Thread: My TCP Port Scanner in C

This is a simple port scanner coded in c. It uses a simple socket and a for loop. The port scanner uses TCP Connect to check whether the port is opened or closed.

This is for beginners who are trying to grasp simple sockets in C.

By the way this is for linux platform you can easily compile this on win32 using cygwin.

Code:

/* A TCP port scanner created by billy www.softhardware.co.uk*/

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdlib.h>
#include <errno.h>


/* Main programs starts*/
int main(int argc, char **argv)
{
   int   sd;         //socket descriptor
   int    port;         //port number
   int   start;         //start port
   int    end;         //end port
   int    rval;         //socket descriptor for connect   
   char    responce[1024];      //to receive data
   char   *message="shell";       //data to send
   struct hostent *hostaddr;   //To be used for IPaddress
   struct sockaddr_in servaddr;   //socket structure
   
   if (argc < 4 )
   {
      printf("------Created By www.Softhardware.co.uk-----------\n");
      printf("--------------------------------------------------\n");
      printf("Usage: ./tscan <IPaddress> <Start Port> <End Port>\n");
      printf("--------------------------------------------------\n");
      return (EINVAL);
   }
   start = atoi(argv[2]);
   end   = atoi(argv[3]);
   for (port=start; port<=end; port++)
   {

         //portno is ascii to int second argument     

   sd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); //created the tcp socket
   if (sd == -1)
   {
     perror("Socket()\n");
     return (errno);
   }   

   memset( &servaddr, 0, sizeof(servaddr));

   servaddr.sin_family = AF_INET;
   servaddr.sin_port = htons(port); //set the portno
   
   hostaddr = gethostbyname( argv[1] ); //get the ip 1st argument
   
   memcpy(&servaddr.sin_addr, hostaddr->h_addr, hostaddr->h_length);
     
   //below connects to the specified ip in hostaddr
   
 

   rval = connect(sd, (struct sockaddr *) &servaddr, sizeof(servaddr));
   if (rval == -1)
   {
   printf("Port %d is closed\n", port);
   close(sd);
   }
   else
   printf("Port %d is open\n",port);
   
   close(sd);         //socket descriptor
   }
   
}

What if theres a daemon running an UDP connection?

and you shouldn't put the socket() into the for loop, because each time another port is opened, and it's more needless overhead

oh and before I forget, control reaches end of non-void function
you should add an return(0); to the end

aside from those, I think your example might suit well for someone who's new to socket programming
It's quite simple, and short, which makes it clear.
But, like dwks already said, make over your identation for better readability.
Someone who's new might not recognise, where the loops/nestings start and end

If you're planning on expanding the portscanner, you could add a parser for /etc/services, to look if a port needs to be probed for TCP, UDP or both.

To make an effective port scanner you would need to make use of multiple threads. In each thread it creates a socket, sets it to NON-blocking mode, calls the connect function (which should return straight away because of non-blocking) and then use the select function with a timeval of about 10 seconds to check wether it connected or not.

Is it possible that all ports (1000-16000) are closed on 127.0.0.1?