Click here to Skip to main content
Email Password   helpLost your password?
  • Download source files - 14 Kb
  • Download demo project - 60 Kb
  • Disclaimer

    The techniques discussed in this article are meant to aid Network Administrators in finding security holes in their own sysmtes in order to close potential points of weakness. These techniques must not be used to gain illegal eentry to remote servers.

    Introduction

    Internet world is full of exciting tricks and mysteries. This giant world can be more attractive when a computer programmer knows the Internet protocols and how to write codes to handle connections. We, computer programmers, know that TCP/IP protocol claims "All Hard Disks of online computers through the world are mine!" and this idea leads hackers to intrude our valuable information from any Holes on our PCs. Their hacking applications can interpret TCP/IP-based protocols such as FTP, HTTP, etc. and that is why they can do whatever with our servers. 

    What are we supposed to do to prevent their attack? If you are a network administrator, you will say that we should close unneeded ports as the first solution. In the other hand, we must find IP Holes and then close them.

    This article can give you some helpful ideas to detect these holes. The submitted code and application can be the bases of Port Scanners.

    How does it work?

    This application uses class CTheSocket inherited from class CSocket. I could use a CSocket object instead but I preferred to inherit from this class to override any desired events in the future. The member function CPortScanView::TestConnection(CString IP, UINT nPort) is the heart of port scanning. Please see the following code:

    
    BOOL CPortScanView::TestConnection(CString IP, UINT nPort)
    {
    	CTheSocket* pSocket;
    	pSocket = new CTheSocket;
    	ASSERT(pSocket);
    
    	if (!pSocket->Create())
    	{
    		delete pSocket;
    		pSocket = NULL;
    		return FALSE;
    	}
    
    	while (!pSocket->Connect(IP , nPort))
    	{
    		delete pSocket;
    		pSocket = NULL;
    		return FALSE;
    	}
    
    	pSocket->Close();
    	delete pSocket;
    	return TRUE;
    }
    
    

    In the above code if connection with the specified socket on port nPort is established, the member function will return TRUE, otherwise FALSE. This member function does not have to know Internet services protocols like HTTP, FTP, etc. to interpret them to find out whether or not the port is open. As a matter of fact the member function checks which ports are listening to establish connection. As soon as the state of socket changes from mode 'Listening' to mode 'Established' the value TRUE is reported and status 'open' is detected.

    The submitted application is a single-thread one and I used ::PeekMessage(...) at the end of the outer loop by which a range of ports can be scanned to handle windows messages in order to stop scanning process, moving windows around the screen and so on. Here, This is the code segment:

    for (m_nCounter = minPort; m_nCounter <= maxPort; m_nCounter++)
    {
    	.
    	.
    	.
    	while(nAttempt <= m_nMaxAttempts && !bIsOpen)
    	{
    		.
    		.
    	}
    	.
    	.
    	.
    	MSG message;
    	if (::PeekMessage(&message,NULL,0,0,PM_REMOVE))
    	{
    		::TranslateMessage(&message);
    		::DispatchMessage(&message);
    	}
    	.
       }
    

    To make sure that CPortScanView::OnButtonScan() is not reentered, I disabled the corresponding button CPortScanView::m_cBtnScan by invoking m_cBtnScan.EnableWindow(FALSE) member function. Also, to stop the above loop and make it exit while clicking on button CPortScanView::m_cBtnStop, I got CPortScanView::m_nCounter value to one unit more than CPortScanView::m_maxPort in message handler CPortScanView::OnButtonStop().

    Since the results of port scanning are saved in a CPtrList object member variable called CPortScanView::*m_pStatusList as a linked list, the contents of each node is not only visible in object CListCtrl::m_cResult but also accessible to save in a text file.

    The submitted code can also support UNICODE by adjusting the options and settings as described in MSDN.

    You must Sign In to use this message board.
     
     
    Per page   
     FirstPrevNext
    QuestionHOW to modify it to scan ports on a IPv6 machine ?
    Ather Zaidi
    5:48 9 Apr '08  
    Hi,
    suppose my machine has a IPv6 address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
    and i want to use your port scanning code to scan which ports are open on my machine or any other IPv6 machine that is in my network.
    can you please suggests which functions I have to change so that I can enter a IPv6 address instead of an Ipv4 address.
    Thanks and Regards
    Ather
    GeneralIs there a way to detect Network Printers' IP addresses?
    Jan Palmer
    21:43 25 Dec '06  
    I have been trying to solve on how to detect IP addresses based on my installed printer drivers around my network but I am getting frustrated each day..heheh.. Win32_Printer, Win32_NetworkAdapter and Win32_TCPIPPrinter failed to get the information that I want..

    if you're kind enough share your knowledge to email it to me at janverge@gmail.com


    thanks again..

