Types of Port Scanning

There are many types of Port Scans that can used. Some of these are discussed below.


The SYN scan involves the use of packets sent to a computer having the SYN flag set, the receiving system sending back a SYN/ACK flag set for acknowledgement, the first computer sending back the ACK flag set, and the receiving computer sending back one with a RST/ACK for reset or acknowledgement if the port is closed. All this is done for a full TCP connection not being made and the transaction not being logged. This stealthy nature of it helps attackers as they also do not want their connection with the target system be logged.


The Connect scan depends on the target system’s Operating System (OS) which adds to the risk. The difference between the connect scan and the SYN scan is that the connect scan completes the three way handshake, with the transaction being logged. So, this scan is not quite as stealthy.


The Null scan has all packets flags off and a closed port responds to it with an RST packet. So no reception of packets mean is that the port is most likely open


The XMAS scan uses the PSH, FIN, and URG flags. It works like the Null scan in that closed ports send it back an RST packet, the absence of which indicates an open port. So, if the DNS port 53 is to be checked, this scan can show if it is or not by noticing if a packet is sent back or not.


The ACK scan works best against filtering devices such as firewalls, which look for SYN which is the first of the three way handshake.


The FIN scan sends a FIN packet to the target system. Closed ports send back RST packets. The three way handshake ends with both sides sending FIN packets


The UDP scan sends UDP packets to its target computers. Closed ports give back an ICMP “Port Unreachable” meassage.