In computer networking, a port is a communication endpoint. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port is identified for each transport protocol and address combination by a 16-bit unsigned number, known as the port number. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
A port number is always associated with an IP address of a host and the type of transport protocol used for communication. It completes the destination or origination network address of a message. Specific port numbers are reserved to identify specific services so that an arriving packet can be easily forwarded to a running application. For this purpose, the lowest-numbered 1024 port numbers identify the historically most commonly used services and are called the well-known port numbers. Higher-numbered ports are available for general use by applications a nd are known as ephemeral ports.
Ports provide a multiplexing service for multiple services or multiple communication sessions at one network address. In the client–server model of application architecture, multiple simultaneous communication sessions may be initiated for the same service.
A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify the security policies of their networks as well by attackers to identify network services running on a host and exploit vulnerabilities.
Port scanning is a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port; this is not a nefarious process in and of itself. In most cases port scanning is not used for attacking or hacking but for determiningservices available on a remote machine.
Portsweeping is scanning multiple hosts for a specific listening port. The latter is typically used to search for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433.
Roxy-WI allows to detectwhich ports are open and what are closed. Thus port scanning mitigates the risk that possible vulnerabilities pose and prevents from network attacks.
Since version 4.5.3 Roxy-WI provides the opportunity to scan a remote system for open ports. Scanning is performed on demand, not regularly. Due to the irregular frequency it is impossible to track changes and make sure that all unnecessary ports are closed.
Since version 5.1.0 Roxy-WI has a service which tracks all open ports, compares them, keep shistory and notifies you if there are any changes. You now have up-to-date information about the network status of your servers.
Roxy-WI Port scanner uses SYN scan:
SYN scan is another form of TCP scanning. Rather than using the operating system's network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as "half-open scanning", because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with an RST packet, closing the connection before the handshake is completed. If the port is closed but unfiltered, the target will instantly respond with an RST packet.
The use of raw networking has several advantages, giving the scanner full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses. There is debate over which scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection. However, the RST during the handshake can cause problems for some network stacks, in particular simple devices like printers. There are no conclusive arguments either way.
The port scanning service scans the remote systems for which this option is enabled every 5 minutes by default.
For Port scanner service installation you should run:
Read here how to start using rpm.
The Port scanner can send you notifications via Roxy-WI when a port on the selected server changes the state from open to close or vice versa. To enable this function, select Monitoring => Port scanner in the main menu and set the Notify checkbox in the settings of the server:
You may also enable the history for the Port scanner so that it start to collect open and closed ports. It may be helpful for future debugging: