1. In hacker reconnaissance, a port scan attempts to connect to all 65536 ports on a machine in order to see if anybody is listening on those ports. Contrast: A stealth scan attempts to evade detection. The most common kind is a TCP half-open scan which fails to complete the three-way handshake. This prevents the application listening on a port from being notified that a connection attempt has taken place, so it won't log that fact. Most "stealth" scans attempt to evade logging on the host, but this makes more distinctive signatures that intrusion detection systems can detect. Key point: Ports scans are not illegal in many places, those laws have yet to be written on the subject. The Norwegian Supreme court ruled that they are not illegal because they don't actually compromise the system. There is also the technical problem that they can easily be spoofed, so it is hard to prove guilt. There is even the third problem that virtually any machine on the Internet can be tickled into scanning somebody else; the hacker doesn't break into that third party, but triggers special conditions that causes the effect of a port scan. Controversy: Many people think that port scanning is an overt hostile act and should be made illegal. Contrast: Full port scans of all 65536 ports are rarely seen, especially since they are so obvious. Instead, hackers will strobe for just the ports he/she is interested in. These strobes are for typically fewer than 10 ports. Also, the hacker will often sweep thousands (or millions) of machines rather than a single machine looking for any system that might be vulnerable. Tool: The best tool for doing port scans is nmap from http://www.insecure.org/nmap. From Hacking-Lexicon