Port scanning in depth

Port scanning in depth

How to identify open ports to find vulnerabilities

“No wind favors him who has no destined port.”

Taught by: Peter Zsiros

Length: 4 hours

396 students
Take this course for free!

Just log in and download the course.

Port scanning is used to identify open ports and services available on a host. It is used by security technicians to audit computers for vulnerabilities, however, it is also used by hackers to explore victims.

In this course you will learn how the most popular scanning techniques work and what they are good for so that you can choose the most appropriate one (or combination) for a given task. We will also examine how port scanning can be detected by IDS/IPS systems, and how one can try to avoid them.


Other hacking courses from the same trainer, Peter Zsiros.

  • + Recommended for

    For ethical hackers, system administrators, network engineers. Also recommended for those who are preparing for security exams, since scanners are a popular topic.

  • + Prerequisites

    Basic understanding of TCP/IP networking

  • + Technical requirements

    We will use 3 virtual machines + Kali Linux
    Minimum 8 GB memory is required

  • + Acquired skills

    You will know which port scanning technique to use and when. You will be also able to discover and understand the deeper connections functioning in a network.

Curriculum and videos

Start the course for free! No credit card needed.


Section 1 - Setting up our environment

Video 1 - Setting up our test environment

As the first step we set up our test environment. (For this you can download the virtual machines and the ISO image from http://www.duckademy.com/downloads.) For this we will install Wireshark on the target machine and Nmap to the attacker machine.


Section 2 - Performing TCP connect scan (-sT)

In this part you will learn how the TCP connect scan works and what are the advantages of this type of scan. We will review its disadvantages as well.


Section 3 - Performing SYN scan (-sS)

You will learn how the SYN scan works, and what its advantages and disadvantages are.


Section 4 - Reverse scan techniques

In this part you will learn how the reverse scanning techniques (XMAS, Null, FIN, Maimon) work and how they try to identify the closed ports.


Section 5 - Performing ACK scan (-sA)

This time we will use the ACK scan to identify the filtered and unfiltered ports.


Section 6 - Spoofing identity

Video 11 - Performing ldle scan (-sl)

We will show you how a real attacker can try to cover his/her identity, or blame someone else as attacker.


Section 7 - IDS/IPS detection of port scans

We examine two widely used IDS/IPS systems, to what extent they are able to detect the previous scanning techniques with built-in/freely available rulesets.