Two semi-connected scanning program source code

First:

// This is a semi-connected scan / // # include #include #include "mstcpip.h" #include #pragma Comment (lib, "WS2_32 .lib ") // Global variable #define srcport 88 char srcip [20] =; // Define source address ---------- >>>>>>>> CHAR TGTIP [20] =; / / Define the destination address -------------- >>>>>>> INT portnow; // Define the port // standard port list in the scan INT PORTS [20] =; typedef struct ip_hdr {Unsigned char h_verlen; // 4 top length, 4-bit IP version number unsigned char TOS; // 8 bit service type TOS unsigned short total_len; // 16-bit total length (byte) unsigned short ident; // 16 Identifies UNSIGNED SHORT FRAG_AND_FLAGS; // 3 Bit Number Unsigned Char TTL; // 8 Survival Time TTL Unsigned Char Proto; // 8 Agreement (TCP, UDP, or Others) Unsigned Short Checksum; // 16 Bit IP First Verification And unsigned int sourceip; // 32 bitsource IP address unsigned int desip; // 32 bit IP address} ip_header; typef struct tcp_hdr // definition TCP header {ushort th_sport; // 16-bit source port USHORT TH_DPORT; / / 16 Bit destination port unsigned int th_seq; // 32-bit serial number UNSIGNED INT TH_ACK; / / 32 bit confirmation number unsigned char TH_LENRES; // 4 top length / 6 positions unsigned CH AR TH_FLAG; // 6-bit flag bit Ushort TH_WIN; / / 16-bit window size ushort th_sum; // 16-bit checks and ushort tr_urp; // 16-bit emergency data offset} TCP_HEADER; TYPEDEF STRUCT TSD_HDR / / Define TCP The pseudo head {Unsigned long saddr; // source address unsigned long daddr; // destination address char MBZ; char PTCL; // protocol type unsigned short tcpl; // TCP length} PSD_HEADER; / / function original intitude int success_packet (); / / Send data function int RECV_PACKET (); // Listen to data functions ushort checksum (usort *, int); // calculate the verification and function void check_port (char *); // Determine if the port is open function ------- ----------------------- // main function int main (int Argc, char * argv []) {int end; wsadata wsadata

DWORD thREAD_ID = 1; char far hostname [128] =; // --------- >>>>>>>>>>> Handle ThreadHandle [20]; struct hostent * phe; if (argc! = 2) // Check if the command line parameter is correct {USAGE (argv [0]); exit (0);} if (WsaStartup (MakeWord (2, 2), & WSADATA)) {Printf ("WSAStartup Error ... / N "); Exit (0);} STRCPY (TGTIP, Argv [1]); // Get the IP address of the target host gethostname (Hostname, 128); // Get the host name Phe = gethostByName (Hostname); // Get the native IP address structure if (PHE == NULL) {Printf ("get localip error ... / n");} strcpy (srcip, inet_ntoa (* (struct in_addr *) Phe-> h_addr_list [0]) )))); // Get the native IP address // debugging, comment out // printf ("TEST / T% S / N", TGTIP); // Printf ("TEST / T% S / N", SRCIP) ; // Turn on the new thread, accept the packet, analyze the return information handle recvhandle = Createthread (null, 0, (lpthread_start_routine) RECV_PACKET, NULL, 0, & Thread_ID); Sleep (500); // Rest, start sending packets Function for (int TMP = 0; TMP <20; TMP ) { thread_id; // to scan the port Portnow = ports [tmp]; // Open the new thread, send the packet threadhandle [TMP] = CreateThread (NULL, 0, (LPTHREAD_START_ROUTINE) Send_packet, NULL, 0, & Thread_ID); / / Prevent the generated thread from too fast, rest SLEEP 100); DWORD WAITTHREAD = WaitFormultiPleObjects (20, ThreadHandle, True, Infinite); if (waitthread! = Wait_failed) {for (int N = 0; n <20; n ) {closeHandle (threadHandle [n]);}}} CloseHandle; wsacleanup (); scanf ("% d", & end); return 0;

