computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...

s, a service scan identifies the available network services by attempting to initiate many sessions to different

applications Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a c ...

with each device in a target group of devices. This is done by sending session initiation packets for many different applications to open ports on all of the devices specified in the target group of devices. This scan is done across a wide range of TCP, UDP (and other

transport layer In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end ...

protocols if desired such as SCTP). A service scanner will identify each device it finds along with the services that it finds on the

ports A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as H ...

that it scans. Most user-based network services are intended to be found by users. As an example, a web service may be made available on TCP port 80 on a device. TCP/80 is the standard port for

HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide We ...

and users would be able to access the content of that web server, the

website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wi ...

, by directing their

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...

s to that device where the user would be able to view the

home page A home page (or homepage) is the main web page of a website. The term may also refer to the start page shown in a web browser when the application first opens. Usually, the home page is located at the root of the website's domain or subdomain. ...

of the website. However, a web service may be opened on a different port, where different content may be shared. This may be in an attempt to hide some content from ordinary users and only to provide it to users who know how to access the web service on the nonstandard port. A port scan will be able to identify that a port is open on the device, but may not be able to determine what service is being offered on that port. A service scan of that device will be able to determine that the port is open and that it is a web service. Service scanners can be set to target a single device, but they are more often set to target a large number of devices. For example, a service scanner may be configured to scan a

subnet A subnetwork or subnet is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to the same subnet are addressed with an identical ...

. A service scanner may also be configured to scan standardized, well-known, and otherwise unused ports and will attempt to initiate sessions to many known services for each port. This is different from a port sweep that will only identify open ports, which are assumed to be associated with the default service for that port. The difference is that a port scan and a port sweep will detect that a device has a port open and would assume that the port is associated with the service normally associated with that port. However, a service scanner would verify that the service is actually associated with that port, or would attempt to find and report the application actually associated with that port on the device.

Information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

personnel may perform service scans to reduce risk. For example, a service scanner may be configured to only search for

Microsoft SQL Server Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which ...

s on TCP ports from 1 to 50,000 on all of the devices in an enterprise private network. If the service scanner only finds the MSSQL service running on known and authorized servers at TCP/1433 (the assigned port) then they can be reasonably sure that there are no unauthorized SQL servers in their network. Tools such as

nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provide ...

and nessus may be used for this purpose. On the other hand, a network attacker may use a special type of service scanner, known as a

vulnerability scanner A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detecti ...

, to find devices that have not been

patched Patched (Ptc) is a conserved 12-pass transmembrane protein receptor that plays an obligate negative regulatory role in the Hedgehog signaling pathway in insects and vertebrates. Patched is an essential gene in embryogenesis for proper segme ...

to find a known

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

. An attacker may also use a service scanner to find open administrative ports such as

Telnet Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet contr ...

on TCP/21 and

SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on ...

on TCP/22. Once an attacker finds those ports they may then attempt to gain access to those devices by guessing usernames and passwords.

References

{{DEFAULTSORT:Service Scan Computer network security

See also

References