(1) An interface on a computer to which you can connect a device. Personal computers have various types of ports.

Internally, there are several ports for connecting disk drives, display screens, and keyboards. Externally, personal computers have ports for connecting modems, printers, mice, and other peripheral devices. Almost all personal computers come with a serial RS-232C port or RS-422 port for connecting a modem or mouse and a parallel port for connecting a printer. On PCs, the parallel port is a Centronics interface that uses a 25-pin connector. SCSI (Small Computer System Interface) ports support higher transmission speeds than do conventional ports and enable you to attach up to seven devices to the same port. (2) In TCP/IP and UDP networks , an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic. Also see Well-Known TCP Port Numbers in the Quick Reference section of Webopedia. (v.) To move a program from one type of computer to another. To port an application, you need to rewrite sections that are machine dependent, and then recompile the program on the new computer. Programs that can be ported easily are said to be portable. Definition: In computer networking, the term port can refer to either physical or virtual connection points. Physical network ports allow connecting cables to computers, routers, modems and other peripheral devices. Several different types of physical ports available on computer network hardware include:

Ethernet ports USB ports serial ports

Definition: Ethernet is a physical and data link layer technology for local area networks (LANs). Ethernet was invented by engineer Robert Metcalfe. When first widely deployed in the 1980s, Ethernet supported a maximum theoretical data rate of 10 megabits per second (Mbps). Later, so-called "Fast Ethernet" standards increased this maximum data rate to 100 Mbps. Today, Gigabit Ethernet technology further extends peak performance up to 1000 Mbps. Higher level network protocols like Internet Protocol (IP) use Ethernet as their transmission medium. Data travels over Ethernet inside protocol units called frames.

The run length of individual Ethernet cables is limited to roughly 100 meters, but Ethernet networks can be easily extended to link entire schools or office buildings using network bridge devices. ******************************************8 In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint, providing a multiplexing service. It is used by Transport Layer protocols of the Internet Protocol Suite, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). A specific port is identified by its number, commonly known as the port number, the IP address with which it is associated, and the protocol used for communication. The reason for having ports is that virtually all modern computers support multitasking. Thus, on a typical computer, there will be multiple programs which need to contact other programs on other computers over the network all at the same time. Ports enable multiple programs to share a single physical network connection simultaneously, as opposed to having only one program using the connection for a long period of time. Socket Definition: A socket represents a single connection between two network applications. These two applications nominally run on different computers, but sockets can also be used for interprocess communication on a single computer. Applications can create multiple sockets for communicating with each other. Sockets are bidirectional, meaning that either side of the connection is capable of both sending and receiving data. Open port In security parlance, the term open port is used to mean a TCP/IP port number that is configured to accept packets. In contrast, a port which ignores all packets directed at it is commonly referred to as a "closed port".[1] Ports are an integral part of the Internet's communication model they are the channel through which applications on the client computer can reach the software on the server. Services, such as web pages or FTP, require their respective ports to be "open" on the server in order to be publicly reachable. The above use of the terms "open" and "closed" can sometimes be misleading, though; it blurs the distinction between a given port being reachable (unfiltered) and whether or not there is an application actually listening on that port. Technically, a given port being "open" (in this context, reachable) is not enough for a communication channel to be established. There needs to be an application (service) listening on that port, accepting the incoming packets and processing them. If there is no application listening on a port, incoming packets to that port will simply be rejected by the computer's operating system.

Ports can be "closed" (in this context, filtered) through the use of a firewall. The firewall will filter incoming packets, only letting through those packets for which it has been configured. Packets directed at a port which the firewall is configured to "close" will simply be dropped in transit, as though they never existed. Some malicious software acts as a service, waiting for connections from a remote attacker in order to give him information or control over the machine. It is common security practice to close unused ports in personal computers, so as to block public access to any services which might be running on the computer without the user's knowledge, whether due to legitimate services being misconfigured, or the presence of malicious software. Malicious hackers (or crackers) commonly use port scanning software to find which ports are "open" (unfiltered) in a given computer, and whether or not an actual service is listening on that port. They can then attempt to exploit potential vulnerabilities in any services they find. Port scanning A port scanner is a software application designed to probe a network host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it. To portscan a host is to scan for listening ports on a single target host. To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used in searching for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433. TCP scanning The simplest port scanners use the operating system's network functions and is generally the next option to go to when SYN is not a feasible option (described next). Nmap calls this mode connect scan, named after the Unix connect() system call. If a port is open, the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned. This scan mode has the advantage that the user does not require special privileges. However, using the OS network functions prevents low-level control, so this scan type is less commonly used. [edit] SYN scanning SYN scan is another form of TCP scanning. Rather than use the operating system's network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as "half-open scanning", because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet, closing the connection before the handshake is completed.