    Merry Christmas

    nice one..

    GeneralWhy it can't work well on windowXP ?
    ginkgo1980
    21:49 12 Jun '05  
    The scanner can work well on window2000,but it can work so well on windowXP.
    For example,it can scan port 25 of the host(61.135.153.184) on window2000,but on windowXP it can't .Why?
    Sorry,my English is very poor.


    Nothing!
    GeneralThanks for the Code
    Iainws
    3:31 15 Jan '05  
    Hey - great article. It helped me to understand that i can work with IP's and ports with C++.

    I am only beginning my journey in programming, but i see the benifits of learning this kind of line if i am able to beef my own kind of intellect in security.

    Might i add that you resolved a minor querie that i had about scanning a port. If it were a real port, like with boats, whats the point in radioing the harbour to see if people are around? No articles i have read besides yours forwards the notion of going in and seeing what's around, having a party, looking about, taking a stroll, asking for directions etc. Most just say that you need to see if it is technically ON or OFF. True? Then whats the issue?

    Maybe you could reason that an open port is like where the hackers attack - like pirates right? Isnt this just paranoia? Do they really exist? I mean i dont think i will ever be a hacker because it would be like being a pirate - a beard, a parrot, peg leg, map, sword, eye patch etc. Can they attack and get in - or are they just making prank calls to people?

    I am sort of serious here. I am not denying the existance of a hacker, a port scanner, port hacker, port vandle, port pirate, "pirate to port" har har - but what now after the ports are open? Are people going to get in? Are they big enough for a full scale attack by bands of pirates, or are those holes small enough not to worry about?

    Thanks anyway . . . I like this idea and i may look further into it. Is there any more code out there worth considering if i find an open porthole? Please respond.

    Iain.
    GeneralWaiting for long time!
    R.selvam
    12:25 28 Nov '03  
    Hi,

    It take more time to scan port.


    GeneralRe: Waiting for long time!
    Anonymous
    13:51 28 Nov '03  
    Depends on your Internet speed too. You can feel free to modify the code on your own to improve performance.

    Regards
    GeneralRe: Waiting for long time!
    R.selvam
    14:46 28 Nov '03  
    Thanks!
    GeneralIf you whant to see really good scanners
    wuxus
    9:32 9 Nov '03  
    just visist www.komodia.com and you get best scanners sniffers and others library.
    GeneralRe: If you whant to see really good scanners
    Michael Hendrickx
    9:19 26 Nov '04  
    This is not about best scanners and other networking tools. The person wanted to explain something. nmap still is one of the better scanners availabled.
    Generalworst scaner ever.
    wukas
    8:59 17 Jul '03  
    With such scanning technique you can seek holes only in you brain. If you whant to make something useful, better read at first about real scanning techniques. Even with simple connect you choose
    worst method - blocking sockets. If instead of deriving from CSocket you choose CAsyncSocket with nonblocking call of connect, such solution can be call scanning technique, because it can give some more performance. But even nonblocking method isn't best solution and wise hacker never use such technique, because such connections are logged.
    With your scanning method speed and holes finding are too slow. So you make useless soft.

    with best regards Rose
    GeneralRe: worst scaner ever.
    Arash Sabet
    15:20 17 Jul '03  
    Mr. Professional

    Thanks a lot for teaching me what I have ever known! This port scanner seeks holes around your ass!
    This simple sample code is not a commercial project, just a simple idea to go! Instead of making yourself angry and writing this stupid and impolite email focus on your job!

    By the way! Please consider to the following issues:

    - I guess that you are not familiar enough with object oriented programming. Because if you knew that CSocket class is inheritted from CAsyncSocket you wouldn't waste my time! Naturally the entire public and protected members of a super class are inherited by the derived classes, aren't they?

    - You are not as smart as you sound in your email because The speed of this program is dramatically depends on your internet connection speed. Also, the code of this small application is available to download, just reduce the counter that counts the number of attempts for closed ports to '1' and you'll see how fast it will work. Add threads to have a faster application. Uncomment the event section to dump the scanned port information in the list box.

