In the context of penetration testing, Port Scanning is usually performed to identify open ports against any target machine. Open ports correspond to the networked services that are running on a system. Programming errors or implementation flaws can make these services vulnerable to attack and can sometimes lead to total system compromise.
To determine the possible attack vectors, one must first enumerate the open ports on all of the remote systems within the project’s scope. These open ports correspond to services that may be addressed with either UDP or TCP traffic. Both TCP and UDP are transport protocols.
- Transmission Control Protocol (TCP) is the more commonly used of the two and provides connection-oriented communication.
- User Datagram Protocol (UDP) is a non connection-oriented protocol that is sometimes used with services for which speed of transmission is more important than data integrity.
The penetration testing technique used to enumerate these services is called port scanning.