Vulnerability scanners - Port scanning

Port scanning

A "vulnerability scanner" (sometimes called a "network analyzer") is a utility program that makes it possible to perform a security audit on a network by scanning for open ports on a given machine or an entire network. The scanning process uses probes (requests) that make it possible to determine the services that are running on a remote host.

Such a tool makes it possible to determine security risks. In general, with this type of tool, it is possible to launch an analysis over a range or a list of IP addresses in order to fully map a network.

How a scanner works

A vulnerability scanner is capable of determining the ports that are open on a system by sending successive requests to the various ports and analyzes the responses to determine which ones are active.

By thoroughly analyzing the structure of TCP/IP packets received, advanced security scanners are sometimes able to determine the remote machine's operating system as well as the versions of applications associated with the ports and, when applicable, to recommend necessary updates - this is referred to as version characterization.

Two methods are generally used:

  • The active acquisition of information involves sending a large number of packets having characteristic headers that are usually not in line with the recommendations and analyzing the responses to determine the version of the application used. Since all applications implement protocols slightly differently, this makes it possible to distinguish them from one another.
  • The passive acquisition of information (sometimes called passive scanning or non-intrusive scanning) is much less intrusive and therefore less likely to be detected by an intrusion detection system. Its operating principle is similar, except that it involves analyzing the fields of IP datagrams circulating on a network by using a sniffer. Passive version characterization analyzes changes in field values over a series of fragments, which requires a much longer analysis time. This type of analysis is therefore extremely difficult and sometimes even impossible to detect.

Why a scanner is useful

Security scanners are extremely useful tools for system and network administrators, letting them monitor the security of the computer population they are responsible for.

Conversely, this tool is sometimes used by hackers to determine flaws in a system.

More information

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Vulnerability scanners - Port scanning », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (

Subscribe To Our Newsletter!

The Best of CCM in Your Inbox

Subscribe To Our Newsletter!