simple but fast port scanner

[mrpink]

hi,
I wanna write a simple and fast port scanner which scans one host for
some open ports. I need to do this in a SYN scan mode which is described
as follows:

'This technique is often referred to as half-open scanning, because you
don't open a full TCP connection. You send a SYN packet, as if you are
going to open a real connection and then wait for a response. A SYN/ACK
indicates the port is listening (open), while a RST (reset) is
indicative of a non-listener. If no response is received after several
retransmissions, the port is marked as filtered. The port is also marked
filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or
13) is received.'

But a simple question How do I send a SYN packet ? Google didn't want
to drop a usefull answer for that question so I hope I can get here some
infos about that.

greets

 

[Brian Candler]

I wanna write a simple and fast port scanner which scans one host for
some open ports. I need to do this in a SYN scan mode which is described
as follows:

'This technique is often referred to as half-open scanning, because you
don't open a full TCP connection. You send a SYN packet, as if you are
going to open a real connection and then wait for a response. A SYN/ACK
indicates the port is listening (open), while a RST (reset) is
indicative of a non-listener. If no response is received after several
retransmissions, the port is marked as filtered. The port is also marked
filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or
13) is received.'

But a simple question How do I send a SYN packet ? Google didn't want
to drop a usefull answer for that question so I hope I can get here some
infos about that.

Simple and fast solution: just use nmap.

If you want to write one yourself: then read the source code for nmap to see
how it's done. And buy yourself a copy of the Stevens networking book and
read about raw sockets.
http://www.amazon.com/Unix-Network-...9615919?ie=UTF8&s=books&qid=1176733652&sr=8-2

If you want to do this from Ruby, you'll probably have to work it out for
yourself, unless you can find some sample code which uses raw sockets.

Regards,

Brian.

 

[mrpink]

yes thanks but I don't wanna use nmap I want to write it by my own...

the only problem I have is: "You send a SYN packet, as if you are going
to open a real connection and then wait for a response[..]" but how can
I send a SYN packet with ruby? I also know how to use telnet and sockets
and how I could simply connect with tcp to a certain port but how can I
send such a SYN packet ?!?

Is this at all possible with ruby or is this too low level?

greets

 

[Joel VanderWerf]

yes thanks but I don't wanna use nmap I want to write it by my own...

the only problem I have is: "You send a SYN packet, as if you are going
to open a real connection and then wait for a response[..]" but how can
I send a SYN packet with ruby? I also know how to use telnet and sockets
and how I could simply connect with tcp to a certain port but how can I
send such a SYN packet ?!?

Is this at all possible with ruby or is this too low level?

As Brian said, read up on raw sockets....

If you want some code to help construct raw IP packets, take a look at
some of the examples in bit-struct[1], which is sort of a wrapper over
#pack/#unpack. Particularly, look at examples/raw.rb. You'll have to
find out elsewhere what goes into a SYN packet, though.

[1] http://redshift.sourceforge.net/bit-struct

 

[mrpink]

okay thanks, I'll take a look upon the things you mentioned