loading
Loading content
loading
Port scanning sends probes to a host's ports and interprets the replies to decide which are open, closed, or filtered. Every listening service occupies a port, so the set of open ports defines what an attacker can reach over the network. A TCP SYN scan is the common default because it is fast and avoids completing the handshake. UDP scanning is slower and noisier but reveals services like DNS, SNMP, and NTP that TCP scans miss.
Port scanning matters because it converts an IP address into a concrete list of reachable services. An open 22 suggests SSH, an open 3389 suggests RDP, and an unexpected open database port is often a finding on its own. The results feed directly into service fingerprinting, which identifies the exact software and version behind each port, and into banner-grabbing, which reads the greeting a service returns.
Scanning pairs naturally with asset discovery and network mapping: discovery finds the hosts, scanning enumerates their services. In an automated workflow, you scan a fast common-port set across the whole range, then send hits into deeper version detection. Running on a schedule catches ports that open without warning.
Related terms