-
Notifications
You must be signed in to change notification settings - Fork 0
Port Scanner
Arunkumar Mourougappane edited this page Oct 26, 2025
·
1 revision
Network security auditing and service discovery tool for identifying open ports and running services.
The Port Scanner is a comprehensive network security auditing tool integrated into the ESP32 WiFi Utility. It scans target devices to discover open TCP ports and automatically identifies running services, enabling network administrators and security professionals to assess network security posture and identify potential vulnerabilities.
Key Capabilities:
- TCP port scanning with service identification
- Multiple scan modes (Common, Well-Known, Custom, All Ports)
- Real-time progress tracking
- Web-based interface with intuitive controls
- Background scanning with non-blocking operation
- 25+ service identifications
A port is a communication endpoint for network connections. Devices use ports to distinguish between different services running simultaneously.
- Port Numbers: Range from 1 to 65,535
- Well-Known Ports: 1-1024 (standardized services)
- Registered Ports: 1025-49151 (registered applications)
- Dynamic Ports: 49152-65535 (temporary connections)
Open Port:
- Accepts connections
- Service is listening
- Potentially accessible from network
- May represent security risk if unintended
Closed Port:
- Refuses connections
- No service running
- Typically not a security concern
- Can still be fingerprinted
Security Assessment:
- Identify exposed services
- Find unauthorized services
- Detect misconfigurations
- Validate firewall rules
Network Inventory:
- Discover running services
- Map network topology
- Identify device types
- Track service deployment
Troubleshooting:
- Verify service availability
- Diagnose connection issues
- Confirm port forwarding
- Test firewall rules
Description: Scans 16 most frequently used ports
Duration: ~10-30 seconds
Best For:
- Quick security check
- Routine assessment
- Gateway/router scanning
- Daily monitoring
Ports Scanned:
| Port | Service | Description |
|---|---|---|
| 21 | FTP | File Transfer Protocol |
| 22 | SSH | Secure Shell (remote access) |
| 23 | Telnet | Insecure remote access |
| 25 | SMTP | Email sending |
| 53 | DNS | Domain name resolution |
| 80 | HTTP | Web server |
| 110 | POP3 | Email retrieval |
| 143 | IMAP | Email access |
| 443 | HTTPS | Secure web server |
| 445 | SMB | Windows file sharing |
| 3306 | MySQL | Database server |
| 3389 | RDP | Remote Desktop |
| 5900 | VNC | Remote desktop |
| 8080 | HTTP-Alt | Alternative web port |
| 8443 | HTTPS-Alt | Alternative secure web |
| 9100 | Printer | Network printer |
Example Output:
Target: 192.168.1.1
Ports Scanned: 16
Open: 3 | Closed: 13
Duration: 22 seconds
Open Ports Found:
- Port 80 (HTTP)
- Port 443 (HTTPS)
- Port 22 (SSH)
Description: Scans ports 1-1024 (IANA standardized)
Duration: ~10-30 minutes
Best For:
- Standard security audit
- Comprehensive server check
- Compliance scanning
- Initial assessment
Coverage: All standardized service ports including:
- File transfer (FTP, TFTP, SFTP)
- Email (SMTP, POP3, IMAP)
- Web (HTTP, HTTPS)
- Remote access (SSH, Telnet, RDP)
- Databases (MySQL, PostgreSQL, MSSQL)
- Directory services (LDAP)
- And 1000+ more
Use Case: Security audits, server hardening
Description: User-defined port range
Duration: Varies (depends on range size)
Best For:
- Targeted analysis
- Specific service discovery
- Application-specific ports
- Narrowed investigation
Configuration:
- Start Port: 1-65535
- End Port: 1-65535
- Range validation: End β₯ Start
Examples:
Web Services (8000-9000):
Finding alternative web services
Duration: ~15 minutes
Common finds: Jenkins, Tomcat, Node.js apps
Database Servers (3300-3400):
MySQL and variants
Duration: ~2 minutes
