Сканирование портов

How Port Scanners Work

The most widely used port scanner is Nmap. A basic TCP SYN scan sends SYN packets to target ports without completing the three-way handshake. An open port responds with SYN-ACK; a closed port responds with RST; a filtered port — blocked by FirewallA network security device or software that monitors and filters incoming and outgoing traffic based on predefined rules. Firewalls can block traffic by IP address, port number, protocol, or application-layer content. — produces no response or an ICMP unreachable. SYN scanning is faster than full-connect scanning because the attacker drops the connection after receiving SYN-ACK, avoiding logging on many services.

Other scan types include UDP scanning (slower and less reliable due to UDP's connectionless nature), service version detection (probing open ports to identify running software), and OS fingerprinting (inferring the target OS from TCP/IP stack behavior).

Legitimate Uses

Port scanning is a standard tool in network administration and security auditing. Administrators scan their own infrastructure to verify firewall rules are working as expected — ensuring only intended ports are accessible from intended locations. Penetration testers scan target environments to identify attack surface before malicious actors do.

Legal and Ethical Considerations

Scanning networks you do not own or have explicit permission to test is illegal in many jurisdictions, regardless of intent. Many cloud providers prohibit unauthorized scanning in their Terms of Service. Always obtain written authorization before scanning production infrastructure.

Attackers use port scanning to identify open services, which reveals potential vulnerabilities to exploit. Outdated software versions revealed by banner grabbing and misconfigured services become attack targets. Use Open Port Checker to verify the external visibility of specific ports on your own servers.