1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Help with port scanner

Discussion in 'C' started by en_7123, Mar 6, 2010.

  1. en_7123

    en_7123 New Member

    Joined:
    Feb 11, 2010
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    0
    Hi I'm new to socket programming and i wrote a very simple port scanner.I'm having problem with the code
    ----------------------------------------------------------------------------------------------------------
    Code:
    #include<stdio.h>
    #include<sys/socket.h>
    #include<sys/types.h>
    #include<stdlib.h>
    #include<netdb.h>
    int main()
    {
    char ip[32];
    
        int i,err,net;
        
        struct sockaddr_in sa;
        net=socket(AF_INET,SOCK_STREAM,0);
        sa.sin_family=AF_INET;
     
        printf("enter the ip");
        scanf("%s",ip);
        sa.sin_addr.s_addr=inet_addr(ip);
        for(i=1;i<20000;i++)
        {
            
            sa.sin_port=htons(i);
           
            
            if((connect(net,(struct sockaddr *)&sa,sizeof(sa)))>=0)
            
            {
                printf("\n%d is open",i);
            }
        }
        printf("\n");
    return ;
     }
    
    -------------------------------------------------------------------------------------------------------
    the output for this is :

    enter the ip
    127.0.0.1
    22 is open
    Now here is another version of the above
    ------------------------------------------------------------------------------------------------------
    Code:
    #include<stdio.h>
    #include<sys/socket.h>
    #include<sys/types.h>
    #include<stdlib.h>
    #include<netdb.h>
    int main()
    {
        
        char addr[32];
        int i,net;
        
       struct sockaddr_in sa;
        
        printf("enter the ip");
        scanf("%s",addr);
        
        sa.sin_addr.s_addr=inet_addr(addr);
        for(i=1;i<20000;i++)
                {
                    sa.sin_family=AF_INET;
                  sa.sin_port=htons(i);
            
                    net=socket(AF_INET,SOCK_STREAM,0);
                    if((connect(net,(struct sockaddr *)&sa,sizeof(sa)))>=0)
            
            {
             
    
       printf("\n%d is open",i);
                  
    }
        }
      
    
    
    return ;
     }
    --------------------------------------------------------------------------------------------------------
    The output for his is:
    enter the ip
    127.0.0.1
    22 is open
    25 is open
    111 is open
    631 is open

    1 now only difference in the above two program is that I'm calling the socket call and sa.sin_family=AF_INET in for loop in second program .Why is the first not working.

    2.Also my second question is i have assigned
    char ADDR[32];
    .How many space do i need to assign in char for storing the ip.

    3 :rolleyes::rolleyes: K and the last query I have is that when i run the second program giving ip of computer on my lan it works fine but when i try it against say some site (say if I enter ip of google ) it doesnt work and no output is given.
     
    Last edited by a moderator: Mar 6, 2010
  2. ungalnanban

    ungalnanban New Member

    Joined:
    Feb 19, 2010
    Messages:
    45
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    Chennai
    The problem is your creating the socket in side the for loop in second program.

    I workout your program.

    first program output
    22 is open

    second program output.

    22 is open
    25 is open
    111 is open
    113 is open
    631 is open
    778 is open
    925 is open

    Then I changed your second program as like first that time the second program also gives only one port number.

    I removed the following code from forloop and I past it at before the for loop.

    Code:
     net=socket(AF_INET,SOCK_STREAM,0);
    
    Then the second program also gives only one port number.

    So that only the second program gives more than one port number.
     
    Last edited: Mar 6, 2010
  3. karthigayan

    karthigayan New Member

    Joined:
    Feb 19, 2010
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    0
    1.In your first code you created only one socket , so for that you got only one port.But in your second code you created some number of sockets ,because you run a loop till 20000.For the each iteration of the loop your program tried to created a socket . So you got the ports for the connected sockets .

    2. To store the ip in char array you need 16 bits.
    char addr[16];

    3.You can not easily access the external site ip's .Because they would accept the the outside connection easily .Then used have firewall security.
     
    Last edited: Mar 6, 2010
  4. en_7123

    en_7123 New Member

    Joined:
    Feb 11, 2010
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    0
    Yup ok i get it but why cant i just create a single socket
    net=socket(AF_INET,SOCK_STREAM,0)
    AND THE USE THIS SOCKET TO CONNECT TO ANOTHER HOST TRYING DIFFERENT PORT NUMBERS.I mean once the socket is made it can go in for loop try connecting if it is successful in creating a connection than print port number and than try another connection at different port..I guess it basically comes down to
    'why do I need to make the socket call inside the for loop,Why not outside and use the socket created to make connection to host at differnt ports one at a time?'

    2.Also this is obviously a very simple scanner and will be easily logged can anyone guide me how to go about making a stealth port scanner which can scan any host or at least give some decent result.
     
  5. en_7123

    en_7123 New Member

    Joined:
    Feb 11, 2010
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    0
    Thanx for your help.Could you please explain why 16 ? I mean ip requires 32 bytes ?:confused:
     
  6. karthigayan

    karthigayan New Member

    Joined:
    Feb 19, 2010
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    0
    When you connect with the host , you can just connect with the single port only.Because each port is for a single connection .So you can not get all the port with the single connection.If you want to get the available ports you need to have multiple connection.so each connection will try to occupy the port which is available.There while you can get the available ports on the host ( This is what your second program doing and getting the ports correctly ).

    Then you asked to store the ip in the char[].Since you want this as a string I said 16 bits is enough.But if you want to store that as a integer you need 32 bits. Infact to do some operaton with the ip address you need to store that as a integer only.
     
  7. en_7123

    en_7123 New Member

    Joined:
    Feb 11, 2010
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    0
    Ok i get it now but now I, making addr as int but when i take it as input scanf("%d",&addr)..The code compiles but on running no result.But when i define.
    int addr;
    scanf("%s",&addr);
    it is working fine.So if IP needs to be in int why do we have to give %s in scanf.Do i make my addr in the code as int or char.
     
  8. en_7123

    en_7123 New Member

    Joined:
    Feb 11, 2010
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    0
    Ok another thing sizeof(char) is 1 so why allocate char[16] if we need 32 bytes and not char[32].
     
  9. karthigayan

    karthigayan New Member

    Joined:
    Feb 19, 2010
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    0
    Don't confuse with the 16 bits which I said before .I just said that to store the ip in a string.
    Then Since the ip address having the '.' character you need to get that as a string in the scanf.
     

Share This Page