Port Scanning

Port scanning is one of the most fundamental techniques in both offensive and defensive cybersecurity. It involves systematically probing a target system's network ports to determine which ones are open, closed, or filtered. Each open port represents a running service that could potentially be exploited if it contains vulnerabilities.

Common port scanning techniques include TCP SYN scans (half-open scans), TCP connect scans, UDP scans, and more advanced methods like FIN, XMAS, and NULL scans. Tools such as Nmap are widely used for this purpose and offer a range of scanning options, OS fingerprinting, and service version detection.

From a defensive standpoint, organizations should minimize their attack surface by closing unnecessary ports, employing firewalls to filter traffic, and using intrusion detection systems to identify scanning activity. Regular internal port scans help security teams maintain an accurate inventory of exposed services and detect unauthorized changes. Network segmentation further limits the impact of a successful scan by restricting lateral movement within the network.