Port Scanning

First of all, If you don’t know about ports then refer to A Beginner’s Guide To Ports.
So every program on a computer that is connected to the Internet receives data from its respective port. Hence if Computer is a house then a port is a door and we know opened doors are dangerous as attackers can directly enter into our house. So as a hacker we want to attack the house (computer) right? Yep, that’s why we start with checking doors. So Port Scanning is the process of checking which ports are open the target machine. The program which performs Port Scanning is called a Port Scanner and it tries to connect to all ports one by one and tells us which ports are open.

What If A Port Is Open?

That’s a good question that should be answered and will be answered.
Well, everything has weaknesses, and programs have too, called vulnerability. Hackers can identify them and can build exploits. Exploits are a small piece of code that allow hackers to take advantage of the vulnerability. So if you have a program installed on your computer and a hacker finds that it is vulnerable then he can send exploit to the port linked with that program and hence can get into your system.
So do you need to learn how to write exploits? No man at least not now. There are already many Exploits already written by hackers that you can use in your hack.

How To Perform A Port Scan?

NMap is the best port scanner, NMap can do a lot of other things too.
Well if you are a beginner I will suggest you use ZenMap which is the front end GUI of NMap.
You can download it from here
So let’s perform a port scan with Nmap.
Note: These directions are for Linux Users and Team Ultimate strongly recommends you to use Linux.

1. Open Terminal
2. Type “nmap Target_IP_Address_Here” (without ” quotes and you can also put Domain in place of IP)
3. Now NMap will scan the most common ports if they are open and you will see an output like this

That’s it! Yes, sir that’s it! We did port scanning and now we have a list of open ports and therefore we know what kind of services are running on that server.
So you must be thinking oh wow a lot of open doors lets attack! But we should clear our basics first, right? Yeah good boy 🙂

Types Of Port Scanning

1. Vanilla: This scan involves scanning of all 65,535 ports

2. Strobe: A more focused scan looking only for known services to exploit.

3. Fragmented Packets: The scanner sends packet fragments that get through simple packet filters in a firewall.

4. UDP: The scanner looks for open UDP ports

5. Sweep: The scanner connects to the same port on more than one machine.

6. FTP Bounce: The scanner goes through an FTP services in order to disguise the source of the scan.

7. Stealth Scan: The scanner blocks the scanned computer from recording the port scan activities.

That’s all for now, see you guys in next tutorial.


Leave a Reply