Port scanning refers to the systematic exploration of networked computing systems. The goal of port scanning is to identify active services and associated information. Although this technique is often employed by malicious actors to locate vulnerable systems within a network, port scanning is also a legitimate method employed by IT professionals to troubleshoot network issues and maintain system security. In the case of the latter, cybersecurity practitioners use port scanning catalog exposed systems, identify potential misconfigurations, or test controls that may be running on a system. Existing literature has thoroughly established a taxonomy for port scanning. The taxonomy maps the types of scans as well as techniques. In fact, there are several tools mentioned repeatedly in the literature. Those are Nmap, Zmap, and masscan. Further, the presence of multiple tools signals that how a port scanner interacts with target systems impacts the output of the tool. In other words, the various tools may not behave identically or produce identical output. Yet, no work has been done to quantify the efficacy for these popular tools in a uniform, rigorous manner. Accordingly, we used a comparative experimental protocol to measure the accuracy, false positive, false negative, and efficiency of Nmap, Zmap, and masscan. The results show no difference between port scanners in general performance. However, the results revealed a statistically significant difference in efficiency. This information can be used to guide the selection of port scanning tools based on specific needs and requirements. As well, for researchers, the outcomes may also suggest areas for future work in the development novel port scanning tools.

翻译：端口扫描是指对联网计算系统的系统性探测。其目标在于识别活跃服务及相关信息。尽管该技术常被恶意行为者用于定位网络中的脆弱系统，但端口扫描也是IT专业人员排查网络问题、维护系统安全的合法手段。就后者而言，网络安全从业者通过端口扫描来编目暴露的系统、识别潜在配置错误，或测试系统上运行的防护机制。现有文献已建立了完善的端口扫描分类体系。该分类模型既涵盖扫描类型也涉及扫描技术。事实上，领域内反复提及数种工具，即Nmap、Zmap和masscan。此外，存在多种工具这一事实表明：端口扫描器与目标系统的交互方式会影响其输出结果。换言之，不同工具的行为模式与输出结果可能并不一致。然而，目前尚无研究以统一、严谨的方式量化这些主流工具的效能。为此，我们采用对照实验协议，测量了Nmap、Zmap和masscan的准确率、误报率、漏报率及效率。结果显示各端口扫描器的整体性能无显著差异，但效率存在统计意义上的显著差异。该结论可指导根据具体需求选择端口扫描工具。同时，对研究人员而言，这些发现也揭示了新型端口扫描工具开发领域的未来研究方向。