} // ----------------------------------------------------------------------------------------------------------------------------------------------------- --------------------- Function // Send Data Package Functions INT Send_packet () {Socket SendSocket; Bool Flag; Int Timeout; SockAddr_in Sin; IP_Header ipHeader ; TCP_HEADER tcpHeader; PSD_HEADER psdHeader; char szSendBuf [60] = {0}; // transmit packet buffer int ret; unsigned long source_ip; unsigned long target_ip; // build native data socket if ((sendSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) {printf ( "Socket Setup Error ... / n"); return 0;} // set its own padding packet if (setsockopt (sendSocket, IPPROTO_IP, IP_HDRINCL (char *) & flag, sizeof (flag)) == Socket_ERROR) {Printf ("setsockopt ip_hdrincl error ... / n"); return 0;} // Set timeout time Timeout = 1000; if (setsockopt (Sendsocket, Sol_socket, so_sndtimeo, (char *) & Timeout, Sizeof (Ti MEOUT) == SOCKET_ERROR) {Printf ("setsockopt so_sndtimeo error ... / n"); return 0;} target_ip = inet_addr (tgtip); source_ip = inet_addr (srcip); sin.sin_family = AF_INET; sin.sin_port = Htons (portnow); sin.sin_addr.s_un.s_addr = target_ip; // Fill IP header ipHeader.h_verlen = (4 << 4 | sizeof (ipheader) / sizeof (unsigned long); ipHeader.total_len = Htons (Sizeof ipHeader) sizeof (tcpHeader)); ipHeader.ident = 1; ipHeader.frag_and_flags = 0x40; ipHeader.ttl = 128; ipHeader.proto = IPPROTO_TCP; ipHeader.checksum = 0; ipHeader.sourceIP = source_ip;

// Source IP ipHeader.destip = target_ip; // Destination IP // Plug TCP header TCPHEADER.TH_DPORT = HTONS (portNow); // destination port TCPHEADER.TH_SPORT = HTONS (srcport); // Source port TCPHEADER.TH_SEQ = 0x12345678 TCPHEADER.TH_ACK = 0; TCPHEADER.TH_LENRES = (SIZEOF (TCPHEADER) / 4 << 4 | 0); TCPHEADER.TH_FLAG = 2; // SYN flag.

0, 2, 4, 8, 16, 32-> FIN, SYN, RST, PSH, ACK, URG (estimated, haha) TCPHEADER.TH_WIN = HTONS (512); tcpHeader.th_urp = 0; tcpheader.th_sum = 0; // dummy fill tcp header psdHeader.saddr = ipHeader.sourceIP; psdHeader.daddr = ipHeader.destIP; psdHeader.mbz = 0; psdHeader.ptcl = IPPROTO_TCP; psdHeader.tcpl = htons (sizeof (tcpHeader)); // calculate TCP checksum memcpy (szSendBuf, & psdHeader, sizeof (psdHeader)); memcpy (szSendBuf sizeof (psdHeader), & tcpHeader, sizeof (tcpHeader)); tcpHeader.th_sum = checksum ((USHORT *) szSendBuf, sizeof (psdHeader) sizeof (tcpHeader)); // calculated IP checksum memcpy (szSendBuf, & ipHeader, sizeof (ipHeader)); memcpy (szSendBuf sizeof (ipHeader), & tcpHeader, sizeof (tcpHeader)); memset (szSendBuf sizeof (ipHeader) sizeof (tcpHeader), 0, 4); ipHeader.checksum = checksum ((USHORT *) szSendBuf, sizeof (ipHeader) sizeof (tcpHeader)); memcpy (szSendBuf, & ipHeader, sizeof (ipHeader)); memcpy (szSendBuf sizeof ( ipheader, & tcpheader, sizeof (tcpheader); // Send Packet Ret = Sendto (Sendsocket, SzsendBuf, Sizeof (Ipheader) Sizeof (TCPHEADER), 0, (Struct SockAddr *) & SiN, SIZEOF (SiN)); if (Ret == Socket_ERROR) {Printf ("Send Packet Error ... / n "); RETURN 0;} else return 1;} // sinffer function int RECV_PACKET () {socket Sock; SockAddr_in sniff; char recvbuffer [65000] = {0}; // Buffer storage capture data // Establish Socket Listening Packet Sock = Socket (AF_INET, SOCK_RAW, IPPROTO_IP); Sniff.Sin_Family = AF_INET; Sniff.sin_Port = HTONS (0); Sniff.sin_Addr.s_addr = inet_addr (srcip);