The use of raw networking has several advantages, giving the scanner full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses. There is debate over which scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection while some services can be crashed with a connect scan.[citation needed] However, the RST during the handshake can cause problems for some network stacks, in particular simple devices like printers. There are no conclusive arguments either way. [edit] UDP scanning UDP scanning is also possible, although there are technical challenges. UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. However, if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. Most UDP port scanners use this scanning method, and use the absence of a response to infer that a port is open. However, if a port is blocked by a firewall, this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open. This method is also affected by ICMP rate limiting. An alternative approach is to send application-specific UDP packets, hoping to generate an application layer response. For example, sending a DNS query to port 53 will result in a response, if a DNS server is present. This method is much more reliable at identifying open ports. However, it is limited to scanning ports for which an application specific probe packet is available. Some tools (e.g., nmap) generally have probes for less than 20 UDP services, while some commercial tools (e.g., nessus) have as many as 70. In some cases, a service may be listening on the port, but configured not to respond to the particular probe packet. To cope with the different limitations of each approach, some scanners offer a hybrid method. For example, using nmap with the -sUV option will start by using the ICMP port unreachable method, marking all ports as either "closed" or "open|filtered". The open| filtered ports are then probed for application responses and marked as "open" if one is received. [edit] ACK scanning ACK scanning is one of the more unique scan types, as it does not exactly determine whether the port is open or closed, but whether the port is filtered or unfiltered. This is especially good when attempting to probe for the existence of a firewall and its rulesets. Simple packet filtering will allow established connections (packets with the ACK bit set), whereas a more sophisticated stateful firewall might not. [edit] Window scanning Rarely used because of its outdated nature, window scanning is fairly untrustworthy in determining whether a port is opened or closed. It generates the same packet as an ACK

scan, but checks whether the window field of the packet has been modified. When the packet reaches its destination, a design flaw attempts to create a window size for the packet if the port is open, flagging the window field of the packet with 1's before it returns to the sender. While this method has been phased out almost completely, using this scanning technique with systems that no longer support this implementation returns 0's for the window field, labeling open ports as closed. [edit] FIN scanning Since SYN scans are not surreptitious enough, firewalls are, in general, scanning for and blocking packets in the form of SYN packets. FIN packets are able to pass by firewalls with no modification to its purpose. Closed ports reply to a FIN packet with the appropriate RST packet, whereas open ports ignore the packet on hand. This is typical behavior due to the nature of TCP, and is in some ways an inescapable downfall. Systems vulnerable to this type of scan are most Unix and NT systems. Microsoft is immune in that it is not bias in the port state and will send a RST packet regardless of the port being open or closed.[1] [edit] Other scan types Some more unusual scan types exist. These have various limitations and are not widely used. Nmap supports most of these.[2]

Protocol scan - determines what IP level protocols (TCP, UDP, GRE, etc.) are enabled. Proxy scan - a proxy (SOCKS or HTTP) is used to perform the scan. The target will see the proxy's IP address as the source. This can also be done using some FTP servers. Idle scan - Another method of scanning without revealing one's IP address, taking advantage of the predictable ip id flaw. CatSCAN - Checks ports for erroneous packets. ICMP scan - determines if a host responds to ICMP requests, such as echo (ping), netmask, etc.

