You are reading:
Secrets of Network Cartography: A Comprehensive Guide to nmap
Like the online e-book? You'll love the downloadable version! Buy it here!Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP) is the most used IP-based protocol on the Internet. An understanding of TCP will provide insight into the most popular protocol in networking and into the inner workings of nmap's powerful scanning engine.TCP Ports
To move data across the network, simply knowing the IP address of the end station isn't enough to complete the transfer. The cargo in the IP truck must be loaded on one end, and unloaded on the other. The originating station must also identify who will be unloading the truck on the other end, and add that information to the shipment manifest. Instead of names, networks use numbers called ports to represent the entity that will be loading or unloading the data cargo from the IP packet.
A port is a number between 1 and 65,535, and port number references are usually specific to an application. In many cases, an application's port number is a commonly known port number. For example, nearly every web server on the Internet uses port 80 to receive web traffic. Nmap knows that port 80 is rarely filtered, so it uses port 80 as test port to determine device availability.
http://www.iana.org/assignments/port-numbers
TCP is a very needy protocol. When a frame with TCP data is sent across the network to another station, the sending station must receive an acknowledgement that the data was received properly. If the sending station doesn't receive an acknowledgement after a certain time period, the data is resent in the hopes that it will make it through the second time. This process continues until either the data makes it through, or the transmission process times out.
TCP doesn't need to know how to traverse the network because it relies on IP to get the data to the other side. Once the data makes the trip across the network, TCP takes over and uses its port numbers to determine where to drop the package. It's possible that IP could properly route the data across the network and TCP would try to drop the data at the specified port, but the receiving station may not be listening on that port. The TCP data would have nowhere to go and the entire packet would be discarded.