Problems with connect and select...

[scrappy]

See below for most recent message

I'm attempting to make a "multithreaded" port scanner that uses the select function (instead of creating new threads). It's being developed with C using the Winsock API on the Windows 2000 platform. I'm using MSVC++6. The problem (I believe) is in the scan_list() function (located in sockets.c). I try to call connect on each of the sockets located in the list and -1 is returned everytime. I tried calling WSAGetLastError and it returns 10035 everytime.

error code 10035 - Resource temporarily unavailable.

This error is returned from operations on nonblocking sockets that cannot be completed immediately, for example recv when no data is queued to be read from the socket. It is a nonfatal error, and the operation should be retried later. It is normal for WSAEWOULDBLOCK to be reported as the result from calling connect on a nonblocking SOCK_STREAM socket, since some time must elapse for the connection to be established.

Maybe I'm just thick, but I'm rather confused on how to fix this. I've ran through the program many times with the debugger and everything seems ok (aside from the connect() calls). I've attached the MSVC++6 project if anyone would like to take a look at it and try to help me out.

Thank you!

[anonytmouse]

You're not doing anything wrong. As the socket is non-blocking connect() returns immediately with the value WSAEWOULDBLOCK instead of waiting for the connect to succeed or timeout as a blocking socket would do. WSAEWOULDBLOCK tells you that the operation is pending.

You then check the results of the connect() calls with a call to select(). This checks if each socket is ready to be written to. If a socket can be written to then the connect() call must have succeeded and you output the ip address to file.

You probably also want to output the port number to the file.

Is there something wrong with the output of your program?

You probably want the line after connect to look something like:

Code:

if (dummy == SOCKET_ERROR) {
	if (WSAEWOULDBLOCK == WSAGetLastError())
		printf("Connect() is pending...\n");
	else
		printf("Connect() failed with error %d.\n", WSAGetLastError());
}

[scrappy]

hmm.. Well, then it must be something else I'm having problems with. I've tried running a test scan against like 192.168.1.1 to 192.168.1.255, but nothing shows up, even if I have a port open. I intentionally started the telnet server on my computer to test, but for some reason it doesn't work and the open port goes undetected. Could you test it on your own machine to see if it is only a local problem I am having? I guess I'll go through the debugger some more to see if there's anything I can do.

Thanks for your help

Sean

[anonytmouse]

OK, I found the problem.

I was trying to scan port 1025.

First I put this above the connect() call to check that we were trying the correct address and port.

Code:

printf("## Checking ip %s\n", inet_ntoa(tmp->sock.sin_addr));
printf("## Port number is %d\n", ntohs(tmp->sock.sin_port));
printf("## Reversed Port number is %d\n", tmp->sock.sin_port);

That gave:

## Checking ip 192.168.0.21
## Port number is 260
## Reversed Port number is 1025

Obviously, something is wrong with the port number. It seems to be reversed.

So in the add_to_sock_stuff function I put:

Code:

printf("## port number is now %d\n", port);

This gives:

## port number is now 260

So we can see the port number being passed to add_to_stock_stuff is already reversed. We then reverse it again:

Code:

socks->sock.sin_port = htons(port);

which gives us the wrong value.

Essentially, we are passing the port number to htons twice which is equivalent to not calling htons at all.

You can trace back from add_to_stock_stuff to find the first time that ntohs is called on the port number. One of the ntohs calls must be removed.

On a different issue, you could make the interface a little simpler. You should give a sample command line in your usage instructions. Also, maybe if only the start ip address and port number is specified, you could just scan that one computer.

Let me know how you get on.

P.S Run 'netstat -a' to find open ports on your computer. No need to install telnet.

[scrappy]

*muah!*

Woohoo! Thank you very much!

As for the commandline stuff, this is only a very early version. So I will eventually have all that cool stuff (hopefully), like scan multiple ports, single host, hosts from a file, ports from a file, etc. Just need to get the basic framework Thanks again! And I'll let you know how it works out.

Sean