The Ultimate Port Scanning Guide: Part 3 - UDP Port Scans

The relationship between UDP port scanning and ICMP Unlike TCP, UDP is a stateless protocol. It was designed for speed in an era where reliability couldn’t always be guaranteed. Effectively, UDP is mostly designed to be used for applications that care more whether or not a packet is sent than whether or not it is received. This presents a problem. If a host continuously sends UDP datagrams to a system that isn’t even listening, it could saturate a link.

Continue reading

The Ultimate Port Scanning Guide: Part 2 - Practical TCP Port Scans

Before we start, I’d like to share a pentester story with you about knocking systems over. It’s a fact of life that software bugs happen, and are often triggered by edge cases never considered by the software’s author. A common edge case is something connecting to a service and disconnecting before the conversation starts, or connecting to a service and sending unexpected input. Unfortunately, port scanning more or less relies on these two edge cases.

Continue reading

The Ultimate Port Scanning Guide: Part 1 - Theory

Port scanning is the basic foundation of service identification within a TCP/IP network, but is generally associated with network mapping. The most popular tool covered in every single pen testing book you’ll ever read is Nmap. It’s pretty much the de facto standard port scanner. It’s not the only one out there and it’s important to understand port scanning theory so you can remain comfortable in situations where Nmap or an equivalent isn’t available, or at least is misbehaving.

Continue reading