I. Introduction
A port is a potential communication channel and an intrusion channel. Port scans for computers can get many useful information. There are a variety of methods for scanning, and can be scanned manually or in port scanning software. When manually scanning, you need to be familiar with various commands, and analyze the outputs of the command execution. Scanning software can do corresponding data analysis functions when scanning with scanning software.
This article describes the scanner working principle and technical advantages, and finally makes a simple scanner.
Second, scanner working principle and technical advantages
The scanner is an automatic program that automatically detects remote or local host security weaknesses. By using the scanner, you can discover all the TCP ports of the remote server and the services provided and the software version they are used! This information can indirectly understand the security issues existed by the remote host.
The working principle of the scanner is: Different ports that connect remote TCP / IP and record the response given to the target. In this way, many information about the host can be collected (whether they can be able to log in anonymity; if there is a writable FTP directory; if you can use telnet; httpd is ROOT or NOBADY is running ...).
One of the main features of the scanner is to discover a host or network and check that the service is running on this host, further testing these services, and discovering system vulnerabilities. To implement these features, you only need to use a simple TCP Connect () scan. The Connect () system call provided by the operating system is used to connect to each target computer port. If the port is in a listening state, connect () can be successful; otherwise this port cannot be used, that is, no service is available.
The biggest a bit of this technology is: No need is required. Any user in the system has the right to use this call. Another benefit is the speed, if each target port is linear, use a separate connect () call, which will take a long time. We can open multiple sockets at the same time to accelerate scanning. Use non-blocking I / O to allow setting up a lower time to operate, while observing multiple Sockets.
Third, program implementation steps
1 Establish a dialog-based application with AppWizard, note that the program needs to support Winsocket.
Add a resource to the dialog to get an interface as shown below. The above is an IP address, below is an edit box, add button "scan", which ID_scan is id_scan.
Homemade scanner interface diagram
2 Add control variables as follows:
3 Add function testConnection
The function is mainly to create a socket and then test the port to open it through the Connect method. The main code is as follows:
Bool Cportscandlg :: TestConnection (CSTRING IP, Unit Nport)
{
Csocket * psocket;
psocket = new csocket;
Assert (psocket);
IF (! Psocket -> create ())
{
DELETE PSOCKET;
psocket = null;
Return False;
}
While (! psocket -> Connect (ip, nport))
{
DELETE PSOCKET;
psocket = null;
Return False;
}
Psocket -> Close ();
DELETE PSOCKET;
Return True;
}
4 Add functions to ID_scan. Simply accept data, and call the TestConnection (IP, Port) function.
At this point, the port scanner is complete, it implements a very simple detection port function.