Common finds: MySQL, MariaDB, Percona
Game Servers (25000-25999):
Gaming services and Minecraft
Duration: ~15 minutes
Common finds: Various game servers
Description: Complete scan of all 65,535 ports
Duration: ~8-12 hours
Best For:
- Complete security assessment
- Forensic investigation
- Compliance requirements
- Annual comprehensive audit
Considerations:
β οΈ Very time-consuming (plan overnight)β οΈ High network load (avoid on production)β οΈ May trigger alerts (IDS/IPS systems)β οΈ Requires patience (10+ hours typical)
Best Practice: Run during maintenance window, review results next day
Navigate to: http://<device-ip>/portscan
From main dashboard:
- Click Analysis Dashboard
- Select "π Port Scanner" from dropdown
- Or click Port Scanner card
IP Address Input:
- Default: Gateway IP (auto-detected)
- Format:
XXX.XXX.XXX.XXX - Validation: Checks valid IPv4 format
- Placeholder: Shows current gateway
Scan Type Dropdown:
- Common Ports (Fast) β Recommended
- Well-Known Ports (1-1024)
- Custom Range
- All Ports (1-65535)
Custom Range Inputs (appears when Custom selected):
- Start Port: Minimum port (1-65535)
- End Port: Maximum port (1-65535)
- Real-time validation
Start Scan Button:
- Purple gradient styling
- Initiates scan
- Disables during active scan
- Validates inputs before starting
Stop Scan Button:
- Red styling
- Immediately halts scan
- Only enabled during scanning
- Preserves partial results
Real-time Information:
Scanning port 1024 of 1024 (100%)
[ββββββββββββββββββββ] 100%
Open: 5 | Closed: 1019
Duration: 15 minutes 32 seconds
Progress Bar:
- Animated gradient fill
- 0-100% completion
- Color: Purple theme
- Updates every second
Column Layout:
| Port | Service | Status |
|---|---|---|
| 22 | SSH | OPEN |
| 80 | HTTP | OPEN |
| 443 | HTTPS | OPEN |
Features:
- Port number (sortable)
- Service name (auto-identified)
- Status badge (green "OPEN")
- Scrollable results
- Summary count
Results Summary:
β Scan completed in 22 seconds
Found 3 open ports on 192.168.1.1
Security Warnings:
β οΈ Only scan devices you own or have permissionβ οΈ Unauthorized scanning may violate lawsβ οΈ Port scanning generates network trafficβ οΈ Full scans take considerable time
Best Practices:
- Use Common Ports for quick checks
- Schedule comprehensive scans appropriately
- Document authorization
- Comply with organizational policies
The Port Scanner automatically identifies 25+ common services:
| Port | Service | Description |
|---|---|---|
| 80 | HTTP | Standard web server |
| 443 | HTTPS | Secure web server |
| 8080 | HTTP-Proxy | Alternative HTTP port |
| 8443 | HTTPS-Alt | Alternative HTTPS port |
| Port | Service | Description |
|---|---|---|
| 22 | SSH | Secure Shell |
| 23 | Telnet | Insecure remote access (legacy) |
| 3389 | RDP | Remote Desktop Protocol (Windows) |
| 5900 | VNC | Virtual Network Computing |
| Port | Service | Description |
|---|---|---|
| 25 | SMTP | Mail sending |
| 110 | POP3 | Mail retrieval |
| 143 | IMAP | Mail access |
| 465 | SMTPS | Secure SMTP |
| 587 | SMTP-Submission | Mail submission |
| 993 | IMAPS | Secure IMAP |
| 995 | POP3S | Secure POP3 |
| Port | Service | Description |
|---|---|---|
| 1433 | MSSQL | Microsoft SQL Server |
| 1521 | Oracle | Oracle Database |
| 3306 | MySQL | MySQL/MariaDB |
| 5432 | PostgreSQL | PostgreSQL Database |
| 6379 | Redis | Redis Cache/Database |
| 27017 | MongoDB | MongoDB NoSQL Database |
| Port | Service | Description |
|---|---|---|
| 20 | FTP-Data | FTP data channel |
| 21 | FTP | File Transfer Protocol |
| 445 | SMB | Windows file sharing |
| Port | Service | Description |
|---|---|---|
| 53 | DNS | Domain Name System |
| 9100 | Printer | Network printer service |
Endpoint:
GET /portscan/start?ip=<target>&type=<scan_type>[&start=<port>&end=<port>]
Parameters:
-
