One of the most basic elements of home security is keeping your doors locked. The same is true of computer security. Network ports are the computer equivalent of house doors. And just like doors, you have to keep unused ports closed. But with computers today running several simultaneous processes, it can be hard to keep track of everything. This is especially true with servers which typically have multiple services running. But it is not limited to servers. Any network-connected equipment could become a target for ill-intentioned people if it is left vulnerable. To make sure all unessential ports are closed, a port scanner is an invaluable tool and we’re glad to present this list of the best port scanning software tools.
Today, our exploration will begin with some background information on port scanning, what it is and why it’s needed. We’ll then talk about different types of ports that should not be confused as it seems that the word “port” is quite popular with computer engineers and several different things go by that name. Then, we’ll present our list of the top five best local port scanners. This will be followed by a few samples of cloud-based port scanners, another type of tool.
The Need For Port Scanning
Think of a house with no internal doors. There are several rooms, each with an exterior door only. If you want to go into the kitchen, you need to enter the house through the kitchen door. If you want to go into the living room, you must enter through the living room door. Typical computers are like that. They run multiple services each with its own door. Those doors are called network or IP ports. Each service running on a computer uses a different port. Some of them are standardized. For instance, port 80 is typically used for HTTP traffic, while port 20 is used for FTP or port 53 for DNS.
Every data packet that is transmitted on a network has both a destination port and a source port. The destination port will let the destination computer know to which service the data should be sent. As for the source port, the destination computer will use it as the source port for its response so that the source computer knows where to send the response when it receives it.
A typical computer can have several ports open–if not several dozens. This is especially true with servers which will typically have ports open for each service they run, even though some of these services might not be used or required. And each of these open ports is an entry point that malicious users or processes can use to gain access to a computer. Consequently, it is important that no unnecessary port remains open.
But it’s not always easy to know exactly which ports are open on a computer. Some of them are open by default with no human intervention. Some viruses could also open ports without your knowledge, allowing some unauthorized access. The best way to ensure that only required ports are open is to scan your servers and other network-attached equipment with a port scanner.
A port scanner is a software tool that will relentlessly try to connect to a computer using every possible port and report on which ones are open, closed, and stealth. A closed port will return a response that the port is closed while a stealth one won’t even respond.
Network Ports, Switch Ports, Computer Ports — Different Things That Go By The Same Name
Computer engineers seem to lack imagination. Consequently, several things in the world of computers are referred to as ports. As you know, there are IP or network ports. Those we’ve just discussed. These are the ports that the port scanning tools we’re about to present will find.
There are also switch ports, a completely different thing. Switch ports refer to the physical interfaces on network switches. There are tools that will monitor switch ports. They are a completely different type of tool and you should not get them mixed up.
A port is also the name we use for several types of interfaces on a computer. A typical computer will have USB ports, serial ports, VGA ports or HDMI ports. Older computers used to have joystick ports and printer ports. Again, these have nothing to do with network or IP ports.
Top Local Port Scanners
The first type of port scanners we’re looking at is local port scanners. Those are typically installed on a computer connected to your network and they will scan one or many IP addresses to find what network ports are open on each device. Once you run the tool and get its report, your next step is to validate that only required ports are open on each computer and to close unnecessary ones.
SolarWinds publishes some of the best network and system administration tools. It’s also famous for making useful free software to help administrators accomplish some of their tasks. Some of these were reviewed recently when we discussed the best free SCP servers or the best free TFTP servers. Today, we’re presenting another of SolarWinds’ free tools, the SolarWinds Port Scanner.
The SolarWinds Port Scanner can be used to generate a list of open, closed, and stealth ports for each scanned IP address. You can scan all IP addresses or if you prefer, a subset of them. For instance, you could decide to only scan those IP addresses used by your servers. By default, the tool will only detect well-known ports–those used by most vulnerable services–but it can be overridden to scan a custom range of port numbers or even all ports. Advanced settings allow you to be even more specific and, for instance, scan only TCP or UDP ports. Other options include the possibility to do a ping check of each discovered host, do a reverse DNS resolution to find its hostname or try to identify the OS it is running,
Scanning a large number of ports on a large number of devices can take some time. Even more so when there are many stealth ports as the tool has to wait for its request to time out before concluding the port is stealth, which could take a few seconds each. To mitigate this, the SolarWinds Port Scanner uses multithreading and will scan several ports and/or IP addresses in parallel.
Once the scan is complete, the tool returns the status of all tested devices in a list. If you’ve tested lots of IP addresses, this can be a pretty long list. But the software lets you apply filters. You could, for instance, only list devices with open ports. From that list, a click on a device will reveal details about the ports on the devices. Just like the list of IP addresses, this one can be filtered to, for example, only display open ports.
Nmap–which stands for Network Mapper–is a port scanner originally written by Gordon Lyon–aka Fyodor–that you can use to discover hosts and services on a computer network. To accomplish its magic, Nmap sends specially crafted packets to the target and analyzes their response. The tool was first published in late 1997 and has since become THE standard command-line port scanner. Originally only available on Linux, it has since been ported to several other operating systems, including Windows and OS X.
Nmap can be used to audit which network connections can be made to a device. It can also be used–to a certain extent–for network inventory, network mapping, and asset management. It is an excellent tool to use for finding–and exploiting–vulnerabilities in a network.
Nmap is a command-line utility and, as such, using it is not necessarily user-friendly and can even be cumbersome. Several GUI front-ends have been developed for Nmap, the best of them being Zenmap, also available from nmap.org. Zenmap’s user interface might not be the most sophisticated but it does a great job of making Nmap more usable.
