Search NetScanTools.com
 Search Site		 Blog
 Blog link		 Follow us
 Print  
Port Scanner
Home Products Training Blog Support Contact us About us Search SiteMap
  NetScanToolsŪ Pro
NetScanToolsŪ LE
NetScanToolsŪ Basic
NetScanToolsŪ Std
Switch Port Mapping Tool
ipPulse
Videos
Product Pricing
How to Buy
Resellers
Distributors
Download
Freeware
Press Resources
Newsletters		  
 
  Demo
Get the NetScanTools Pro demo here.		  

 
  Warning:
NEVER scan a computer you do not own or have the owner's permission to scan.		  
 


Back Up Next

Port Scanner Tool Description

Port Scanner (previously called Port Probe) is an essential security tool for finding open ports corresponding to the TCP or UDP services/daemons running on a target device. This scanner is multithreaded, configurable, and it allows you to run four different types of scanning patterns. You can scan a linear range of ports on one IP address or several contiguous IP addresses. You can build lists of target IP Addresses and lists of ports to scan. You can specify connection timeouts and other parameters. Additionally, any data that is received from the target port upon connection is saved for viewing (Full connect or UDP modes only). The results are presented in tree form and are color-coded with different types of images for easy location of information at a glance. The right click menu options are extensive and include things like 'Analyze' which helps with the analysis of the results.

The types of scans supported are:

  • TCP Full Connect. This mode makes a full TCP connection to the target and optionally saves any data or banners returned from the target. This mode is the most accurate for determining open TCP ports, but it is also easily recognized by Intrusion Detection Systems (IDS). Windows XP sp2 limits the effective use of this mode because the operating system has introduced new limits on 'unanswered' SYN packets -- we monitor for signs that those limits have been reached. The SYN half open feature is a better choice for detecting open TCP ports.
  • UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to the target's UDP ports and looks for an ICMP Port Unreachable message in return. The absence of that message indicates either the port is used or the target does not normally return the ICMP Port Unreachable message which can lead to false positives. We can save any data or banners returned from the target. This mode is also easily recognized by IDS.
  • TCP Full/UDP ICMP Combined. This mode combines the previous two modes into one operation.
  • TCP SYN Half Open. This mode sends out a SYN packet to the target port and listens for the appropriate response. Open ports respond one way and closed ports respond differently. This mode is less likely to be noted by an IDS. Since the TCP connection is not fully completed, we cannot gather data or banner information. You have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the SYN packet. Requires WinPcap which we offer to install. This feature is designed for wired ethernet cards, it may or may not work with wireless interfaces.
  • TCP Other. This mode sends out a TCP packet with any combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port and listens for the response. You have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the custom TCP packet. The Analyze feature helps you with analyzing the response based on the flag settings you have chosen. Each operating system responds differently to these special combinations. We include presets for XMAS, NULL, FIN and ACK flag settings. Requires WinPcap. This feature is designed for wired ethernet cards, it may or may not work with wireless interfaces.

The four types of scan patterns are:

  1. Sequential Port Scan. This method scans a linear range of ports as defined by the start/end port numbers over a linear set of IP addresses as defined by the IP address range settings.
  2. Port Scan List. This mode scans only the ports listed in the Port List. This mode scans either a single host or a range of IP addresses based on the selection made in the Probe Single Host/Probe IP Range radio button group. It scans each host sequentially, that is the first, then the second etc., using the list of port numbers shown in the Port List.
  3. Sequential Port Scan Using the Target List. This mode scans every port using the Starting through Ending port range on every computer in the target list. Use this mode when you have a discontiguous set of IP addresses to check.
  4. Scan a List of Ports on a List of Targets. This mode is the most stealthy mode and uses the least amount of CPU time and bandwidth because you are scanning only the target ports you want on the target machines you want. You can manually randomize your list of ports and targets to minimize detection by scanning detection programs.
Other Features
  • Ping before Scan. This option allows you to skip (automatically or by user response to a message) hosts that do not respond to pings. This is highly recommended for the TCP Full Connect Mode.
  • Port response timing (1 ms resolution) is included for TCP Full Connect Mode.
  • Save responding data ('welcome' login banners) is included for TCP Full Connect Mode.
  • Get HTTP headers and FTP login banners with request for OS type, including reports for TCP Full Connect Mode.
  • An analysis and summary of responding port data including timing, totals and common service notes is available via the right click menu.

You have full control over the speed of the scanner. You can control the number of threads used to scan the host and the delay between launching each thread. Each thread contacts one port at a time. You can also vary the amount of time to wait for a response to a probe of the port and the amount of time to wait after a connection for a banner to be sent to you.

How fast is the scanner?

FULL TCP CONNECTION: 103 seconds to scan all TCP ports between 1 and 65535 of a LAN connected HP 4050n printer using the following parameters:

  • System connected through 100BaseT Ethernet connection on a Linksys switch.
  • Machine running NetScanTools Pro was a Windows XP 1.9Ghz Pentium 4 with a Intel ethernet network card.
  • Connection timeout was 100ms and wait time after a connection was established was 1 second.

TCP SYN STEALTH: 233 seconds (3.5 ms per port) to scan all TCP ports between 1 and 65535 of a LAN connected HP 4050n printer using the following parameters:

  • System connected through 100BaseT Ethernet connection on a Linksys switch.
  • Machine running NetScanTools Pro was a Windows XP 2.8Ghz Pentium 4 with a Intel ethernet network card.

Special features include the ability to query HTTP web server ports for the page headers. You can define which ports are to be tested for web servers--not just port 80. This information is used to build a HTTP web server type report. We can query FTP servers to determine their type. A report is also available.

Screenshots - more below...this is a scan of an HP 2840 printer

port scanner screenshot

Port Scan of a Windows 98 Machine using TCP SYN scan

Screenshots - click on links to view each image...

Target List Editor

Port List Editor

SMTP Banner received during a scan

Setup window showing scan options

Home NetScanTools Pro News Technical Details System Requirements NetScanTools Pro VPAT Press Reviews Optional Tools Demo Request Full Download Defined NetScanTools Pro USB Version

 

Home | Products | NetScanTools Pro | Switch Port Mapper | How to Buy | Support | About us | Contact us | Privacy Policy | Search | Site Map

Copyright 1995-2010 Northwest Performance Software, Inc., DBA NetScanTools.com All rights reserved
'NetScanTools Pro', 'NetScanTools Standard', 'NetScanTools LE', 'NetScan', 'ipPulse', 'Northwest Performance Software' and 'NetScanTools.com', are trademarks of Northwest Performance Software, Inc.
'NetScanTools' is a registered trademark of Northwest Performance Software, Inc.