< // LAB_DASHBOARD

Port Scanner

PROBING COMMON SERVICE PORTS // SOURCE: BROWSER WEBSOCKET

The Foundations of Port Scanning and Network Security

Within IP networking, a **port** is a software-defined channel endpoint used by an operating system to direct incoming traffic to specific services or applications. A total of 65,535 TCP and UDP ports are available per IP address. They are generally categorized into three ranges: Well-Known Ports (0–1023, used for standard core protocols like HTTP and SSH), Registered Ports (1024–49151, used by specific applications), and Dynamic/Private Ports (49152–65535).

A port scanner is a diagnostic tool that systematically sends packet requests to various ports on a target IP host. By checking the server's responses, network engineers and security auditors can identify which channels are open, helping them secure service exposures against vulnerability exploits.

How Scanning Sequences Detect Open Ports

Traditional desktop port scanners (like Nmap) probe ports by building customized TCP or UDP packets directly. They send SYN packets to check for half-open handshakes (SYN-ACK responses) or complete standard TCP connections.

However, because standard web browsers run inside a secure sandbox without raw socket permissions, browser-based port scanners must use alternative web protocol sequences. They achieve this by triggering connections via standard WebSocket endpoints (new WebSocket('ws://target:port')) or resource requests (like <img> tags). The script measures the time it takes for the browser to reject or timeout the connection: an instant reset suggests a closed port, a delayed timeout indicates a filtered port behind a firewall, and a distinct socket handshake or validation indicates an open service.

Common Exposed Services and Vulnerabilities

Exposing service ports to the public internet presents significant security risks. Vulnerable services running on standard open ports are frequent targets for automated brute-force attacks:

PORT SCANNER FAQ

What is a network port?

A network port is a virtual communication channel endpoint on a computer. Operating systems use port numbers (ranging from 0 to 65535) to route incoming internet traffic to the appropriate service or application (e.g. web traffic to port 80/443).

How does a browser-based port scanner probe local hosts?

Because browsers cannot open raw TCP sockets, a web-based scanner attempts to initiate connections using HTML image loading or WebSocket calls to specific ports. By measuring how quickly the connection is refused or timed out, the scanner infers whether a service is running.

What is the difference between open, closed, and filtered ports?

An open port means an application is actively listening and accepting connections. A closed port means no service is listening, though the host is accessible. A filtered port indicates that a firewall is blocking or dropping the packets, preventing the scanner from determining its status.

Is port scanning legal?

Yes, scanning your own networks or devices for security auditing is completely legal. However, scanning external servers or systems without explicit permission can violate ISP terms of service or local computer misuse laws, as it is often seen as a precursor to a cyberattack.