Port Scanner : A How to Guide

A port scanner is a program that is used in network security testing and troubleshooting. An online port scanner is a scan that is able to externally test your network firewall and open ports because it is sourced from an external IP address. It is a regular port scanner that is hosted on another system usually with an easy to use web interface.

To understand what a port scanner does we need to first understand the basics of how the network “works”. In referencing the network this could be a local area network in your home or office or it could be the Internet.

A network is compromised of systems with addresses and on those systems you have services.

The address is called an “IP Address” and the Service could be many things but is basically software that is running on the system and accessible over the network on a port number. It could be a web server, email server or gaming server.

An IP Address looks like this:

A service will run on and listen on a port
Example Ports

  • web server : port 80
  • mail server (smtp) : port 25
  • mail server (pop3) : port 110
  • game server : port 49001

There are many resources that cover the more technical details of port scanning and the different types of port scanning. We are going to stick to the basics.

The missing part of this introduction to network basics is the host name, dns record or domain name. It is a reference to the IP address using an easier to remember name. For example what is easier to remember: or www.google.com ?

When you type www.google.com into your browser you are directed via the domain name system to on port 80. The port 80 is done by the browser automatically. If you type https:// into the browser you go to a different port 443. As this is the known port for SSL traffic.

Here are some common ports that you will find when using a port scanner:

  • 25 Email (SMTP)
  • 53 Domain Name Server
  • 80 Web Server (HTTP)
  • 110 Email Server (POP3)
  • 143 Email Server (IMAP)
  • 443 Web Server (HTTPS)
  • 445 Windows Communication Protocol (File Sharing etc)
  • 8080 Proxy Server

A more complete list of ports can be found at Wikipedia.

In the diagram we have a server behind a firewall, the server is a Web Server and Mail Server. So it is listening on Port 80 and Port 25.

The Nmap port scanner is the worlds leading port scanner. It is very accurate, stable and has more options than we are going to get into here, for more information and installation instructions head over to the nmap page.

Using the Nmap Port scanner to test this IP address we find that the ports 25 and 80 are Open and allowed through the firewall. Nmap also reports that port 443 is Closed. All other ports are filtered.

Show Sample

Sample Nmap Scan from HackerTarget.com
[bash]Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-16 23:12 UTC
Interesting ports on
Not shown: 997 filtered ports
25/tcp open smtp
80/tcp open http Apache httpd
443/tcp closed https
Service Info: OS: Linux

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 64.27 seconds

We have scanned the IP Address:[/bash]

What do these nmap port scanner results mean?
Open Ports 25 and 80 are listening on the server and are allowed through the Firewall.
Closed Port 443 is not listening on the server but is allowed through the Firewall.
All other Ports Filtered: this indicates the firewall is blocking all the other ports.

From outside the firewall, a Port Scanner can test every port on the servers IP address. There are 65535 total TCP ports on every IP address.

Now that you have an understanding of what a port scanner is you can jump over to our Online Nmap Scan testing page and run a port scan against your IP address. The advantage of using our server is that it is external facing to your network and see’s what any other external attacker on the Internet will see. You can install Nmap yourself and run it against your network, you will likely see a different result to that of the external facing scan.