A more advanced port scanner

This is a discussion on A more advanced port scanner within the C Programming forums, part of the General Programming Boards category; Hi all, I want to write a port scanner using c. In the past I' ve developed a port scanning ...

  1. #1
    Registered User
    Join Date
    Mar 2009
    Posts
    2

    A more advanced port scanner

    Hi all,
    I want to write a port scanner using c. In the past I' ve developed a port scanning program using TCP connect technique. Now I want to develop port scanner using TCP SYN scanning technique. Are there any libraries in order to make the half - open connection? Any guideline would be very thankful.

    Thanks for your time.

  2. #2
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    I doubt you're going to find help here. While port-scanning internal networks can be legal, tools exist to do such auditing, and shouldn't be a need for you to build your own.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  3. #3
    Algorithm Dissector iMalc's Avatar
    Join Date
    Dec 2005
    Location
    New Zealand
    Posts
    6,261
    As said, you will not get help to build questionably legal tools here. Regardless of what you would use the knowledge for, there are others who would see it and use it for other purposes.
    My homepage
    Advice: Take only as directed - If symptoms persist, please see your debugger

    Linus Torvalds: "But it clearly is the only right way. The fact that everybody else does it some other way only means that they are wrong"

  4. #4
    Complete Beginner
    Join Date
    Feb 2009
    Posts
    312
    It is my strong belief that access to information should be unrestricted and free (free as in free beer). There's no sense in restricting possibly harmful information for two reasons:
    1) If someone really wants to know how to do it, he'll find out. He better learns it from us.
    2) If an attacker is able to do harm to a system, it is the system's fault.

    Besides, one can learn a lot about TCP while writing a SYN "stealth" scanner. Anyway: fssp, I doubt that there are libraries to send SYN requests. Also, you can't use connect(), as it will do the whole 3-way handshake for you. If your operating system supports raw sockets, use them to send a handcrafted TCP SYN request to the target host. You will have to construct the TCP header yourself, so have a look at the corresponding RFC. Felix wrote a tiny "proof-of-concept" tutorial about SYN scans; unfortunately it's written in German, but the source code's comments are in English: http://www.zotteljedi.de/documents/Q...synscan.c.html. You won't understand it though, unless you're deeply familiar with the TCP protocol.

    For a real life example, you may want to have a look at the nmap source code. It used to be a horrible mess, but I've been told that it has been rewritten during the 2007 Google Summer of Code.

    Note that SYN scans are likely to be detected by even the simplest IDS, and that the system administrator may very well claim that you had a criminal intent as you were trying to hide the attack. Furthermore, it may be illegal in your country to do any sort of port scanning (a rather funny security measure). For experiments, try "nmap -sS -vv <target>" and use a packet analyzer to see what it does. Somewhere on the nmap website you'll also find a good tutorial about (slightly outdated) scanning techniques in general.

    Greets,
    Philip
    All things begin as source code.
    Source code begins with an empty file.
    -- Tao Te Chip

  5. #5
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    It is my strong belief that access to information should be unrestricted and free (free as in free beer). There's no sense in restricting possibly harmful information for two reasons:
    We are not denying or restricting him information, but saying that he will unlikely find help here. This information can be found in numerous places.


    1) If someone really wants to know how to do it, he'll find out.
    My point exactly. If you're going to learn at this depth, then should you really be asking a place that mostly deals in helping learn a language? Should he earn the right to this information or should we just give it to him (or her)?

    2) If an attacker is able to do harm to a system, it is the system's fault.
    According to this logic, then it's the monetary system's fault that so many US wall-street bankers abused and harmed it, unwatched.
    Last edited by neandrake; 03-22-2009 at 08:34 PM.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  6. #6
    Complete Beginner
    Join Date
    Feb 2009
    Posts
    312
    Quote Originally Posted by neandrake View Post
    If you're going to learn at this depth, then should you really be asking a place that mostly deals in helping learn a language?
    His choice of the place was a bit unfortunate. He should have asked in the networking section of this forum.

    Should he earn the right to this information or should we just give it to him (or her)?
    Just give it to him/her. For me to give answers, one doesn't need to earn a right. One may loose the right by making me unhappy.

    According to this logic, then it's the monetary system's fault that so many US wall-street bankers abused and harmed it, unwatched.
    No, it's the legislature's fault to allow questionable techniques instead of making them illegal. If this answer doesn't completely satisfy you, then it's the people's fault to give their money to inapt bankers. Furthermore, the money isn't gone, it just changed its owner... Either way, the bankers can't be blamed for legal behavior which rewarded them in the short term.


    If you feel threatened by the possibility that some newbie may do harm to your system by sending you some SYN requests, then who's to blame? If you leave your front door visibly open, would you blame the thief for stealing your stereo? I wouldn't.

    Greets,
    Philip
    All things begin as source code.
    Source code begins with an empty file.
    -- Tao Te Chip

  7. #7
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    20,968
    Okay, looks like the help given is reasonably sufficient for such a sensitive topic, so I am closing this thread.
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. FTP program
    By jakemott in forum Linux Programming
    Replies: 14
    Last Post: 10-06-2008, 01:58 PM
  2. My TCP Port Scanner in C
    By billy786 in forum Networking/Device Communication
    Replies: 5
    Last Post: 06-28-2008, 07:12 PM
  3. brace-enclosed error
    By jdc18 in forum C++ Programming
    Replies: 53
    Last Post: 05-03-2007, 05:49 PM
  4. Port Scanner
    By Stabbsy in forum Networking/Device Communication
    Replies: 11
    Last Post: 11-28-2006, 08:45 AM
  5. Basic port scanner code .. pls help ???
    By intruder in forum C Programming
    Replies: 18
    Last Post: 03-13-2003, 07:47 AM

Tags for this Thread


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21