simple but fast port scanner

Discussion in 'Ruby' started by mrpink, Apr 16, 2007.

  1. mrpink

    mrpink Guest

    hi,
    I wanna write a simple and fast port scanner which scans one host for
    some open ports. I need to do this in a SYN scan mode which is described
    as follows:

    'This technique is often referred to as half-open scanning, because you
    don't open a full TCP connection. You send a SYN packet, as if you are
    going to open a real connection and then wait for a response. A SYN/ACK
    indicates the port is listening (open), while a RST (reset) is
    indicative of a non-listener. If no response is received after several
    retransmissions, the port is marked as filtered. The port is also marked
    filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or
    13) is received.'

    But a simple question ;) How do I send a SYN packet ? Google didn't want
    to drop a usefull answer for that question so I hope I can get here some
    infos about that.

    greets
    mrpink, Apr 16, 2007
    #1
    1. Advertising

  2. On Mon, Apr 16, 2007 at 10:30:08PM +0900, mrpink wrote:
    > I wanna write a simple and fast port scanner which scans one host for
    > some open ports. I need to do this in a SYN scan mode which is described
    > as follows:
    >
    > 'This technique is often referred to as half-open scanning, because you
    > don't open a full TCP connection. You send a SYN packet, as if you are
    > going to open a real connection and then wait for a response. A SYN/ACK
    > indicates the port is listening (open), while a RST (reset) is
    > indicative of a non-listener. If no response is received after several
    > retransmissions, the port is marked as filtered. The port is also marked
    > filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or
    > 13) is received.'
    >
    > But a simple question ;) How do I send a SYN packet ? Google didn't want
    > to drop a usefull answer for that question so I hope I can get here some
    > infos about that.


    Simple and fast solution: just use nmap.

    If you want to write one yourself: then read the source code for nmap to see
    how it's done. And buy yourself a copy of the Stevens networking book and
    read about raw sockets.
    http://www.amazon.com/Unix-Network-...9615919?ie=UTF8&s=books&qid=1176733652&sr=8-2

    If you want to do this from Ruby, you'll probably have to work it out for
    yourself, unless you can find some sample code which uses raw sockets.

    Regards,

    Brian.
    Brian Candler, Apr 16, 2007
    #2
    1. Advertising

  3. mrpink

    mrpink Guest

    yes thanks but I don't wanna use nmap ;) I want to write it by my own...

    the only problem I have is: "You send a SYN packet, as if you are going
    to open a real connection and then wait for a response[..]" but how can
    I send a SYN packet with ruby? I also know how to use telnet and sockets
    and how I could simply connect with tcp to a certain port but how can I
    send such a SYN packet ?!?

    Is this at all possible with ruby or is this too low level?

    greets
    mrpink, Apr 16, 2007
    #3
  4. mrpink wrote:
    > yes thanks but I don't wanna use nmap ;) I want to write it by my own...
    >
    > the only problem I have is: "You send a SYN packet, as if you are going
    > to open a real connection and then wait for a response[..]" but how can
    > I send a SYN packet with ruby? I also know how to use telnet and sockets
    > and how I could simply connect with tcp to a certain port but how can I
    > send such a SYN packet ?!?
    >
    > Is this at all possible with ruby or is this too low level?


    As Brian said, read up on raw sockets....

    If you want some code to help construct raw IP packets, take a look at
    some of the examples in bit-struct[1], which is sort of a wrapper over
    #pack/#unpack. Particularly, look at examples/raw.rb. You'll have to
    find out elsewhere what goes into a SYN packet, though.

    [1] http://redshift.sourceforge.net/bit-struct

    --
    vjoel : Joel VanderWerf : path berkeley edu : 510 665 3407
    Joel VanderWerf, Apr 16, 2007
    #4
  5. mrpink

    mrpink Guest

    okay thanks, I'll take a look upon the things you mentioned
    mrpink, Apr 16, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John T. Goodman

    Overhead of 4-port over 2-port SRAM

    John T. Goodman, Jan 25, 2005, in forum: VHDL
    Replies:
    0
    Views:
    596
    John T. Goodman
    Jan 25, 2005
  2. Sean Wolfe
    Replies:
    1
    Views:
    2,250
    Joerg Jooss
    Apr 28, 2005
  3. Replies:
    0
    Views:
    662
  4. Michele Simionato

    Python is darn fast (was: How fast is Python)

    Michele Simionato, Aug 23, 2003, in forum: Python
    Replies:
    13
    Views:
    563
  5. Juha Nieminen
    Replies:
    22
    Views:
    1,024
    Kai-Uwe Bux
    Oct 12, 2007
Loading...

Share This Page