Simple but fast port scanner

#1

hi,
I wanna write a simple and fast port scanner which scans one host for
some open ports. I need to do this in a SYN scan mode which is described
as follows:

‘This technique is often referred to as half-open scanning, because you
don’t open a full TCP connection. You send a SYN packet, as if you are
going to open a real connection and then wait for a response. A SYN/ACK
indicates the port is listening (open), while a RST (reset) is
indicative of a non-listener. If no response is received after several
retransmissions, the port is marked as filtered. The port is also marked
filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or
13) is received.’

But a simple question :wink: How do I send a SYN packet ? Google didn’t want
to drop a usefull answer for that question so I hope I can get here some
infos about that.

greets

#2

On Mon, Apr 16, 2007 at 10:30:08PM +0900, mrpink wrote:

filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or
13) is received.’

But a simple question :wink: How do I send a SYN packet ? Google didn’t want
to drop a usefull answer for that question so I hope I can get here some
infos about that.

Simple and fast solution: just use nmap.

If you want to write one yourself: then read the source code for nmap to
see
how it’s done. And buy yourself a copy of the Stevens networking book
and
read about raw sockets.
http://www.amazon.com/Unix-Network-Programming-Vol-Networking/dp/0131411551/ref=sr_1_2/104-5978442-9615919?ie=UTF8&s=books&qid=1176733652&sr=8-2

If you want to do this from Ruby, you’ll probably have to work it out
for
yourself, unless you can find some sample code which uses raw sockets.

Regards,

Brian.

#3

yes thanks but I don’t wanna use nmap :wink: I want to write it by my own…

the only problem I have is: “You send a SYN packet, as if you are going
to open a real connection and then wait for a response[…]” but how can
I send a SYN packet with ruby? I also know how to use telnet and sockets
and how I could simply connect with tcp to a certain port but how can I
send such a SYN packet ?!?

Is this at all possible with ruby or is this too low level?

greets

#4

On 4/16/07, mrpink removed_email_address@domain.invalid wrote:

indicative of a non-listener. If no response is received after several

Depends on what you’re trying to do. If you only want to manage systems
in
your own environment, just do a full TCP connect. (There is a class in
EventMachine that was designed exactly for this kind of test, and it’s
extremely fast.)

If you’re looking for open ports out in the internet that you intend to
SYN-flood, you came to the wrong list.

#5

okay thanks, I’ll take a look upon the things you mentioned

#6

mrpink wrote:

yes thanks but I don’t wanna use nmap :wink: I want to write it by my own…

the only problem I have is: “You send a SYN packet, as if you are going
to open a real connection and then wait for a response[…]” but how can
I send a SYN packet with ruby? I also know how to use telnet and sockets
and how I could simply connect with tcp to a certain port but how can I
send such a SYN packet ?!?

Is this at all possible with ruby or is this too low level?

As Brian said, read up on raw sockets…

If you want some code to help construct raw IP packets, take a look at
some of the examples in bit-struct[1], which is sort of a wrapper over
#pack/#unpack. Particularly, look at examples/raw.rb. You’ll have to
find out elsewhere what goes into a SYN packet, though.

[1] http://redshift.sourceforge.net/bit-struct

#7

Need to know about Port Scanners? Here we will help you out in providing the best info.

1- SolarWinds Port Scanner: It has some amazing free tools and their Port Scanner will be a great addition in a System administrator’s toolset. It scans all the obtainable IP addresses in a network and their consistent TCP and UDP ports. It will then create a list of all the open, closed, and filtered ports for the sake of important action. It lets users save every configuration so that they don’t have to input them every time they need to initiate the scanning course. Users can list the scans to particular times so that they are always up to date with the status of all the available ports. Tap https://appuals.com/the-5-best-port-scanners/ for more info.

2- Nmap: This is open source software that is in demand because of expert administrators. It is a bit hard bit for newbies to use it because of the many ways you can utilize to set up a link with network hosts. It works by sending packets of data to your network. Depends on the reply received it is then capable to classify the devices linked to your network, services being obtainable by the devices, the kind of OS being run working on these devices and the app versions.

#8

My comment may not be a helpful comment, but have you tried nmap? sophsec/ruby-nmap

The problem is I have used the Linux command line interface of nmap, haven’t tried this gem.