Imagine owning a house with twenty doors.

Every night before going to bed, you walk around checking each door to ensure it is locked.

Now imagine a stranger doing the same thing.

The difference is that you are checking your own doors for security, while the stranger is checking them for weaknesses.

That simple analogy explains port scanning.

Port scanning is one of the most misunderstood topics in cybersecurity. Mention the term, and many people immediately think of hackers sitting in dark rooms launching attacks against unsuspecting victims.

The reality is far more interesting.

Port scanning itself is not illegal, malicious, or dangerous. In fact, network administrators, cybersecurity analysts, penetration testers, and ICT professionals use port scanning every day to identify vulnerabilities before attackers do.

However, cybercriminals also use the same technique to discover weak systems.

The difference lies in the intention.

As an ICT professional and networking enthusiast, I have found that many students understand IP addresses, routers, and switches but struggle to understand how attackers actually find vulnerable systems. The answer often begins with port scanning.

Before a cybercriminal attempts to exploit a server, steal data, or deploy malware, they first need information.

Port scanning helps them gather that information.

Understanding how it works is essential for anyone interested in networking, cybersecurity, ethical hacking, or system administration.

What Is a Port?

Before discussing port scanning, we must first understand ports.

A port is a logical communication endpoint used by applications and services to exchange information across a network.

Think of an IP address as an apartment building.

The port number is the apartment number.

Without a port number, data would not know which application it should reach.

For example:

IP Address: 192.168.1.10

This identifies the device.

But which service should receive the traffic?

Port 80   → Web Traffic (HTTP)
Port 443  → Secure Web Traffic (HTTPS)
Port 25   → Email
Port 53   → DNS
Port 22   → SSH
Port 3389 → Remote Desktop

The combination of an IP address and a port uniquely identifies a service.

Why Ports Exist

Modern computers run multiple services simultaneously.

A single server may host:

• Websites

• Email services

• Databases

• Remote administration services

• File-sharing systems

Ports help organize these services.

Without them, network communication would be chaotic.

For example:

www.techknowsolution.co.ke

typically communicates through:

Port 443

Because HTTPS uses that port by default.

What Is Port Scanning?

Port scanning is the process of checking ports on a device to determine which services are available and accessible.

The goal is usually to identify:

• Open ports

• Closed ports

• Filtered ports

• Running services

• Potential vulnerabilities

Think of it as knocking on doors.

A response indicates someone is behind the door.

No response may indicate the door is locked or protected.

Why Port Scanning Matters

Most cyber attacks begin with reconnaissance.

Attackers rarely target systems blindly.

Instead, they gather information first.

Port scanning helps answer questions such as:

• Is a web server running?

• Is remote access enabled?

• Is a database exposed?

• Are unnecessary services accessible?

The more information an attacker gathers, the easier it becomes to identify weaknesses.

The same information also helps defenders secure their systems.

My Experience With Port Scanning

When students first encounter networking tools, they are often surprised by how many services are running on their own devices.

I have seen learners scan a laboratory machine and discover:

• Remote desktop services

• Printer services

• File-sharing services

• Development tools

that they never realized were accessible.

This exercise immediately demonstrates why visibility matters.

You cannot secure what you do not know exists.

One of the first lessons in cybersecurity is understanding your attack surface.

Port scanning helps reveal that attack surface.

Common Port States

When a scanner examines a port, several outcomes are possible.

Open

 

An open port is actively accepting connections.

Example:

Port 443 Open

This usually indicates a service is running.

Examples:

• Websites

• Email servers

• SSH servers

Closed

A closed port is reachable but not accepting connections.

Example:

Port 21 Closed

This indicates no service is currently listening.

Filtered

Filtered ports are protected by security devices such as firewalls.

The scanner cannot determine whether the port is open or closed.

This is generally a good sign from a security perspective.

Common Ports Every ICT Student Should Know

Port 20/21

FTP

Used for file transfers.

Port 22

SSH

Secure remote administration.

Port 23

Telnet

Older remote management protocol.

Generally considered insecure.

Port 25

SMTP

Email transmission.

Port 53

DNS

Domain name resolution.

Port 80

HTTP

Standard web traffic.

Port 443

HTTPS

Secure web traffic.

One of the most important ports on today's internet.

Port 3389

Remote Desktop Protocol (RDP)

Commonly used for Windows remote access.

Frequently targeted by attackers.

How Port Scanning Works

A scanner sends requests to target ports.

The target responds differently depending on its configuration.

Example:

Scanner → Port 80

Response:

Port Open

or

Port Closed

The scanner records the result and moves to the next port.

