logo

Port scanner service description

Some basics you may not know

How do devices successfully transfer big chunks of different data over the network conncetion?

In the client–server model of application architecture multiple simultaneous communication sessions may be initiated for the same service. Usually, few services or applications run at the same time. Therefore, multitasking and high transfer rate are provided to us. How do computers manage it? The network ports is the key factor here.

What is a network port?

A network port is a virtual point where network connections start and end. Ports are software-based and managed by a computer's OS. Each port is associated with a specific process or service. Ports allow computers to easily differentiate between various kinds of traffic: emails go to a different port than webpages, despite the fact both reach a computer over the same Internet connection. Ports are standardized across all network-connected devices, with each port assigned a number.

What is a port number?

A port number is an integer number (1 to 65535) of 16-bit size which helps devices to identify a specific service or application to which an internet or other network message should be forwarded when it arrives at a server. They are assigned automatically by the OS, manually by the user or is set as a default for some popular applications. Port numbers are mainly used in TCP and UDP based networks and are always associated with an IP address of a host:

There are 65,535 possible port numbers, although not all are in common use. Some of the most commonly used ports, along with their associated networking protocol, are listed below:

  • Ports 20 and 21: File Transfer Protocol (FTP). FTP is for transferring files between a client and a server.
  • Port 22: Secure Shell (SSH). SSH is one of many tunneling protocols that create secure network connections.
  • Port 25: Simple Mail Transfer Protocol (SMTP). SMTP is used for email.
  • Port 53: Domain Name System (DNS). DNS is an essential process for the modern Internet; it matches human-readable domain names to machine-readable IP addresses, enabling users to load websites and applications without memorizing a long list of IP addresses.
  • Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the protocol that makes the World Wide Web possible.
  • Port 123: Network Time Protocol (NTP). NTP allows computer clocks to sync with each other, a process that is essential for encryption.
  • Port 179: Border Gateway Protocol (BGP). BGP is essential for establishing efficient routes between the large networks that make up the Internet (these large networks are called autonomous systems). Autonomous systems use BGP to broadcast which IP addresses they control.
  • Port 443: HTTP Secure (HTTPS). HTTPS is the secure and encrypted version of HTTP. All HTTPS web traffic goes to port 443. Network services that use HTTPS for encryption, such as DNS over HTTPS, also connect at this port.
  • Port 500: Internet Security Association and Key Management Protocol (ISAKMP), which is part of the process of setting up secure IPsec connections.
  • Port 3389: Remote Desktop Protocol (RDP). RDP enables users to remotely connect to their desktop computers from another device.
The Internet Assigned Numbers Authority (IANA) maintains the full list of port numbers and protocols assigned to them.
Note that once a service is running on a certain port, you can't run other services on it. For example, starting Apache after you’ve already started NGINX on port 80 will lead to a failed operation because the port is already in use.

Are open network ports serve for the good, though?

The term "open port" refers to a TCP or UDP network port number that is configured to accept packets of data. A port that rejects connections or ignores all packets is a closed port respectively.
Well... Mostly, they do. But open ports could be dangerous when the service listening on the port is misconfigured, unpatched, vulnerable to exploits, or has poor network security rules. Of particular danger are wormable ports which are open by default on some operating systems. For example, the SMB protocol was exploited by a zero-day exploit called EternalBlue that resulted in the WannaCry ransomware worm. It means that attackers use open ports to find potential exploits and they look for a publicly accessible port via port scanning Read more.

Portscanning, what does it stand for?

Port scanning is a process, when a special port scanning tool (a port scanner) sends client requests to a range of server port addresses on a host to find open/active ports and any vulnerabilities in received data. In most cases port scanning is not used for attacking or hacking but rather for indentifying services which are available on a remote machine.

A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify the security policies of their networks as well by cyberattackers to identify network services running on a host and exploit vulnerabilities. Read more. Port sweeping is a process of scanning several hosts for a specific listening port. It is typically used to search for a certain service, on a certrain port. For example, an SQL-based computer worm may be looking for hosts listening on TCP port 1433.

Why am I reading about cyberattacks and open port vulnerabilities here?

Roxy-WI is capable of discovering security risks through port scanning and, therefore, can prevent possible network attacks.

Go to TOP

About Roxy-WI Port scanner

Since version 4.5.3 Roxy-WI provides the opportunity to scan a remote system for open ports. Scanning is performed on demand, not regularly. Due to the irregular frequency it is impossible to track changes and make sure that all unnecessary ports are closed.

Since version 5.1.0 Roxy-WI has a service which tracks all open ports, compares them, keeps history and notifies you if any changes occur. You now have up-to-date information about the network status of your servers.


Go to TOP

How Roxy-WI Port scanner works

Roxy-WI Port scanner uses SYN scan:

SYN scan is another form of TCP scanning. Rather than using the operating system's network functions, the port scanner sends raw IP packets itself and waits for responses. This scan type is also known as "half-open scanning", because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with an RST packet, closing the connection before the handshake is completed. If the port is closed but unfiltered, the target will instantly respond with an RST packet.

The use of raw networking has several advantages, giving the scanner full control of the packets sent and of the timeout for responses, and allowing detailed reporting of the responses. There is debate over what type of scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection. However, the RST during the handshake can cause problems for some network stacks, in particular for simple devices like printers. There are no conclusive arguments either way.

The port scanning service scans the remote systems (the one this option is enabled for) every 5 minutes by default.

Go to TOP

Installation


For Port scanner service installation you should run:

Read here how to start using rpm.

Go to TOP

Notifications about open and closed ports

The Port scanner can send you notifications via Roxy-WI when a port on the selected server changes the state from open to close or vice versa. To enable this function, select Monitoring-Port scanner in the main menu and tick the Notify checkbox:

Port scan history

You may also enable the history for the Port scanner by ticking the Keep history checkbox. It may be helpful for future debugging:


Go to TOP

Was this article helpful?

Yes, thanks!

You may also be interested in:

How to scan open ports

SMON service

Go to TOP
Go back