Information attacker gets from scanning Port scanning can uncover a number of holes that a hacker could use against you, we cover how to scan ports and more below. TIP: To Scan your ports online (fast and free), take our free Firewall Test Port Scanning is one of the most popular reconnaissance techniques attackers use to discover services they can break into. All machines connected to a Local Area Network

(LAN) or Internet run many services that listen at well-known and not so well known ports. A port scan helps the attacker find which ports are available (i.e., what service might be listing to a port). Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Can I take legal action against port scanning? A Port scan is like ringing the doorbell to see whether someones at home. The police usually cant do anything about it. They have to wait until a crime is committed. The police might give it more consideration if the doorbell is repeatedly rung causing the homeowner to complain of harassment. Sometimes, if a computer system is affected too much by a port scan, one can argue that the port scan was, in fact, a denial-of-service (DoS) attack, which is usually an offense. Port Scanning Basic Techniques The simplest port scan tries (i.e., sends a carefully constructed packet with a chosen destination port number) each of the ports from 0 to 65535 on the victim to see which ones are open. TCP connect():- The connect() system call provided by an OS is used to open a connection to every interesting port on the machine. If the port is listening, connect() will succeed, otherwise the port isnt reachable. Strobe -A strobe does a narrower scan, only looking for those services the attacker knows how to exploit. The name comes from one of the original TCP scanning programs, though now virtually all scanning tools include this feature. The ident protocol allows for the disclosure of the username of the owner of any process connected via TCP, even if that process didnt initiate the connection. So, e.g., one can connect to port 80 and then use identd to find out whether the HTTP server is running as root. Port Scanning Advanced Techniques One problem, from the perspective of the attacker attempting to scan a port, is that services listening on these ports log scans. They see an incoming connection, but no data, so an error is logged. There exist a number of stealth scan techniques to avoid this. A stealth scan is a kind of scan that is designed to go undetected by auditing tools. Obviously, this is a race between the hacker and firewall vendors what are considered stealth scans now may not be so in a few months once the firewall vendor becomes aware of such techniques. Port scanners scan a host rapidly by firing off packets at different ports. So, scanning very slowly (taking a day or more) becomes a stealth technique. Another stealth scanning technique is inverse mapping, where you try to find out all hosts on a network by

generating host unreachable ICMP-messages for those IPs that do not exist. Since these messages may be generated by any TCP/IP packet one may send meaningless packets (e.g. RST packets sent without any previous packet).

MY OUTPUT

The Nmap tarball compiles under Linux, Mac OS X, Windows, and many UNIX platforms (Solaris, Free/Net/OpenBSD, etc.) It includes Zenmap, the GUI frontend. Nmap is now offered in bzip2 format as well as traditional gzip. What is Nmap?: Nmap, short for "network mapper", is a free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network. It can be used for IT auditing and asset discovery as well as for security profiling of the network. What Does Nmap Do?: Nmap uses raw IP packets to determine what hosts are available on the network, the services that are enabled, the operating system and version of the host, what sort of firewall or packet filters are in place and many other aspects of the network. The information can be used to proactively identify and correct security holes. The tool can also be used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist. Running Nmap: Nmap is available for a wide range of operating system platforms. The standard download is a compressed file containing the UNIX version (which runs on Linux, Solaris, Free/Net/OpenBSD, and Mac OS X) and the Windows version as well as NmapFE, the XWindows front end for UNIX, and NmapWIN, the recommended Windows GUI for Nmap.

You can download the latest version of Nmap, as well as many previous stable versions, at Nmap Downloads NMap Scans: NMap can perform a wide range of scans. Some are more aggressive and blatant, while some are designed to be stealthy and scan undetected. Depending on the type of scan performed, different information can be discovered as well. Some of the scan types are:

Connect SYN Stealth FIN, Xmas, Null Ping UDP Scan IP Protocol Scan ACK Scan Window Scan RPC Scan List Scan FTP Bounce

Nmap Resources: The best source of Nmap information is the official home of Nmap, Insecure.org. On that site you can find all of the details and information including:

NMap Overview and Introduction NMap Documentation NMap Downloads

************************************************************************* ********* Port Scanner Tool Description Port Scanner (previously called Port Probe) is an essential security tool for finding open ports corresponding to the TCP or UDP services/daemons running on a target device. This scanner is multithreaded, configurable, and it allows you to run four different types of scanning patterns. You can scan a linear range of ports on one IP address or several contiguous IP addresses. You can build lists of target IP Addresses and lists of ports to scan. You can specify connection timeouts and other parameters. Additionally, any data that is received from the target port upon connection is saved for viewing (Full connect or UDP modes only). The results are presented in tree form and are color-coded with different types of images for easy location of information at a glance. The right click menu options are extensive and include things like 'Analyze' which helps with the analysis of the results.

