Service scan

This scan is done across a wide range of TCP, UDP (and other transport layer protocols if desired such as SCTP).

Information security personnel may perform service scans to reduce risk.

For example, a service scanner may be configured to only search for Microsoft SQL Servers on TCP ports from 1 to 50,000 on all of the devices in an enterprise private network.

[8] An attacker may also use a service scanner to find open administrative ports such as Telnet on TCP/21 and SSH on TCP/22.

Once an attacker finds those ports they may then attempt to gain access to those devices by guessing usernames and passwords.