ip: Target IP address (required) -
type: Scan type (required)-
common: Common ports scan -
well-known: Ports 1-1024 -
all: All ports 1-65535 -
range: Custom range (requires start/end)
-
-
start: Start port (required for range) -
end: End port (required for range)
Examples:
Common ports scan:
/portscan/start?ip=192.168.1.1&type=common
Custom range:
/portscan/start?ip=192.168.1.50&type=range&start=8000&end=9000
Well-known ports:
/portscan/start?ip=192.168.1.100&type=well-known
Response:
{
"success": true,
"message": "Scan started"
}Endpoint:
GET /portscan/stop
Response:
{
"success": true,
"message": "Scan stopped"
}Endpoint:
GET /portscan/status
Response (Scanning):
{
"state": "running",
"targetIP": "192.168.1.1",
"totalPorts": 16,
"portsScanned": 8,
"currentPort": 80,
"openPorts": 2,
"closedPorts": 6,
"progress": 50,
"duration": 15,
"ports": [
{
"port": 22,
"service": "SSH"
},
{
"port": 80,
"service": "HTTP"
}
]
}Response (Completed):
{
"state": "completed",
"targetIP": "192.168.1.1",
"totalPorts": 16,
"portsScanned": 16,
"openPorts": 3,
"closedPorts": 13,
"progress": 100,
"duration": 22,
"ports": [
{
"port": 22,
"service": "SSH"
},
{
"port": 80,
"service": "HTTP"
},
{
"port": 443,
"service": "HTTPS"
}
]
}State Values:
-
idle: No scan active -
running: Scan in progress -
completed: Scan finished -
error: Scan encountered error
Endpoint:
GET /portscan/api?gateway=1
Response:
{
"gateway": "192.168.1.1"
}Use: Auto-populate target IP field
Polling for Updates:
let pollInterval;
function startScan() {
const ip = document.getElementById('targetIP').value;
const type = document.getElementById('scanType').value;
fetch(`/portscan/start?ip=${ip}&type=${type}`)
.then(response => response.json())
.then(data => {
if (data.success) {
// Start polling for status
pollInterval = setInterval(updateStatus, 1000);
}
});
}
function updateStatus() {
fetch('/portscan/status')
.then(response => response.json())
.then(data => {
// Update progress bar
document.getElementById('progress').style.width = data.progress + '%';
// Update results table
updateResults(data.ports);
// Stop polling if completed
if (data.state === 'completed') {
clearInterval(pollInterval);
}
});
}Scenario: Verify router isn't exposing unnecessary services
Steps:
- Navigate to
/portscan - Use default gateway IP
- Select "Common Ports (Fast)"
- Click "Start Scan"
- Review results
Expected Results (secure router):
- Port 80 (HTTP) - OPEN β (web interface)
- Port 443 (HTTPS) - OPEN β (secure web)
- All others - CLOSED β
Security Concerns (if found open):
- Port 23 (Telnet)
β οΈ - Insecure, should be disabled - Port 21 (FTP)
β οΈ - Insecure, use SFTP instead - Port 3389 (RDP)
β οΈ - Shouldn't be exposed externally
Scenario: Check web server for standard and alternative ports
Steps:
- Enter server IP:
192.168.1.50 - Select "Custom Range"
- Start Port:
80 - End Port:
9000 - Start scan
- Review web-related ports
Expected Finds:
- 80 (HTTP) - Primary web
- 443 (HTTPS) - Secure web
- 8080 (HTTP-Alt) - Development/proxy
- 8443 (HTTPS-Alt) - Alternative secure
Scenario: Verify database ports are not externally accessible
Steps:
- Enter database server IP
- Select "Common Ports"
- Start scan
- Check for database ports
Security Assessment:
- MySQL (3306) OPEN
β οΈ - Should only be internal - PostgreSQL (5432) OPEN
β οΈ - Restrict to app servers - MongoDB (27017) OPEN
β οΈ - Critical security risk - Redis (6379) OPEN
β οΈ - Should be firewalled
Remediation: Configure firewall to block external access
Scenario: Find IoT devices and their services
Steps:
- Scan common IoT device IPs
- Use "Common Ports" scan
- Identify open ports
- Cross-reference with known IoT services
Common IoT Ports:
- 80/443 - Web interface
- 8080 - Alternative web
- 1883 - MQTT
- 5353 - mDNS
- 9100 - Printer/IoT device
