A software utility, used by hackers as well as system testers and software engineers, to determine if a particular TCP service is running on a particular host system. In a typical configuration the port scanner will scan through all of the "well known ports" (port numbers up to 1024) in the TCP protocol, in order to elicit a response from the server. The scanner works on the principle that if the port is open on the server then some form of response will be forthcoming. The method is used to 'enumerate' or list the services running that may be targets for some form of exploitation.
Many firewall and other security systems will watch for multiple rapid requests from a single host to connect to target ports and will report this suspicious behavior to the system administrator. For this reason a second generation of port scanners known as 'Stealth Scanners' was created. Stealth scanners will attempt to disguise the scan either by conducting it very slowly over a long period of time, or perhaps sending some request other than a connection request in order to confuse the target.