Re: Port function and scanning



Volker Birk wrote:


The port concept is used by different network protocols. A port scanner
usually is used for TCP traffic, because there is an algorithm to
determine wether there is a process "listening" on the "port" (using a
socket or an XTI connection into the kernel with this maintenance
number). Port scanners are more seldomly used for UDP, because there is
no algorithm for this case for UDP.


There is.
no reply -> open or filtered
ICMP Destination Unreachable :: Port Unreachable -> closed
UDP reply -> definitely open

ICMP by contrast has no port concept at all. And any port scanning
system, which claims to implement "ICMP port scanning", is nonsense
(like the Symantec trash).

ICMP has message codes and subcodes, which are essentially similar to ports.
Still using the term "port" is, of course, wrong.
.