Port scanning is the process of connecting to TCP and UDP ports for the purpose of finding what services and applications are open on the target device.  Once open, applications or services can be discovered. At this point, further information is typically gathered to determine how best to target any vulnerabilities and weaknesses in the system.

That is the process of enumeration, finding find what services are running, versions, open shares, account details, or possible points of entry.  One such target is SMB. While SMB makes it possible for users to share files and folders, SMB offers access on Windows computers via the IPC$ share.  This share, the IPC$, is used to support named pipes that programs used for interprocess (or process-to-process) communications. Because named pipes can be redirected over the network to connect local and remote systems, they also enable remote administration.

Want to learn more about ethical hacking?

Port knocking is a rather esoteric method of preventing session creation with a particular port. Port knocking is not currently implemented by default in any stack, but we may soon see patches to permit the use of knocking protocols.
The basis of port knocking is the digital analog of the secret handshake. Through the use of timing, data sent with SYN packets, number of SYN packets sent, sequence of ports hit, and other options, a client authorizes itself to access a port.
While useful for obscuring the existence of a port, port knocking is simply another layer of authentication. Links can still be saturated through DoS attacks, RST attacks can still kill connections, and sessions can still be hijacked and sniffed.
A paranoid system administrator may care to use a port knocking daemon to add an extra layer of security to connections, but securing the connection through a PKI certificate exchange is much more likely to yield tangible security benefits.
 

As you might guess, the name “nmap” implies that the program was ostensibly developed as a network mapping tool. Well, as you can imagine, such a capability is attractive to the folks that attack networks, not just network and system administrators and the network support staff. Of all the tools available it is nmap that people just seem to keep coming back to. The familiar command line interface, the availability of documentation, and the generally competent way in which the tool has been developed and maintained, are all attractive to us. Nmap performs a variety of network tricks. To learn more check out the NMAP tutorial.