Port scanning is the CEH-aligned technique used to identify available access points into systems, where “access points” refers to open TCP and UDP ports and the services listening on them. In the reconnaissance and scanning phases described in CEH methodology, testers first enumerate live hosts and then perform port scanning to discover which network services are reachable, such as HTTP on 80 or 443, SSH on 22, RDP on 3389, DNS on 53, and many others. This information directly guides the next steps of analysis by revealing the attack surface: what services are exposed, which systems are running them, and which ports may permit remote interaction.
Vulnerability scanning is different because it attempts to identify known weaknesses or misconfigurations and typically requires service detection, versioning, and signature or configuration checks. It is usually performed after ports and services are discovered, not as the first method for finding “available access points.” Topology mapping focuses on understanding how the network is structured, including routing paths, device relationships, and segmentation boundaries. Network scanning is a broader term that can include host discovery and other probes, but it is less precise than port scanning for identifying the specific entry points that an attacker could use to connect.
Under ethical guidelines, port scanning is conducted with proper authorization, scoped targets, controlled timing to avoid disruption, and clear reporting of open ports, detected services, and risk implications so defenders can reduce exposure by closing unnecessary ports and hardening required services.
