Network analyzers (sniffers)

Vulnerability scanners - Port scanning

Buffer overflow
Gli scanner di vulnerabilità - Scansione di porte Os "scanner" de vulnerabilidades - Scanne de portas Vulnerability-Scanner - Port Scanning Les scanners de vulnérabilités - Balayage de ports Escáneres de vulnerabilidad: Análisis de puertos

Port scanning

A "vulnerability scanner" (sometimes called a "network analyzer") is a utility program that makes it possible to perform a security audit on a network by scanning for open ports on a given machine or an entire network. The scanning process uses probes (requests) that make it possible to determine the services that are running on a remote host.

Such a tool makes it possible to determine security risks. In general, with this type of tool, it is possible to launch an analysis over a range or a list of IP addresses in order to fully map a network.

How a scanner works

A vulnerability scanner is capable of determining the ports that are open on a system by sending successive requests to the various ports and analyzes the responses to determine which ones are active.

By thoroughly analyzing the structure of TCP/IP packets received, advanced security scanners are sometimes able to determine the remote machine's operating system as well as the versions of applications associated with the ports and, when applicable, to recommend necessary updates - this is referred to as version characterization.

Two methods are generally used:

  • The active acquisition of information involves sending a large number of packets having characteristic headers that are usually not in line with the recommendations and analyzing the responses to determine the version of the application used. Since all applications implement protocols slightly differently, this makes it possible to distinguish them from one another.
  • The passive acquisition of information (sometimes called passive scanning or non-intrusive scanning) is much less intrusive and therefore less likely to be detected by an intrusion detection system. Its operating principle is similar, except that it involves analyzing the fields of IP datagrams circulating on a network by using a sniffer. Passive version characterization analyzes changes in field values over a series of fragments, which requires a much longer analysis time. This type of analysis is therefore extremely difficult and sometimes even impossible to detect.

Why a scanner is useful

Security scanners are extremely useful tools for system and network administrators, letting them monitor the security of the computer population they are responsible for.

Conversely, this tool is sometimes used by hackers to determine flaws in a system.

More information



Last update on Thursday October 16, 2008 02:43:15 PM.This document entitled « Vulnerability scanners - Port scanning » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.
Best answers for « Vulnerability scanners Port scanning » in :
[Networking] Sharing a Unix* scanner Show[Networking] Sharing a Unix* scanner Step 1 Step 2-Windows client Here it is, you have purchased a wonderful scanner and you have got it to work under Linux. (This is not the purpose here: ( You can also post (s) in your Windows...
Word 2007 inserting an image from a scanner ShowWord 2007 inserting an image from a scanner Issue Solution Issue How to insert an image from a scanner in a Word 2007 document? Solution To insert an image from a scanner into a Word 2007 document, follow these steps: Start Word...
[Windows XP] Using the scanner without restarting Windows Show[Windows XP] Using the scanner without restarting Windows If you start Windows XP and you turn on your scanner after, normally you will not be able to use it. It will require that you restart Windows to use your scanner. To avoid...
The Scanner ShowThe Scanner A scanner is an acquisition peripheral for scanning documents, i.e. converting a paper document to a digital image. There are generally three types of scanner: Flat scanners let you scan a document by placing it flat against a glass...
NAT- Network address translation, port forwarding and port trigg ShowThe principle of NAT Network address translation or NAT was developed in order to respond to the shortage of IP addresses with IPv4 protocol (in time the IPv6 protocol will respond to this problem). In fact, in IPv4 addressing the number of...
AGP bus ShowIntroduction to the AGP bus The AGP bus (short for Accelerated Graphics Port) was released in May 1997 for Slot One chipsets, then was later released for Super 7 chips in order to manage graphical data flow, which had grown to large to be...
They need your help