.
- Scan Range of Ports Using the Target
List. This mode scans every port using
the Starting through Ending port range on every computer in
the target list. Use this mode when you have a noncontiguous
set of IP addresses to check.
- Scan Common Ports Using the Target
This mode is the most stealthy mode and uses the least amount
of CPU time and bandwidth because you are scanning only the
target ports you want on the target machines you want. You can
manually randomize your list of ports and targets to minimize
detection by scanning detection programs.
- Ping before Scan. This option allows
you to skip (automatically or by user response to a message)
hosts that do not respond to pings. This is highly recommended
for the TCP Full Connect Mode.
- Port response timing (1 ms resolution)
is included for TCP Full Connect Mode.
- Save responding data ('welcome' login
banners) is included for TCP Full Connect Mode.
You have full control over the speed of the
scanner. You can control the number of
threads used to scan the host and the delay between launching each
thread. Each thread contacts one port at a time. You can also vary
the amount of time to wait for a response to a probe of the port
and the amount of time to wait after a connection for a banner to
be sent to you.
Screenshots - this is a scan of an HP 2840 printer
A Windows 2003 Server using TCP Common Ports scan