The types of scans supported are:

TCP Full Connect. This mode makes a full TCP connection to the target and optionally saves any data or banners returned from the target. This mode is the most accurate for determining open TCP ports, but it is also easily recognized by Intrusion Detection Systems (IDS). Windows XP sp2 limits the effective use of this mode because the operating system has introduced new limits on 'unanswered' SYN packets -- we monitor for signs that those limits have been reached. The SYN half open feature is a better choice for detecting open TCP ports. UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to the target's UDP ports and looks for an ICMP Port Unreachable message in return. The absence of that message indicates either the port is used or the target does not normally return the ICMP Port Unreachable message which can lead to false positives. We can save any data or banners returned from the target. This mode is also easily recognized by IDS. TCP Full/UDP ICMP Combined. This mode combines the previous two modes into one operation. TCP SYN Half Open. This mode sends out a SYN packet to the target port and listens for the appropriate response. Open ports respond one way and closed ports respond differently. This mode is less likely to be noted by an IDS. Since the TCP connection is not fully completed, we cannot gather data or banner information. You have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the SYN packet. Requires WinPcap which we offer to install. This feature is designed for wired ethernet cards, it may or may not work with wireless interfaces. TCP Other. This mode sends out a TCP packet with any combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port and listens for the response. You have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the custom TCP packet. The Analyze feature helps you with analyzing the response based on the flag settings you have chosen. Each operating system responds differently to these special combinations. We include presets for XMAS, NULL, FIN and ACK flag settings. Requires WinPcap. This feature is designed for wired ethernet cards, it may or may not work with wireless interfaces.

The four types of scan patterns are: 1. Sequential Port Scan. This method scans a linear range of ports as defined by the start/end port numbers over a linear set of IP addresses as defined by the IP address range settings. 2. Port Scan List. This mode scans only the ports listed in the Port List. This mode scans either a single host or a range of IP addresses based on the selection made in the Probe Single Host/Probe IP Range radio button group. It scans each host sequentially, that is the first, then the second etc., using the list of port numbers shown in the Port List.

3. Sequential Port Scan Using the Target List. This mode scans every port using the Starting through Ending port range on every computer in the target list. Use this mode when you have a discontiguous set of IP addresses to check. 4. Scan a List of Ports on a List of Targets. This mode is the most stealthy mode and uses the least amount of CPU time and bandwidth because you are scanning only the target ports you want on the target machines you want. You can manually randomize your list of ports and targets to minimize detection by scanning detection programs. Other Features

Ping before Scan. This option allows you to skip (automatically or by user response to a message) hosts that do not respond to pings. This is highly recommended for the TCP Full Connect Mode. Port response timing (1 ms resolution) is included for TCP Full Connect Mode. Save responding data ('welcome' login banners) is included for TCP Full Connect Mode. Get HTTP headers and FTP login banners with request for OS type, including reports for TCP Full Connect Mode. An analysis and summary of responding port data including timing, totals and common service notes is available via the right click menu.

You have full control over the speed of the scanner. You can control the number of threads used to scan the host and the delay between launching each thread. Each thread contacts one port at a time. You can also vary the amount of time to wait for a response to a probe of the port and the amount of time to wait after a connection for a banner to be sent to you. How fast is the scanner? FULL TCP CONNECTION: 103 seconds to scan all TCP ports between 1 and 65535 of a LAN connected HP 4050n printer using the following parameters:

System connected through 100BaseT Ethernet connection on a Linksys switch. Machine running NetScanTools Pro was a Windows XP 1.9Ghz Pentium 4 with a Intel ethernet network card. Connection timeout was 100ms and wait time after a connection was established was 1 second.

TCP SYN STEALTH: 233 seconds (3.5 ms per port) to scan all TCP ports between 1 and 65535 of a LAN connected HP 4050n printer using the following parameters:

System connected through 100BaseT Ethernet connection on a Linksys switch. Machine running NetScanTools Pro was a Windows XP 2.8Ghz Pentium 4 with a Intel ethernet network card.

