for FREE

The Hardscan was designed to be a brute-force local netstat replacement. Hardscan is a local netstat replacement that scans for open ports the hard way: by binding to each of them and attempting to handshake with itself.

It is meant to be useful in a situation where you may have been rooted, rendering the output of netstat and other security tools untrustworthy. If the program is unable to handshake with itself, for whatever reason (perhaps something intercepted the handshake, perhaps something was already running on that port, etc) it is an indicator that tcp or udp port being checked is already in use.

Although this could be a virus, trojan or hacker connection, it is also quite possible that it is a legitimate connection. As the "Ephemeral" high-numbered ports are scanned as well, there is a chance that any outgoing activity (for instance browsing the web while the scan is running) will be picked up.

Of particular note in this program is "--fast" mode. In this state, the scanner does not attempt to handshake with itself, and thusly is not detecting as rigorously. In theory the OS could be lying to the scanner and simply saying that the socket was opened succesfully, but in practice most trojans are not going to be that sophisticated. Fast mode trades off this verification in order to run much, much, much faster.