Help with port scanner

[en_7123]

Hi I'm new to socket programming and i wrote a very simple port scanner.I'm having problem with the code
----------------------------------------------------------------------------------------------------------

Code:

#include<stdio.h>
#include<sys/socket.h>
#include<sys/types.h>
#include<stdlib.h>
#include<netdb.h>
int main()
{
char ip[32];

    int i,err,net;
    
    struct sockaddr_in sa;
    net=socket(AF_INET,SOCK_STREAM,0);
    sa.sin_family=AF_INET;
 
    printf("enter the ip");
    scanf("%s",ip);
    sa.sin_addr.s_addr=inet_addr(ip);
    for(i=1;i<20000;i++)
    {
        
        sa.sin_port=htons(i);
       
        
        if((connect(net,(struct sockaddr *)&sa,sizeof(sa)))>=0)
        
        {
            printf("\n%d is open",i);
        }
    }
    printf("\n");
return ;
 }

-------------------------------------------------------------------------------------------------------
the output for this is :

enter the ip
127.0.0.1
22 is open
Now here is another version of the above
------------------------------------------------------------------------------------------------------

Code:

#include<stdio.h>
#include<sys/socket.h>
#include<sys/types.h>
#include<stdlib.h>
#include<netdb.h>
int main()
{
    
    char addr[32];
    int i,net;
    
   struct sockaddr_in sa;
    
    printf("enter the ip");
    scanf("%s",addr);
    
    sa.sin_addr.s_addr=inet_addr(addr);
    for(i=1;i<20000;i++)
            {
                sa.sin_family=AF_INET;
              sa.sin_port=htons(i);
        
                net=socket(AF_INET,SOCK_STREAM,0);
                if((connect(net,(struct sockaddr *)&sa,sizeof(sa)))>=0)
        
        {
         

   printf("\n%d is open",i);
              
}
    }
  


return ;
 }

--------------------------------------------------------------------------------------------------------
The output for his is:
enter the ip
127.0.0.1
22 is open
25 is open
111 is open
631 is open

1 now only difference in the above two program is that I'm calling the socket call and sa.sin_family=AF_INET in for loop in second program .Why is the first not working.

2.Also my second question is i have assigned
char ADDR[32];
.How many space do i need to assign in char for storing the ip.

3 K and the last query I have is that when i run the second program giving ip of computer on my lan it works fine but when i try it against say some site (say if I enter ip of google ) it doesnt work and no output is given.

[ungalnanban]

The problem is your creating the socket in side the for loop in second program.

I workout your program.

first program output
22 is open

second program output.

22 is open
25 is open
111 is open
113 is open
631 is open
778 is open
925 is open

Then I changed your second program as like first that time the second program also gives only one port number.

I removed the following code from forloop and I past it at before the for loop.

Code:

 net=socket(AF_INET,SOCK_STREAM,0);

Then the second program also gives only one port number.

So that only the second program gives more than one port number.

[karthigayan]

1.In your first code you created only one socket , so for that you got only one port.But in your second code you created some number of sockets ,because you run a loop till 20000.For the each iteration of the loop your program tried to created a socket . So you got the ports for the connected sockets .

2. To store the ip in char array you need 16 bits.
char addr[16];

3.You can not easily access the external site ip's .Because they would accept the the outside connection easily .Then used have firewall security.

[en_7123]

Yup ok i get it but why cant i just create a single socket
net=socket(AF_INET,SOCK_STREAM,0)
AND THE USE THIS SOCKET TO CONNECT TO ANOTHER HOST TRYING DIFFERENT PORT NUMBERS.I mean once the socket is made it can go in for loop try connecting if it is successful in creating a connection than print port number and than try another connection at different port..I guess it basically comes down to
'why do I need to make the socket call inside the for loop,Why not outside and use the socket created to make connection to host at differnt ports one at a time?'

2.Also this is obviously a very simple scanner and will be easily logged can anyone guide me how to go about making a stealth port scanner which can scan any host or at least give some decent result.

[en_7123]

Quote:

Originally Posted by karthigayan

2. To store the ip in char array you need 16 bits.
char addr[16];

Thanx for your help.Could you please explain why 16 ? I mean ip requires 32 bytes ?

[karthigayan]

When you connect with the host , you can just connect with the single port only.Because each port is for a single connection .So you can not get all the port with the single connection.If you want to get the available ports you need to have multiple connection.so each connection will try to occupy the port which is available.There while you can get the available ports on the host ( This is what your second program doing and getting the ports correctly ).

Then you asked to store the ip in the char[].Since you want this as a string I said 16 bits is enough.But if you want to store that as a integer you need 32 bits. Infact to do some operaton with the ip address you need to store that as a integer only.

[en_7123]

Quote:

Originally Posted by karthigayan

When you connect with the host , you can just connect with the single port only.Because each port is for a single connection .So you can not get all the port with the single connection.If you want to get the available ports you need to have multiple connection.so each connection will try to occupy the port which is available.There while you can get the available ports on the host ( This is what your second program doing and getting the ports correctly ).

Then you asked to store the ip in the char[].Since you want this as a string I said 16 bits is enough.But if you want to store that as a integer you need 32 bits. Infact to do some operaton with the ip address you need to store that as a integer only.

Ok i get it now but now I, making addr as int but when i take it as input scanf("%d",&addr)..The code compiles but on running no result.But when i define.
int addr;
scanf("%s",&addr);
it is working fine.So if IP needs to be in int why do we have to give %s in scanf.Do i make my addr in the code as int or char.

[en_7123]

Ok another thing sizeof(char) is 1 so why allocate char[16] if we need 32 bytes and not char[32].

[karthigayan]

Don't confuse with the 16 bits which I said before .I just said that to store the ip in a string.
Then Since the ip address having the '.' character you need to get that as a string in the scanf.