Special features include the ability to query HTTP web server ports for the page headers. You can define which ports are to be tested for web servers--not just port 80. This information is used to build a HTTP web server type report. We can query FTP servers to determine their type. A report is also available. Screenshots - more below...this is a scan of an HP 2840 printer

Port Scan of a Windows 98 Machine using TCP SYN scan

Advanced Port Scanner 1.3 (Free Network Tool) What is Advanced Port Scanner? Advanced Port Scanner is a small, fast, robust and easyto-use port scanner for Win32 platform. It uses a multithread technique, so on fast machines you can scan ports very fast. Also, it contains descriptions for common ports, and can perform scans on predefined port ranges. DOWNLOAD English, 416 KB General Information

Read Port Scanner Reviews What's new in version 1.3?

Current Version: 1.3 Release Date: July 10, 2006 File Size: 426 KB Operating System: Windows 95/98/ME/NT4.0/2000/XP/2003/Vista/ 2008 and Windows 7 (32 bit, 64 bit)

Interface updated Online help updated Scan engine improved General speed optimizations Minor improvements and fixes

License: Freeware!

Features: Fast and Stable multi-threaded Port Scanning Fully configurable Port Scan Export scan results

Screenshots:

Main Window

Options - Port Scan

Options - Interface

Options - General

Options - Compatibility

Advanced Port Scanner Reviews: freeware by Famatech globalsecuritymag.com "Advanced Port Scanner - small, fast, robust and easy-to use port scanner. The program scans specified port range, retrieves information about all ports and reports if there are any services turned on. " Frequently Asked Questions: Is there a way to permit access to the Radmin server for global groups created in another domain? I want to scan a number of computers, but I can only see one tab to enter an IP. Does your program scan only one computer? I want to enter my own port to scan, but port's range edit boxes are grayed out. I want to scan a number of different ports, not a range. What can I do? I scan a number of computers every day and it's very annoying to have to enter the IP's each time I start the IP Scanner. Is there some way around this? I can't see any ports under the "ports" branch. It just says something like "4 opened, 64 closed". How can I see what ports are opened? My list is empty after a scan. What is wrong? Scanning is too slow! When I start a scan, Windows freezes or works very slowly and the program interface is almost frozen too!

Q: Is there a way to permit access to the Radmin server for global groups created in another domain? A: Create a local group on the PC running Radmin server in the resource domain. Give permissions for this group using 'Settings for Radmin server'. Add a global group from another domain to the created local group.

Q: I want to scan a number of computers, but I can only see one tab to enter an IP. Does your program scan only one computer? A: No. You can select the checkbox labelled "use range" then enter the first and last IP's of an IP range. Or you can scan a complex list of computers by selecting the checkbox labelled "Use group of ranges" then enter any number of IP's and/or IP ranges. Q: I want to enter my own port to scan, but port's range edit boxes are grayed out. A: Just uncheck the checkbox labelled "Use default ports list". Q: I want to scan a number of different ports, not a range. What can I do? A: Select "Use ports ranges list", then enter any number of ports and/or ports ranges. Q: I scan a number of computers every day and it's very annoying to have to enter the IP's each time I start the IP Scanner. Is there some way around this? A: Yes, click the "save" button after selecting the checkbox labelled "use group of ranges", then save your list of IP's. After that you can either manually load these IP's with a few mouse clicks, or configure the Options->General->Auto-load IP's list so they will load automatically each time the program starts. Q: I can't see any ports under the "ports" branch. It just says something like "4 opened, 64 closed". How can I see what ports are opened? A: Select "Show open ports" and "show closed ports" on the toolbar (you can use these to configure what ports you wish to see). If you de-select these, you will see no details. Q: My list is empty after a scan. What is wrong? A: Be sure to select "show alive computers", "show dead computers" and "show unknown computers" on the toolbar (the pressed position). If you tell the program to show nothing, the list will be empty. Q: Scanning is too slow! A: Try increasing the number of threads. With 64 threads you can scan about 1000 ports a second - actually a very high value. Q: When I start a scan, Windows freezes or works very slowly and the program interface is almost frozen too! A: You might have used too many threads. Try setting a lower value.