Scenario: Create inventory of services on network
Process:
- List all network IPs
- Scan each with Common Ports
- Document open ports
- Identify services
- Create network map
Documentation Format:
Device: 192.168.1.1 (Router)
- Port 80 (HTTP) - Web interface
- Port 443 (HTTPS) - Secure web
Device: 192.168.1.50 (Server)
- Port 22 (SSH) - Remote access
- Port 80 (HTTP) - Web server
- Port 443 (HTTPS) - Secure web
- Port 3306 (MySQL) - Database
Legal Requirements:
- Own Devices Only: Only scan devices you own
- Written Authorization: Get permission for third-party devices
- Organizational Policy: Comply with company security policies
- Local Laws: Check regulations in your jurisdiction
- Terms of Service: Respect network/ISP policies
Prohibited Activities:
- Scanning public internet without permission
- Unauthorized penetration testing
- Malicious intent scanning
- Violating computer fraud laws
Legal Frameworks:
- USA: Computer Fraud and Abuse Act (CFAA)
- UK: Computer Misuse Act 1990
- EU: GDPR considerations
- Industry: PCI-DSS, HIPAA compliance requirements
Considerations:
Traffic Generation:
- Each port = 1 TCP connection attempt
- Common scan (16 ports) = minimal impact
- Full scan (65535 ports) = significant traffic
- May trigger bandwidth alerts
System Load:
- Target system processes connection attempts
- May cause temporary CPU/memory spike
- Firewall logs all attempts
- IDS/IPS systems may trigger
Best Practices:
- Off-Peak Scanning: Schedule during low-usage times
- Gradual Scanning: Use Common Ports first
- Inform IT Staff: Notify before scanning
- Monitor Impact: Watch for performance issues
- Throttle Scans: Don't run multiple simultaneous scans
Your Scan Will Be Logged:
- Firewall logs show connection attempts
- IDS/IPS systems may alert
- Target systems log connections
- SIEM systems capture events
- Network flow monitors record traffic
Reducing Detection:
- Scan during authorized maintenance
- Use slower scan rates (not yet implemented)
- Scan only necessary ports
- Document authorization
If Vulnerabilities Found:
-
Document Findings:
- Port number
- Service identified
- Risk level assessment
- Reproduction steps
-
Notify Stakeholders:
- System owner
- IT security team
- Management (if critical)
-
Allow Remediation Time:
- 30-90 days typical
- Varies by severity
- Follow coordinated disclosure
-
Follow-up:
- Verify fixes
- Rescan to confirm
- Update documentation
-
Do Not:
- Publicly disclose before fix
- Exploit vulnerabilities
- Share with unauthorized parties
TCP Connection Test:
// Simplified scan logic
WiFiClient client;
client.setTimeout(1000); // 1 second timeout
bool isOpen = client.connect(targetIP, port);
if (isOpen) {
// Port is open - service accepting connections
String service = getServiceName(port);
client.stop();
} else {
// Port is closed or filtered
}Scanning Process:
- Initialize WiFi client
- Set connection timeout (1000ms default)
- Attempt TCP connection to port
- Record result (open/closed)
- Identify service if open
- Close connection
- Move to next port (10ms delay)
| Scan Type | Ports | Duration | Speed | Network Load |
|---|---|---|---|---|
| Common | 16 | 20s | Fast | Low |
| Well-Known | 1,024 | 15min | Medium | Medium |
| Custom (100) | 100 | 2min | Medium | Low |
| Custom (1000) | 1,000 | 15min | Medium | Medium |
| All Ports | 65,535 | 10hrs | Slow | High |
Timing Breakdown:
- Connection attempt: 1000ms timeout
- Delay between ports: 10ms
- Service identification: <1ms
- Result storage: <1ms
Optimization:
- Non-blocking background operation
- Main loop continues during scan
- Web interface remains responsive
- Other features available during scan
Per Port Result:
struct PortInfo {
uint16_t port; // 2 bytes
bool isOpen; // 1 byte
String service; // ~20 bytes (average)
uint32_t responseTime; // 4 bytes
};
