← Back to All Scanners
Network & ProtocolInfo Severity

TCP Port Scanning Scanner

Comprehensive TCP port scanning with service detection.

Try This Scanner

What is TCP Port Scanning?

TCP Port Scanning identifies open ports on target systems by sending TCP connection requests and analyzing responses. It reveals which services are running, their accessibility, and potential entry points. Techniques include SYN scans (half-open), full connect scans, and stealth scans, each with different detection trade-offs.

Why is This Important?

Port scanning is the foundation of network reconnaissance. Open ports represent potential attack surfaces. Each open port runs a service that may have vulnerabilities. Understanding what ports are exposed—especially unexpected ones—is critical for security assessment and reducing attack surface.

How It Works

1. Network Discovery

Scans and fingerprints network services, identifying open ports, protocols, and service versions.

2. Protocol Analysis

Tests protocol implementations for misconfigurations, weak encryption, and known vulnerabilities.

3. Infrastructure Assessment

Provides comprehensive network security posture with prioritized remediation recommendations.

Key Capabilities

Enterprise network security assessment covering infrastructure, protocols, and service configurations.

  • Comprehensive port and service discovery
  • Protocol-specific vulnerability checks
  • TLS/SSL configuration analysis
  • Legacy protocol detection and assessment
  • Network segmentation validation

Frequently Asked Questions

What's the difference between SYN and connect scans?

SYN scans send only SYN packets without completing the handshake—faster and stealthier but requires raw socket privileges. Connect scans complete the TCP handshake—works without special privileges but is slower and more likely to be logged.

Which ports should I scan?

Start with top 1000 most common ports. For thorough assessment, scan all 65,535 ports. Focus on: 21 (FTP), 22 (SSH), 23 (Telnet), 25 (SMTP), 80/443 (HTTP/S), 445 (SMB), 3389 (RDP), and database ports (1433, 3306, 5432, 27017).

How do I avoid detection while scanning?

Techniques include: slow scan rates, randomized port order, fragmented packets, decoy sources, idle scans (bouncing off zombie hosts), and scanning from multiple IPs. Note: on authorized tests, stealth is less important than thoroughness.

What does a filtered port mean?

Filtered means no response—either a firewall dropped the packet or the host is down. Closed means the host responded with RST (port closed but host is up). Open means the service accepted the connection. Filtered ports may be open behind a firewall.

Related Scanners

UDP Port ScanningInfo
Learn more →
Service FingerprintingInfo
Learn more →
TLS/SSL ConfigurationMedium
Learn more →
TLS Downgrade AttacksHigh
Learn more →

Ready to secure your application?

Start testing for tcp port scanning vulnerabilities today.

Get Started Free