Port Scanner

Hey hey,

This is my first post, also i am new to c programming so if i make a mistake or if i've posted this in the wrong section or something please correct me ;P.

So at tech today i was reading an online c manual and thought it would be pretty cool make to a half decent proggy.

Here is what I wrote and i was wonder if someone could give me afew links or some explain source code to me on how port scanning works.

Code:

#include <iostream>

using namespace std;

int checkPort()
{
    // Loop scans port 3 times
	int i = 3;
	while (i > 0){
		// Scan port; 
		// record results in;
		--i;
	}
}

int main()
{
	// Inputs port number
	int iPort;
	cout << "Enter port you want to scan: ";
	cin >> iPort;

	// Scans the port
	checkPort();

	// Prints result
	cout << "Port Result: " << endl;
	cout << "1. " << endl;
	cout << "2. " << endl;
	cout << "3. " << endl;

	system("Pause");
	return 0;
}

What I need help with is how i would go about scanning a port in the while loop.

Cheers in advance.

Well... If you're new to C, maybe you jumped a little too far ahead.

- If you're planning to scan a remote machine for open ports, you will need to send packets.
To send packets you will need to learn network programming, sockets; I suggest you read this document first: beej.us/guide/bgnet/output/print/bgnet_A4.pdf

- Now to the interesting part, the scanning itself.
Nmap, in my opinion is the best scanner on the network, it's open source and applies different simple and complex methods to scan a remote machine, read about them here:
http://insecure.org/nmap/nmap_doc.html

Please note, that for 90% of the methods you will need to go a lot deeper, and be able to construct your own raw packets: Raw socket/network programming.

- I would also suggest you learn about networking, how the whole thing works.
The structure of the TCP/IP, how the packet travels from one machine to another.
What kind of devices are there on the network, what do they do with the packet, etc.

- And one last thing, get yourself a good sniffer, I suggest Ethereal.
You will thank me once you start working...

Goodluck.

it may intrest you to know that the code you posted is c++ and not c.

Originally Posted by kryptkat

it may intrest you to know that the code you posted is c++ and not c.

details, details

Devil Panther thanks you alot for your reply. I have used WPE sniffer before due to my laziness in online games ^_^. ill read these link u gave to me and try to understand them .

To tell you the truth, the material is not hard... But without any knowledge in Networking it might be a little difficult.

BTW, here is a link to Raw Socket/Network Programming:
http://www.madchat.org//coding/c/c.r...raw_socket.txt

Anyway, good luck.

hear a good book on network programming call: Unix network programming by W.Richard Stevens.

That's quite a strange piece of code as the inputted port number is never passed to the function responsible of scanning the port.
Port scanning is pretty simple, connect to the remote adress at the specified port. Was the connection successful? If so then the port is open for business and you close the connection. Otherwise it's closed or an error occurred. To find out which check the error messages, a "Connection Refused" would mean that the port is closed.

Originally Posted by OnionKnight

That's quite a strange piece of code as the inputted port number is never passed to the function responsible of scanning the port.
Port scanning is pretty simple, connect to the remote adress at the specified port. Was the connection successful? If so then the port is open for business and you close the connection. Otherwise it's closed or an error occurred. To find out which check the error messages, a "Connection Refused" would mean that the port is closed.

This method is logged.
plus it's slow like hell.

Originally Posted by Devil Panther

This method is logged.

So? You are only using this as an exercise in network programming anyway, aren't you? Or perhaps to test your own server for security. In both cases, logging doesn't matter.


RIGHT?

Originally Posted by Devil Panther

This method is logged.
plus it's slow like hell.

Maybe opening multiple sockets (in unblocking mode) and use select() to listen them is the fastest way. (if you consider the source of first version of nmap, this is the method used).

And, in insecure.org you can find information about port scanning.

Originally Posted by fnoyan

Maybe opening multiple sockets (in unblocking mode) and use select() to listen them is the fastest way. (if you consider the source of first version of nmap, this is the method used).

And, in insecure.org you can find information about port scanning.

my friend, nmap went a long way since the fist version;
And it's here to teach us more, as you said... and as I said a few posts back.

As for the Logging, if you really wish to test your own logging, then you'll be doing a horrible job because if you really believe that the people who want to attack your poor network are going to scan you with traditional methods then you have another thing coming. ENJOY!