Port Scanning Definition
We refer to port scanning as that process where someone (usually, an attacker) scans the different ports of a computer. The main goal of this port scanning process is to assess whether the ports of a computer or device are open, closed or have some sort of filter that does not allow certain information to be sent or received. Port scanning is usually performed by observing and analyzing the response of the different ports when information is sent to them with the specific goal of identifying weaknesses and vulnerabilities.
As mentioned, port scanning is one of the most important steps that need to be taken by an attacker when conducting a cyberattack. However, port scanning is used by system administrators as well to perform penetration testing and other tests aimed at identifying vulnerabilities within a certain network or device.
The way port scanning works is by inspecting the IP address for the hosts and utilizing Transmission Control Protocol/Internet Protocol (TCP/IP) to perform this activity. The ports that are targeted in this process are the well-known TCP/IP ports that are usually reserved for privileged services (numbered 0 to 1024), the registered ports (1024 to 49151) and the private ports that are usually designed for customized services (numbered 49152 to 65535).