three Portscanner with two scanning techniques

There are three port scanners build in:

• the Port Scanner
• the Range Port Scanner
• the Route Port Scanner

Scanning technique is CONNECT scan (other side can easily see the scan) and SYNC scan (other side might not notice the scan ).

Port scans are evil!

Port Scanner

Scans for open ports at a single IP.

Range Portscanner

Scans for open ports within a range of IPs

Route Port Scanner

Scans for open ports along the traced route.

Some things about speed

The other day I tested a competing ip-range-scanner. It was fast. Very fast. And at first I thought I did something very wrong in my implementation.

But a closer look revealed the differences: first, the fast scanner uses more parallel tests. And second the fast scanner simply made a lot of 'errors'.

But why 'errors' in quotes? Because it uses a different technique: it only pings the host.

But as we have seen, pings are not very reliable. They can be dropped at the host, they can be dropped on the route. So not getting back an answer does not really mean that there is nothing.

3d Traceroute with its CONNECT scan uses a different approach: it creates a tcp connection and tries to connect to selected ports. This is very reliable: if connected, you can be sure that there is something. And if not connected, you can almost be sure, that there is nothing.

And more parallel tests? Won't work if you are behind a connection limiting router. Or if your operating system limits connections.

But you see the drawbacks, too. It is slow, because it needs a timeout value that is multiple times bigger than a ping reply.