// Bind to local random port bind (SOCK, SNIFF)); // Set Sock_RAW to SiO_RCVALL to receive all IP packets // Copy DWORD DWBufferlen [10]; dword dwbufferinlen = 1; DWORD dwBytesReturned = 0; WSAIoctl (sock, SIO_RCVALL, & dwBufferInLen, sizeof (dwBufferInLen), & dwBufferLen, sizeof (dwBufferLen), & dwBytesReturned, NULL, NULL); while (1) {memset (recvBuffer, 0, sizeof (recvBuffer)) ; // Start capture packet int reference = Recv (Sock, RecvBuffer, SizeOf (Recvbuffer), 0); if (bytesrecived <= 0) {Break;} check_port (recvbuffer); // Call Unpacking function} Return 1; } // unpack function void check_port (char * buffer) {IP_HEADER * ipHeader; // IP_HEADER type pointer TCP_HEADER * tcpHeader; // TCP_HEADER type pointer ipHeader = (IP_HEADER *) buffer; tcpHeader = (TCP_HEADER *) (buffer sizeof (Ip_header); if (ipheader-> sourceip! = Inet_addr (tgtip)) {return;} for (int TMP = 0; TMP <20; TMP ) {// SYN ACK -> 2 16 = 18 (also Initially, haha) IF (tcpheader-> th_flag == 18 && tcpheader-> th_sport == htons (ports [tmp]) {printf ("[Found] / T% S / TPORT / T% D / TOPEN / N", TGTIP, Ports [TMP]);}}} // -------------------------------------------------------------------------------------------------- ---------------- // Computational inspection and function, completely copy other people's USHORT CHECKSUM (Ushort * Buffer, int size) {unsigned long cksum = 0; while (size> 1) {CKSUM = * buffer ; size - = sizeof (ushort);} if (size) {cksum = * (uchar *) buffer;} cksum = (cksum >> 16) (CKSUM & 0xFFFF); CKSUM

= (CKSUM >> 16); return (~ cksum);} second:

// Semi-open scan source (for Win2k) #include #include #include #include "mstcpip.h" #pragma Comment (lib, "ws2_32") # define DEFAULT_DEST_PORT 5 # define DEST_HOST "www.hrbust.edu.cn" #define SEQ 0x28376839typedef struct _iphdr {unsigned char h_lenver; // 4-bit header length 4-bit IP version number unsigned char tos; // 8-bit type of service TOSunsigned short Total_len; // 16-bit total length (bytes) Unsigned short ident; // 16-bit identifier Unsigned short frag_and_flags; // 3-bit flag bit unsigned char TTL; // 8-bit survival Ttlunsigned Char proto; // 8 protocol (TCP, UDP or other) Unsigned short checksum; // 16-bit IP header checksum unsigned int sourceip; // 32 bitsource IP address unsigned int desip; // 32 bit IP address} ip_header; typedef struct _tcphdr // Define TCP header {ushort th_sport; // 16-bit source port USHORT TH_DPORT; / / 16-bit destination port unsigned int th_seq; // 32-bit serial number UNSIGNED INT TH_ACK; / / 32 bit confirmation number unsigned char TH_LENRES; // 4 bit Head length / 6 reserved word unsigned char th_flag; // 6 bit flag bit Ushort TH_WIN; / / 16-bit window size ushort tr_sum; // 16-bit check and ushort th_urp; // 16-bit emergency data offset} TCP_HEADER ; Struct // Defines TCP Pseudomoned Legs {UNSIGNED Long Saddr; // Source Address Unsigned Long Daddr; // Destination Address Char MBZ; CHAR PTCL; // Protocol Type Unsigne d short tcpl; // TCP length} psd_header; SOCKET sockRaw = INVALID_SOCKET, sockListen = INVALID_SOCKET; struct sockaddr_in dest; // SOCK error handler void CheckSockError (int iErrorCode, char * pErrorMsg) {if (iErrorCode == SOCKET_ERROR) {printf ("% S Error:% D / N", PerrorMSG, getLastError ()); CloseSocket (SockRaw); EXITPROCESS (-1);}} // Computational Test and Ushort Checksum (Ushort * Buffer, Int size) {Unsigned Long CKSUM = 0; while (size> 1) {cksum = * buffer ; size - = sizeof (ushort);}} (size) {cksum = * (uchar *) buffer;} cksum = (CKSUM >> 16) (CKSUM & 0xFFFF); CKSUM = (CKSUM >> 16); Return (~ CKSUM);

