In the cybersecurity world, testing for the existence of exploitable vulnerabilities isn’t always an exact science.
Checking for open ports (CIS Control 9 - Limitation and Control of Network Ports, Protocols and Services) sounds simple enough, but the reality is a long way off.
Each protocol, like HTTP for web services or RDP for Microsoft Terminal Services, have a default port assigned. The port number is just another level of addressing so that connections to an IP Address can be paired up with the underlying service.
Read this article written by NNT CTO, Mark Kedgley, on InfoSecurity Magazine