    Buddy, It's not my way to answer questions but you made me to reply you in your langaue!

    Arash


    GeneralRe: worst scaner ever.
    Xakep
    14:45 6 Aug '03  
    Hi

    If somebody want to see a REAL port scanner visit www.insecure.org/nmap. Btw, sources are included

    Best regards,
    v0id
    GeneralRe: worst scaner ever.
    BearRiver
    5:39 18 Nov '04  
    It's an old article, but I'll post for others reading this too. The author is missing the point of the criticism.

    CSocket is derived from CAsyncSocket. It's a wrapper that makes it simpler to work with by dealing with the details and making the socket communication blocking. The fact that CSocket is inherited from CSocket is meaningless. CSocket REMOVES functionality from CAsyncSocket.

    Using CAsyncSocket will all you to try connecting to all your IP addresses and ports AT THE SAME TIME.

    The speed of a port scanner speed shouldn't have much to do with your internet speed for a single subnet. Your not downloading some huge file, your sending out very small number of packets per IP/Port. Your method sends out *ONE* connection request, waits for it ho-hum then tries the next one. THAT is why it's slow.

    Trust me, bandwidth is not the bottleneck in this design.

    AsyncSockets lets you fire off hundreds at once and then handle them all as they return. A design like this isn't really a scanner, it's more like a connector since you only try one thing at a time.

    Maybe not the worst scanner ever, but very elementary and limited for it's purpose.


    GeneralRe: worst scaner ever.
    iainws
    3:10 15 Jan '05  
    Is that possible? Look i am a novice but i know that you can't just *ONE* anything.

    I thought that a derived class makes things easier to work with in C++.

    Deriving somthing in C++ assigns it all the bits. You now have two things the same. If anything, taking away the derived class just makes any program more scant and limited.

    Try and derive class objects that are naturally more superior from their base objects - like making CAsyncSocket inherit all the bits from CSocket, and some more. This way you know what is not needed in either.

    GeneralRe: worst scaner ever.
    TuPacMansur
    20:25 5 Sep '05  
    Arash, the guy's got a valid point here. "Speed is dependent on Internet connection". Blocking sockets is the worst possible way to scan ports.

    Have fun

    Umer Mansoor
    GeneralHow it works
    Selevercin
    17:20 3 Apr '03  
    Hi,

    I know that you sort of explaned how it worked, but I didn't catch on. Does it check to see if a port will give a responce, and if it does then it is open?

    Does this code check to see if the port is closed?

     
    while (!pSocket->Connect(IP , nPort))
    {
    delete pSocket;
    pSocket = NULL;
    return FALSE;
    }

    Also, why does it run so slow? Is that just the nature of a scanner?

    Selevercin

    If you have a problem with my spelling, just remember that's not my fault. I (as well as everyone else who learned to spell after 1976) blame it on Robert A. Kolpek for U.S. Patent 4,136,395.
    GeneralGood article, but a suggestion..
    Soliant
    9:18 29 Nov '02  
    It would be nice if this was multi-threaded, so if a user is scanning multiple ports, after each port scan is completed, the results are displayed in the GUI.

    This is a great area of interest, "Security" is important these days.



    Soliant | email  
    "The 'B' in Visual Basic means Beginner" - R. Bischoff

    GeneralRe: Good article, but a suggestion..
    Arash Afifi
    14:13 29 Nov '02  
    Hello my friend,
    Thanks for the suggestion. As a matter of fact I had developed the code in the way that you suggested. I can't recall very well why I eliminated that section because this code was designed and developed in year 2000. You can develop my code on your own, can't you?

    Enjoy!
    Arash

    Arash Afifi
    Computer Engineer
    E-mail: afifi@sympatico.ca
    GeneralRe: Good article, but a suggestion..
    xxhimanshu
    18:44 16 Jan '03  
    hi,
    i read your article in codeproject about scanning ports. If i use your program than it can tell me which ports are opened at a particular moment. I haven't gone through your code yet but i was trying my hands on developing something like a firewall. Suppose if any ports ae open than too nobody can see it i mean it should be in stealth mode, or show it closed even if i am using it. I am looking forward to a reply from you so that i can get some information so as to how to start with it. and if there is something you can suggest i will be glad to know.
    thanks in advance
    cheers..

    Himanshu


    Last Updated 13 Mar 2001 | Advertise | Privacy | Terms of Use | Copyright © CodeProject, 1999-2010