Port scanning is one of the best-known penetration testing techniques, but it has some nuances that are not as well known, and we’ll be exploring some of those in this chapter. A port is a term for a TCP or UDP endpoint. Both TCP and UDP protocols use port numbers to identify sessions and services; the combination of a local IP address and port, along with a remote IP address and port, uniquely identifies a session between a client and server.

Port numbers are represented by a 16-bit value and can range from 0 through 65535. Zero has a special meaning and can’t practically be used as a port number by a server application. By convention, port numbers below 1024 are known as reserved ports, and all others are high ports ...