What Is Port Scanning?
Port scanning is the process of probing a host's network ports to discover which ones are open, closed, or filtered. It is a fundamental technique used by network administrators to audit their own infrastructure, by security researchers to assess attack surface, and by attackers to identify services they can target. Scan your own public IP with our port scanner to see what services you're exposing.
Common Port Scanning Techniques
| Technique | How It Works | Detectability | Speed |
|---|
| TCP Connect Scan | Completes the full 3-way TCP handshake - Logged by target | High - Appears in connection logs | Slow |
| SYN Scan (half-open) | Sends SYN, waits for SYN-ACK, sends RST without completing handshake | Medium - May not appear in app logs | Fast |
| UDP Scan | Sends UDP packets; closed ports return ICMP unreachable | Low | Very slow |
| FIN / XMAS / NULL Scan | Sends packets with unusual TCP flags to bypass some firewalls | Low | Slow |
| Idle Scan | Uses a third-party "zombie" host as a proxy; hides scanner's IP | Very Low | Very slow |
| Version Detection (-sV) | Probes open ports to identify service version and OS | High | Slow |
Well-Known Port Numbers
| Port | Protocol | Service |
|---|
| 21 | TCP | FTP - File Transfer Protocol |
| 22 | TCP | SSH - Secure Shell |
| 25 | TCP | SMTP - Outbound email |
| 53 | TCP/UDP | DNS - Domain Name System |
| 80 | TCP | HTTP - Web traffic |
| 443 | TCP | HTTPS - Encrypted web traffic |
| 3389 | TCP | RDP - Windows Remote Desktop |
| 5900 | TCP | VNC - Remote desktop |
| 8080 | TCP | HTTP alternate / proxy |
Protecting Against Unauthorized Port Scans
- Keep a firewall in front of your public IP that defaults to dropping all unsolicited inbound connections.
- Close or disable services you don't actively use - Every open port is a potential attack surface.
- Move SSH from port 22 to a high non-standard port - This won't stop a determined attacker but eliminates nearly all automated scanning noise.
- Use an IDS/IPS (Intrusion Detection/Prevention System) like Fail2Ban or Snort to detect and block scanning behavior.
- Regularly scan your own network with our port scanner or nmap to audit what is actually exposed. Also check for blacklist listings that indicate your IP has been flagged for suspicious activity.
