A Comparative Performance of Port Scanning Techniques

Abstract

Cyberattack has its effect on businesses and private systems every day and it has risen tremendously. Port scanning is the first step taken by attackers before an attack is deployed. It is employed to identify the targeted host’s IP addresses, network devices and services running which later be used to determine the server locations and diagnose security levels of the victim by revealing the presence of security measures in place such as firewall between the server and the network devices. There have been several papers presenting the performance of port scanning techniques. However, the impact on host's performance has not yet been done. In this research, a comparative study of port scanning techniques is proposed to evaluate their impact on the scanned hosts performance using Zabbix. The goal of this research is to identify the difference of port scanning techniques and their strategies in probing the targeted host. Three scanning techniques are compared namely TCP SYN, TCP Connect and UDP scan. Several experiments have been conducted using NMAP, Unicornscan, Netcat, Apache2 web server and Zabbix running in virtual machine (VM) environment. Of the three port scanning techniques, TCP SYN scan has the least impact on the targeted scanned host with average response time of 0.69ms for a single scan and 0.421ms for 100 scans. UDP scan has the most impact on the targeted scanned host with average response time of 10.84ms for a single scan and 6.71ms for 100 scans.