Port scanning

Port scanning involves multiple computer network activities involving sending a stimulus to the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) identifiers of specific services on specific computers. It may be a perfectly legitimat operational function, or it may be part of preparation for attacks on the network or it hosts.

If an address sweep is analogous to checking if a building exists at a given street address, a port scan is closer to testing the doors to see if they are locked, or at least to see if specific apartments or rooms exist. It is good when a security guard verifies that doors are properly locked, but when

There is no single mechanism for port scanning, as different TCP and UDP services respond to different kinds of protocol messages. In the case of TCP-based services, telnet is one way to script scans, but it is more common to see specific scan methods for specific application services that run over TCP.

Simple Mail Transfer Protocol
One scan, which can be done for reasons good or ill, is trying to access the Simple Mail Transfer Protocol (SMTP) on TCP port 25. A very large amount of spam comes from broadband-connected personal computers attacked by botnets that insert SMTP servers on the machines, and use the differently-addressed to send a few spam emails each.

Internet-wide spam defense considers it inappropriate for end user computers to contain SMTP servers. This does not mean that such computers cannot have, and usually should have, SMTP clients that send to an authorized SMTP server inside their network. Network operators, and anti-spam groups, often scan end user address space looking for SMTP servers. Finding such servers strongly suggests that the machine has been compromised; SMTP traffic coming from end user address space can get an ISP blacklisted as a potential spam source.