This tool can scan all ports of all computers on your network and perform several tests on the discovered ports. You can easily limit your scan to either TCP or UDP ports. A nice feature is its “intense” scan that uses a stealth method so that the testing is usually not even logged by the tested device.
3. PortScan & Stuff
PortScan & Stuff is a free portable network scanning tool for Windows. Portable means it does not require any installation and using it is just a matter of copying it to the computer and running it. This tool will find all active devices on your network and show all open ports. It can also find additional information such as hostname or MAC address. This tool is multithreaded to improve performance when scanning larger networks. It will use up to 100 concurrent threads.
One great feature of this tool is its scanning filter. It allows one to narrow down the scanning to specific criteria such as a port number. For example, if I was to enter 3389, the port used for incoming remote desktop connections, the tool would only test for that port and, therefore, only return computers with the remote desktop port open. This is a port that you probably should not leave open unless you need it. It could provide dangerous access to an ill-intentioned individual.
PortScan & Stuff can do more than just scanning ports. It’s also got a built-in advanced ping and traceroute utilities. Its ping, for instance, can ping a computer with 3 standard-sized packets, with 3 different-sized ones, ping the computer 10 times, or ping it continuously. The results are presented on a graph that shows the distribution of response times. Furthermore, this tool can also perform DNS and Whois queries.
4. Angry IP Scanner
Next on our list is the Angry IP scanner. This is a simple tool but don’t let its simplicity fool you. It is an excellent tool and it is one of the fastest due to its use of multithreading. Scanning multiple ports–sometimes thousands–on multiple IP addresses is a long, very long process, You want to use a fast tool and this is one.
The Angry IP Scanner is a multiplatform tool available for Windows, OS X and Linux. It is written in Java so it will require the Java runtime to operate. The tool has an easy to use GUI and it will detect open, closed, and stealth ports. It will also resolve hostnames and MAC addresses to vendor names, a feature that can be useful in some specific situations. The tool also provides NetBIOS and other information about the scanned hosts.
This software can scan whole networks and subnets, IP addresses ranges or a list of IP addresses from a text file. And while it is GUI-based, a command-line version also comes with it for better scriptability. Scanning results are displayed in a tabular format and can be exported to several different file types including CSV and XML.
Andry IP Scanner is free and open-source that can be downloaded directly from Angry IP’s website. And as with other open-source tools, the full source code is available should you want to improve it.
5. MiTeC Network Scanner
Last but certainly not least is the MiTeC Network Scanner. This is another tool with some great functionality. It is, of course, a port scanner or it wouldn’t be on our list but it will also do ICMP, NetBIOS, ActiveDirectory and SNMP scans. It is also packed with advanced features. And despite being a rather advanced tool, it was made with both seasoned administrators and general users in mind. Anyone who’s interested in computer security should find a use for this scanner.
This tool will perform ping sweeps. It will also–obviously–scans for open TCP and UDP ports. And it will scan for resource shares and services. If the scanned devices are SNMP-enabled–network switches often are, for example–the MiTeC Network Scanner will detect and list their interfaces and basic SNMP properties, provided you supply the tool with the correct community string. The scan results are presented in a table on the tool’s graphical user interface. They can also be exported to a CSV file to be analyzed with some other tool.
The MiTeC Network Scanner will run on any Windows version from Windows XP to Windows Server 2016 and is available in both 32-bit and 64-bit versions.
Online Port Scanners
Online ports scanners, while doing the same basic thing as local ones, are different tools which serve a similar but different purpose. These are tools that are cloud-based and are run from a remote location, effectively testing what ports are open to your servers from the Internet. They are often simpler tools where you just enter your server’s Fully Qualified Domain Name–such as www.test.net–or public IP address and get a list of what ports are open. They are very useful in protecting your servers from malicious Internet users. Any unnecessary open port discovered by these tools should immediately be closed. Remember that hackers can use those tools as easily as you to find vulnerabilities in your systems.
There are countless online port scanners available and they all pretty much offer the same basic functionality. The list below is not a best-of list–although they are all excellent products–but rather a couple of samples of what’s available. Many more cloud-based port scanners that are just as good as those exist.
1. Pentest-Tools.com’s TCP Port Scan
Pentest-Tools.com is a website that offers lots of security-centric tests. Its TCP port scan tool requires that you enter an IP address, address range, or hostname, select a few options and launch it. You can choose to scan the 100 most common ports, a range of ports, or a comma-separated list of individual ports. The tool, which requires you to check a box confirming that you are authorized to scan that host, will return a list of all open port numbers along with the service name, the software running the service and the version number of the software, when available.
2. IPFingerPrints’ Open Port Checker & Scanner
The Open Port Checker & Scanner from IPFingerPrints is a basic yet very complete tool. It can work in two modes: Normal and Advance. In Normal mode, you only need to specify the IP address to test and a range of ports. With the Advance mode, you can pick one of seven scan types, what type of ping–if any–to perform, and a few other options. The tool will return a list of open ports at the specified IP address. Only open and closed ports are shown in the results list. This is a basic tool but it does its job very well and relatively fast.
Don’t let your equipment be the target of malicious users. Scan your network for open ports using any of the tools reviewed here. But don’t forget that scanning is just the first step in securing your equipment. You also need to make sure that only ports which are absolutely necessary remain open. Even ports that are used infrequently should be closed and only open when they are needed.