// Total: ~27 bytes per open portScan State:
- Configuration: ~100 bytes
- Results structure: ~200 bytes
- Open ports list: 27 bytes Γ number of open ports
- Typical memory: <5KB for most scans
Symptoms:
- Click "Start Scan" - nothing happens
- Error message displayed
Causes & Solutions:
-
Not Connected to WiFi
- Check WiFi status
- Connect to network first
- Verify IP address assigned
-
Invalid IP Address
- Check IP format (XXX.XXX.XXX.XXX)
- Verify target is on same network
- Try gateway IP first
-
Scan Already Running
- Stop current scan
- Wait for completion
- Refresh page
-
Invalid Port Range
- Ensure Start Port β€ End Port
- Verify ports in range 1-65535
- Check for typos
Symptoms:
- Scan completes successfully
- Results show 0 open ports
Causes & Solutions:
-
Target Has Firewall
- Most secure devices block scans
- Expected behavior for hardened systems
- Try scanning known-open device (router)
-
Wrong IP Address
- Verify target IP is correct
- Ping target to confirm reachability
- Check for typos
-
Network Segmentation
- Device may be on different subnet
- VLAN isolation preventing access
- Firewall between segments
-
All Services Disabled
- Target may have no services running
- Headless/minimal installation
- Expected for some IoT devices
Verification Steps:
1. Ping target: ping 192.168.1.1
2. Try browser: http://192.168.1.1
3. Scan gateway (known to have ports open)
4. Check network connectivitySymptoms:
- Progress bar barely moving
- Hours for small scan
- Timeouts
Causes & Solutions:
-
Network Congestion
- Wait for network to clear
- Scan during off-peak hours
- Reduce concurrent traffic
-
Slow Target Response
- Target may be slow/overloaded
- Expected for some devices
- Consider smaller port range
-
WiFi Signal Weak
- Check signal strength
- Move ESP32 closer to AP
- See Signal Strength Monitor
-
Large Port Range
- Use Common Ports instead of All Ports
- Break into smaller ranges
- Schedule overnight for full scan
Symptoms:
- Scan stops mid-way
- Partial results displayed
- State shows error
Causes & Solutions:
-
WiFi Disconnected
- ESP32 lost connection
- Reconnect and retry
- Check WiFi stability
-
Target Became Unreachable
- Target powered off
- Network issue occurred
- Verify target availability
-
ESP32 Reset/Crashed
- Check serial logs
- Look for errors
- Report bug if reproducible
False Positives (Port shown open but isn't):
- Rare with TCP connect scan
- May be firewall behavior
- Verify with manual connection test
False Negatives (Port shown closed but is open):
- Timeout too short (adjust in code)
- Firewall silent drop (appears closed)
- Slow service startup
- Try increasing timeout
1. Planning Phase:
- β Obtain written authorization
- β Define scan scope (which devices/ports)
- β Choose appropriate scan type
- β Schedule scan window
- β Notify relevant personnel
- β Document baseline expectations
2. Execution Phase:
- β Start with Common Ports scan
- β Note all open ports found
- β Identify services automatically detected
- β Flag unexpected services
- β Document security concerns
- β Take screenshots of results
3. Analysis Phase:
- β Compare results to baseline
- β Identify unnecessary services
- β Assess risk level (Critical/High/Medium/Low)
- β Research vulnerabilities for services
- β Create prioritized findings list
- β Develop remediation recommendations
4. Remediation Phase:
- β Close unnecessary ports
- β Update firewall rules
- β Disable unused services
- β Apply security patches
- β Verify changes with rescan
- β Update documentation
5. Documentation Phase:
- β Scan results report
- β Findings summary
- β Remediation actions taken
- β Before/after comparison
- β Updated network diagram
Recommended Frequencies:
| System Type | Scan Frequency | Scan Type |
|---|---|---|
| Critical Infrastructure | Weekly | Common Ports |