This process repeats rapidly across hundreds or thousands of ports.

Common Types of Port Scans

Different scan methods exist for different purposes.

TCP Connect Scan

The simplest scan.

The scanner establishes a full connection.

Advantages:

• Reliable

• Easy to understand

Disadvantages:

• Easier to detect

SYN Scan

Often called a half-open scan.

Instead of completing the full connection, the scanner gathers enough information to determine port status.

Advantages:

• Faster

• Less noisy

Commonly used in professional security assessments.

UDP Scan

Used for services relying on UDP.

Examples:

• DNS

• DHCP

• SNMP

UDP scanning is often slower and more challenging.

Understanding Nmap

When discussing port scanning, one tool appears repeatedly:

Nmap (Network Mapper)

Nmap is one of the most widely respected network discovery tools in the world.

Security professionals use it for:

• Network mapping

• Service identification

• Asset discovery

• Security assessments

• Troubleshooting

It is widely used by:

• Cybersecurity analysts

• Penetration testers

• Network engineers

• System administrators

Understanding Nmap is valuable for anyone pursuing cybersecurity or networking careers.

How Defenders Use Port Scanning

Many people assume port scanning is exclusively a hacker activity.

That is incorrect.

Organizations regularly perform internal scans to:

• Identify exposed services

• Verify firewall rules

• Detect misconfigurations

• Inventory systems

In many environments, routine port scanning is part of standard cybersecurity practice.

How Attackers Use Port Scanning

Unfortunately, attackers use the same technique.

Before launching attacks, cybercriminals often perform reconnaissance to identify:

• Web servers

• Database servers

• Remote access systems

• Misconfigured services

The information gathered helps them select potential targets.

This is why exposed services should be minimized.

The Importance of Closing Unnecessary Ports

Every open port represents a potential entry point.

Not every open port is dangerous.

However, unnecessary services increase risk.

Best practice includes:

• Disable unused services

• Remove obsolete software

• Restrict remote access

• Review firewall rules

Reducing unnecessary exposure reduces attack opportunities.

Port Scanning and Firewalls

Firewalls play a critical role in controlling network access.

A properly configured firewall can:

• Block unwanted traffic

• Hide services

• Restrict access

• Reduce attack surfaces

One reason organizations deploy firewalls is to limit what port scanners can discover.

How Students Can Learn Port Scanning Safely

One of the best learning approaches is practicing within controlled environments.

For example:

• Virtual labs

• Local test networks

• Educational cyber labs

• Training platforms

Never scan systems you do not own or have permission to assess.

Ethical behavior is a fundamental principle of cybersecurity.

Frequently Asked Questions

Is Port Scanning Illegal?

Port scanning itself is not inherently illegal.

However, scanning systems without authorization may violate policies, regulations, or laws depending on the situation.

Always obtain permission.

Can Port Scanning Damage a Network?

Normal scans typically do not cause damage.

However, poorly configured or aggressive scans can affect performance.

Why Do Cybersecurity Professionals Use Port Scanning?

To discover services, identify risks, and verify network security.

Is Nmap Used by Both Attackers and Defenders?

Yes.

Like many security tools, Nmap itself is neutral.

Its purpose depends entirely on how it is used.

Practical Exercise

Using the Port Scanning tool available in our Interactive Cyber Lab, examine a safe test environment.

Observe:

• Open ports

• Closed ports

• Service identification

• Response differences

Ask yourself:

• Which services are actually necessary?

• Which ports would you close?

• How could a firewall change the results?

This practical approach develops far more understanding than memorizing definitions alone.

Final Thoughts

Port scanning is one of the foundational techniques in modern networking and cybersecurity.

It helps defenders understand their environments, identify unnecessary exposure, and improve security posture. At the same time, attackers use it to gather intelligence before launching attacks.

Understanding port scanning is therefore not optional for aspiring ICT professionals.

Whether you are studying networking, preparing for cybersecurity certifications, managing enterprise infrastructure, or simply curious about how the internet works, learning how ports, services, and scanners interact provides valuable insight into the digital systems we rely on every day.

The most secure networks are not necessarily the ones with the most tools.

They are the ones whose administrators know exactly what is running, where it is running, and why it is running.

Port scanning helps answer those questions.

References

• NIST Cybersecurity Framework Documentation

• CISA Network Security Guidelines

• Cisco Networking Academy Resources

• OWASP Network Security Best Practices

• Nmap Official Documentation

• Microsoft Network Security Documentation

• SANS Institute Network Reconnaissance Resources