Scanning for Open Ports and Services Once we have successfully scanned the number of live hosts on a network, we attempt to find open
ports and the services associated with them on a network. Port scanning is the process of discover-
ing TCP and UDP open ports on the target host or network. Open ports reveal the services that
are running upon the network. We perform port scanning in order to look for potential entry
points into the systems.
One of the most challenging tasks with port scanning is to evade firewalls and intrusion detec-
tion and prevention mechanisms. Our goal is to make our scan less noisy. In this chapter, we will
also discuss some stealth scanning techniques to make your scans less noisy.
There exist many tools such as netcat, hping2, and Unicornscan for scanning open ports, but
nmap is our ultimate choice. However, we will look at some of the gui and command line tools
too. But our main focus will be on nmap as it’s one of the most comprehensive port scanning tools.
Types of Port Scanning Port scanning is primarily divided into two main categories: TCP scanning and UDP scanning.
Nmap supports a wide variety of scanning methods such as the TCP syn scan and the TCP con-
nect scan, and we will discuss some of them here in great detail.
Nmap is very simple to use; the basic command line format for nmap is as follows:
nmap
