|
|
 |
|
|
Thread Tools | Display Modes |
Nov 7th, 2004, 12:20 PM
|
#1 |
|
Newbie
Join Date: Nov 2004
Posts: 1
Rep Power: 0
 |
So its my first day at programming in C with socket connection, and I have a problem. I wrote this portscanner (cause I'm a security-type guy) in C. It works orgasmically (good) inside the network.....but if I try scanning a host over the internet, it just freezes and halt on any closed port. Anyway to fix that?
Heres the code: /* Oedipus Scan, Version 1.1 * Simple port scanner in C * Works rediculously fast inside the network * Does not work over the internet * WILL get caught by most IDS systems * Updates are in development later today * Please see www.frsec.com for the latest version, etc. * * -- Oedipus, www.frsec.com * * You will never see....the horrors which I have sufffered and done */ #include <stdio.h> #include <sys/socket.h> #include <arpa/inet.h> #include <stdlib.h> #include <string.h> #include <unistd.h> int main(int argc, char *argv[]){ if(argc < 2){ printf("Usage: %s <host IP> [start port] [end port]\n\n", argv[0]); return 0; } int port, sock; double port2; char *ip; ip = argv[1]; port = atoi(argv[2]); port2 = atoi(argv[3]); printf("\t--------------------\n\tOedScan, Version 1.1\n\t--------------------\n\n"); printf("\t------------\n"); while(port <= port2){ struct sockaddr_in shizBAM; if(( sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0){ printf("\n\nSocket initiation failed...\n\n"); return 0; } memset(&shizBAM, 0, sizeof(shizBAM)); shizBAM.sin_family = AF_INET; shizBAM.sin_addr.s_addr = inet_addr(ip); shizBAM.sin_port = htons(port); if(connect(sock, (struct sockaddr *) &shizBAM, sizeof(shizBAM)) != -1){ printf("\t| Port: %d |\n", port); close(sock); }else{ close(sock); } port++; } printf("\t------------\n\tScan Completed\n\n"); } |
|
|
|
Nov 7th, 2004, 11:11 PM
|
#2 |
|
Programming Guru
 
Join Date: Oct 2004
Posts: 1,041
Rep Power: 6
   |
You need to set a logical timeout for response packets over the internet.
__________________
|
|
|
|
|
Nov 8th, 2004, 2:01 AM
|
#3 |
|
Expert Programmer
Join Date: Jul 2004
Location: Halifax, Nova Scotia (Canada)
Posts: 784
Rep Power: 5
 |
I assume what is happening here is you are hitting a computer that does not exist or you are hitting a computer which simply is dropping packets and not responding, connect will not return if this does not happen and it takes a LONG time for each connect to timeout.
Option 1) Manually turn down your time-out settings, only problem is this will give false negatives on slower machine or with bad network conditions, and hey it happens all the time. Option 2) Use non-blocking connections, you should always use this for a port scanner anyway.... because it causes the system to not block on the connect command while waiting for either an accept, deny, or timeout to occure. You will need to change your code a bit if this is the case though, after all connects you will need to monitor your sockets for incoming data about the status of those connections, likely using the select command (google this to make sure that is the most efficient way). Option 3) Actually a combination of both 1 + 2 are probably beneficial. Also remember to disable TCP nagle, you can google this as well, it is a simple flag you set at socket level and it will prevent delays in outgoing data. (Though in all honesty I can not be sure this applies with socket connections, but it does not hurt to assume that it does).
__________________
Clifford Matthew Roche <geek@cliffordroche.com> Web Hosting: http://www.crd-hosting.com Consulting: http://www.crdev-consulting.com |
|
|
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
