Port scanner 101: An introduction to network ports and port scanning

Port scanning is an integral part of every network admin's list of day-to-day network tasks. It offers insights into how your network is being connected, accessed, and used. It helps you understand your network infrastructure and enhance your network security. From mapping connected devices to listing services running in a host, port scanners help you better manage your network infrastructure.

In this page, we will be looking into the basics of port scanning, covering the following topics.

  • Types of ports in your network
  • What is a port scanner?
  • How does a port scanning work?
  • What can you get from a port scan?

Types of ports in your network

A port can be an interface or physical connection that enables communication between different entities in your network. There are different types of ports which enable connectivity. For example, you can connect your external mouse or speakers through a USB port. Your external camera can be connected through your HDMI ports. While most of these ports do not require stringent monitoring in general, the switch ports and computer ports require continuous port scanning to prevent network issues.

What are switch ports?

The docking points in network switches are called switch ports. These ports facilitate network communication by allowing data cables from different network components to be connected to it. Once the data cables are connected, the switch enables communication by forwarding the data packets using the packet switching technique. The forwarded data packets then transmit the messages from one network entity to another. These network entities can be devices, in which case the communication happens between network devices i.e., within the network. Or, one of the connected cables() could be an internet data cable connecting the devices to the outer network.

In both cases, it is important to deploy a port scanner to monitor the ports to map them to their connected devices, identify the type of port connection, and track crucial metrics such as its availability and utilization.

Types of switch port connections

Based on the type of connections switch ports enable, they are classified as:

  • Access ports : These ports are used when the switch is to be used by a specific Virtual Loca Area Network (VLAN), connected devices cannot or need not identify the VLAN tags or when VLAN member separation is not mandatory. The communication frames within this link are untagged.
  • Trunk ports : These ports enable communication to and from different VLANs in the network. They help utilize the trunk link mechanism by enabling switches to be connected with other switches and routers in the network. The VLAN communication frames are tagged for unique identification when they are forwarded between switches.
  • Hybrid ports : While these ports also allow communication to and from different VLANs, unlike trunk ports, they support both tagged and untagged VLAN communication frames. This way, these switch ports are used to connect a switch to a computer or to another switch or router.This can be used in places where you are uncertain if the connecting network entity supports tagged frames or not.

The connection types can be illustrated in a sample network as shown below.

What are computer ports?

Also called host side ports, these ports enable the flow of information between different applications, services, or the internet and the computers in your network. Unlike in switch ports, data is transferred without a physical point of attachment or hardware, such as data cables. The communication is carried out based on port numbers and port services.

  • Port number : This uniquely identifies the different ports in your network and are numbered in the range from 0-65,536. The ports numbered from 0-1023 are called well-known ports as they have a service assigned to them by default by the Internet Assigned Numbers Authority.
  • Port services : These are computational services such as FTP, SNMP, HTTP, and SMTP running on a particular ports. As stated above, the well-known ports are by default assigned to run a specific service only. For example, port 21 runs FTP service, port 23 runs Telnet service, and more. They are referenced in the network using the host device's IP address and the port number they are running on.

What is a port scanner?

A port scanner tool can scan network ports to identify their connectivity details, and display the results to the user in real time. This tool plays an important role in improving network security as it provides complete visibility and control over network ports. Since ports play a crucial part in enabling network communication, the visibility offered by network port scanners help you identify unauthorized port access, malicious services running in them, and block suspicious ports.

Port scanners also play an important role in analyzing network resource usage. It scans your network ports and displays the number of available ports, used ports, and device details for accessing a port such as its IP and MAC addresses. This helps you better track resource usage and enhance capacity planning.

How does a port scanner work?

Based on the network architecture and network requirements, port scanners use different protocols to scan.

For switch ports

Traditionally, network admins relied on broadcast pings from first hop routers, routers' arp entries, and native commands to check all the devices in their network responding to a ping, and use the list of MAC addresses to determine which switch port each device is connected to. This tedious process requires dedicated time and effort, and is more impractical as the network scales.

Switch port mappers help easily avoid this hassle. Once you specify the switches to be monitored, the switch port mapper continually queries the switch using network protocols such as SNMP and displays the scan results.

Computer ports or host side ports

These ports can be scanned using different scanning techniques such as Ping, FTP bounce, proxy, idle, ACK, SYN, or FIN scanning techniques. In general, on specifying the address range, a port scanner sends a network packet sequentially to each port within the specified address range. Based on the response received from the ports, it determines their status. Let's have a look into two of the commonly used scanning techniques,

  • Ping Sweeps : This ICMP-based scanning technique scans the given IP or an IP address range by sending an echo request. If the target sends an ICMP reply, then this scan determines that the target is up.
  • UDP Scanning : This connection-less protocol determines the port status by sending a network packet to the target. Based on the response received from each target, it determines the target's status.This is a commonly used technique for UDP ports in the network.

What do you get from a port scan?

Once a port scanner has scanned your network ports, it displays the following details:

Switch port scans

On scanning switch ports, you can view insights such as:

  • Switch port mapping details : Understand what switch is connected to what port.
  • Availability : Check if a particular port is being used or is available to establish a new connection.
  • Status : Inspect if an occupied port is up or down.
  • Connection type : Track whether a port is connected to a device, truncated, or connected to a virtual address.
  • Connected device detail : View the MAC address and IP address of the devices connected to a port. If the port is truncated or is connected to multiple MACs, view all the connected devices' details.
  • Networking aspects : Scan details such as the interface ID, VLAN ID, associated DNS names, and more.

Computer ports or host side port scans

Scanning computer ports with a port scanner displays details such as:

  • Status of the port :On conducting a scan, depending on the reply received and the services running, port scans display status of the ports as,
    • Open : A service is listening on the port.
    • Closed : Any connection request is denied by the port.
    • Filtered : There is no reply from the port.
  • Port services : If a service is running on a port, the port scan displays to you the name of the service.

These results help you better understand your network ports. However, computer ports can be easily exploited, increasing your network's risk vector since these port scan results can also be obtained by external attackers scanning your network. This makes it important that you deploy an effective switch port mapping and port scanning solution in your network to stay ahead of issues and threats.

Take control of your network ports with OpUtils

Looking for a reliable port scanner for your network? Try ManageEngine OpUtils, an enterprise-grade solution that offers network resource monitoring capabilities along with port scanning. The Switch Port Mapper module gives you complete control over your network switches. Providing centralized visibility, it enables simpler management with the Port View option that graphically displays the switch port connections. Enhance capacity planning and stay ahead of network issues with granular reports and instantaeous alerts. Download a free, 30-day trial or schedule a personalized live demo with our product experts to explore all the effective features OpUtils provides.