} // IP unpack program bool DecodeIPHeader (char * buf, int bytes) {IP_HEADER * iphdr; TCP_HEADER * tcphdr; unsigned short iphdrlen; iphdr = (IP_HEADER *) buf; iphdrlen = sizeof (unsigned long) * (iphdr-> h_lenver & 0xf); TCPHDR = (TCP_Header *); // Whether or not from the target IPIF (iPhdr-> SourceIP! = DEST.SIN_ADDR.S_ADDR) Return False; // The serial number is correct IF ((NTOHL) TCPHDR-> TH_ACK)! = (SEQ 1)) && (NtOHL (TCPHDR-> TH_ACK)! = SEQ)) Return False; // RST / ACK - Non-service IF (TCPHDR-> TH_FLAG == 20) {Printf ("./N"} // SYN / ACK - Scan to a port IF (TCPHDR -> TH_FLAG == 18) {Printf ("% d / n", NTOHS (TCPHDR-> TH_SPORT)) ; return true;} return true;} // main function int main (int argc, char ** argv) {int iErrorCode; int datasize; struct hostent * hp; IP_HEADER ip_header; TCP_HEADER tcp_header; char sendBuf [128] = {0 }; char recvBuf [65535] = {0}; // initialize SOCKETWSADATA wsaData; iErrorCode = WSAStartup (MAKEWORD (2,2), & wsaData); CheckSockError (iErrorCode, "WSAStartup ()"); sockRaw = socket (AF_INET, SOCK_RAW , Ipproto_ip); Checksockerror (SockRaw, "socket ()"); SockListen = Socket (AF_INET, SOCK_RAW, IPPROTO_IP); CheckSockError (sockListen, "socket"); // Set the IP header Options BOOL bOpt = true; iErrorCode = setsockopt (sockRaw, IPPROTO_IP, IP_HDRINCL, (char *) & bOpt, sizeof (bOpt)); CheckSockError (iErrorCode, "setsockopt ()"); // get local IPSOCKADDR_IN sa; unsigned char LocalName [256]; iErrorCode = gethostname ((char *) LocalName, sizeof (LocalName) -1); CheckSockError (iErrorCode, "gethostname ()"); IF ((hp = gethostbyname) == null) {checksockerror (socket_error, "gethostByName ()");} Memcpy (& sa.sin_addr.s_un.s_addr, hp-> h_addr_list [0], HP -> h_length);

Sa.sin_Family = AF_INET; sa.sin_port = htons (7000); IrrorCode = Bind (Socklisten, (PsockAddr) & sa, sizeof (sa)); checksockerror (iERRORCODE, "Bind"); // Sets SOCK_RAW to SiO_RCVALL for reception All IP packets DWORD dwBufferLen [10]; DWORD dwBufferInLen = 1; DWORD dwBytesReturned = 0; iErrorCode = WSAIoctl (sockListen, SIO_RCVALL, & dwBufferInLen, sizeof (dwBufferInLen), & dwBufferLen, sizeof (dwBufferLen), & dwBytesReturned, NULL, NULL); CheckSockError (IrrorCode, "IOCTL"); // Get the target host ipmemset; dest.sin_family = AF_INET; DEST.SIN_PORT = HTONS (Default_Dest_port); if ((DEST.SIN_ADDR.S_ADDR = INET_ADDR (DEST_HOST) == INADDR_NONE) {IF ((HP = gethostByname (dest_host))! = Null) {Memcpy (& (dest.sin_addr), hp-> h_addr_list [0], hp-> h_length); dest.sin_family = HP-> h_addrtype; printf ("dest.sin_addr =% s / n", INET_NTOA (DEST.SIN_ADDR));} else {checksockerror (socket_error, "gethostByname ()");}} // Fill the IP header IP_HEADER. h_lenver = (4 << 4 | SizeOf (IP_HEADER) / SIZEOF (Unsigned Long)); // High 4-digit IP version number, low four head length IP_HEADER.TOTAL_LEN = HTONS (Sizeof _Header) sizeof (TCP_HEADER)); // 16-bit total length (bytes) ip_header.Ident = 1; // 16-bit identifier ip_header.frag_and_flags = 0; // 3 bit flag bit ip_header.ttl = 128; // 8-bit survival time TTLIP_HEADER.PROTO = ipproto_tcp; // 8-bit protocol (TCP, UDP ...) ip_header.checksum = 0; // 16-bit IP header checksum ip_header.sourceIP = sa.sin_addr.s_addr; // 32 bit Source IP address ip_header.destip = dest.sin_addr.s_addr; // 32 bit ip address // Fill TCP header TCP_HEADER.TH_SPORT = HTONS (7000); // Source port number TCP_HEADER.TH_DPORT = htons (default_dest_port); // Destination port number TCP_HEADER.TH_SEQ = HTONL (SEQ); // SYN serial number TCP_HEADER.TH_ACK = 0; // ACK sequence number is 0TCP_HEADER.TH_LENRES = (Sizeof (TCP_HEADER) / 4 <<