| Production Servers | Monthly | Well-Known Ports |
| Development Systems | Monthly | Common Ports |
| End-user Devices | Quarterly | Common Ports |
| IoT Devices | Bi-weekly | Common Ports |
| After Changes | Immediate | Appropriate range |
| Annual Audit | Yearly | All Ports |
Compliance Requirements:
- PCI-DSS: Quarterly external/internal scans
- HIPAA: Regular security assessments
- SOC 2: Continuous monitoring
- ISO 27001: Risk-based scanning
Use Common Ports Scan When:
- β Quick security check needed
- β Scanning network gateway/router
- β Daily/weekly monitoring
- β Low-risk assessment
- β Time-constrained
Use Well-Known Ports When:
- β Standard security audit required
- β Server hardening verification
- β Compliance scanning
- β Initial comprehensive check
- β Quarterly assessment
Use Custom Range When:
- β Specific application ports known
- β Targeted investigation
- β Application-specific audit
- β Known port ranges to check
- β Minimizing scan time
Use All Ports When:
- β Complete forensic investigation
- β Annual comprehensive audit
- β Suspected backdoor/trojan
- β Compliance requirement
- β Time not constrained (overnight)
Access Path:
- Navigate to home dashboard
- Click "Analysis Dashboard" card
- View Port Scanner card (purple theme)
- Click "Open Port Scanner" button
Dashboard Card Shows:
- Last scan target IP
- Number of open ports found
- Quick access button
- Purple gradient styling
Currently, port scanning is web-only. Future versions may add serial commands:
# Future commands (not yet implemented)
> portscan <ip> common
> portscan <ip> range 8000 9000
> portscan status
> portscan stopRelated Use: Check signal strength before scanning
- Poor signal = slow scan
- See Signal Strength Monitor
- Ensure -60 dBm or better
Complementary Tools:
- Port scan finds services
- Performance Testing tests service quality
- Combined assessment = complete picture
ESP32 Port Scanner:
- β Integrated web interface
- β No external tools needed
- β Real-time progress display
- β Service identification
- β TCP connect scan only
- β No stealth scanning
- β Limited port range timing
nmap:
- β Multiple scan techniques (SYN, ACK, UDP)
- β OS fingerprinting
- β Advanced timing control
- β Scripting engine (NSE)
- β Requires installation
- β Command-line interface
- β External device needed
Use Case:
- ESP32 Scanner: Quick built-in checks, web-based
- nmap: Professional comprehensive audits
Planned Features (roadmap):
- Serial Commands: CLI access to port scanner
- UDP Scanning: Detect UDP services
- Service Version Detection: Identify service versions
- Scheduled Scans: Automatic periodic scanning
- Scan Profiles: Save common scan configurations
- Export Results: JSON/CSV export capability
- Comparison Mode: Before/after scan comparison
- Scan History: Store last 10 scan results
- Alert System: Notify on unexpected open ports
- Batch Scanning: Multiple IPs in sequence
Web: 80, 443, 8080, 8443
SSH: 22
FTP: 21, 20
Email: 25, 110, 143, 465, 587, 993, 995
Database: 3306, 5432, 1433, 27017, 6379
Remote: 3389, 5900, 23
Other: 53, 445, 9100
-
Port Scanner Page:
http://<device-ip>/portscan -
Status API:
http://<device-ip>/portscan/status -
Start Scan:
http://<device-ip>/portscan/start?ip=X.X.X.X&type=common
- Navigate to
/portscan - Use default gateway IP
- Select "Common Ports"
- Click "Start Scan"
- Review results (~30 seconds)
- β 80 (HTTP) - Web interface
- β 443 (HTTPS) - Secure web
β οΈ 22 (SSH) - Only if enabled- β 23 (Telnet) - Should be closed
- β 21 (FTP) - Should be closed
Feature Version: v4.3.0
Status: Stable
Dependencies: WiFi connection required
### π External Links
GitHub Repository β’ Report Issues β’ Discussions
ESP32 WiFi Utility v4.2.0 β’ MIT License β’ Β© Arunkumar Mourougappane
Version: 4.2.0
License: MIT