Security check
Now that I know how to use Winsock in VB, I''ve taken it upon myself to write a port scanner to look for holes in my system.
Currently it tries to open a port and waits for a reponse then closes the connection and posts a message if it was successful. It takes about 1 sec to check a port (==9 hours for a full scan). Is there any way to speed that up?
Besides checking multiple ports at once?
Ben
I''ve tried port scanners before. They usually are multithreaded and have about 50 threads running at any one time. There might be a trick which allows you to check if a port is listening without connecting. Perhaps there is some state flag somewhere in windows.
Good Luck
-ddn
Good Luck
-ddn
Uh, what about non-blocking sockets?
There''s no way to check if someone''s listening to a port on a remote computer apart from sending a SYN packet. Whether you do that through connect() or through raw sockets is up to you (raw sockets might be less straining for your PC''s resources).
If you''re locally on the computer, you can just run netstat -a. I don''t know what netstat actually does on Windows. On Linux, it''s implemented by cat''ing some files in the /proc filesystem.
cu,
Prefect
There''s no way to check if someone''s listening to a port on a remote computer apart from sending a SYN packet. Whether you do that through connect() or through raw sockets is up to you (raw sockets might be less straining for your PC''s resources).
If you''re locally on the computer, you can just run netstat -a. I don''t know what netstat actually does on Windows. On Linux, it''s implemented by cat''ing some files in the /proc filesystem.
cu,
Prefect
You need to use a non-blocking connection when you connect.
If you use a blocking it will idle until there is a connection, this is very time consuming unless you multithread every connection (which would be horrble on memory management for your purposes).
Use a non-blocking socket, and write a function that set wether a port responded. Get the port number the respoonded, and set that as true in an array.
After you are done, just scan your array for the ports that responded.. and voila.
If you use a blocking it will idle until there is a connection, this is very time consuming unless you multithread every connection (which would be horrble on memory management for your purposes).
Use a non-blocking socket, and write a function that set wether a port responded. Get the port number the respoonded, and set that as true in an array.
After you are done, just scan your array for the ports that responded.. and voila.
just a word of advice. you should only be doing this as a learning expierence, since you really need to do a udp and tcp scan. there are even tricks to which use half connects and such which allow more accuarate/faster scanning. so dont feel safe just because you run your scan (though you should be pretty safe unless you download spyware/adware/trojans/virii).
now on to speed ups.
1. multithreading is a good idea, or at least multiple connects happening at once. try not to go over 25 simultanous connects though.
2. scan only ports with known services. this greatly reduces the amount of ports required in a scan.
good luck.
now on to speed ups.
1. multithreading is a good idea, or at least multiple connects happening at once. try not to go over 25 simultanous connects though.
2. scan only ports with known services. this greatly reduces the amount of ports required in a scan.
good luck.
How do I tell Winsock to connect with UDP or TCP? Or does it even care in VB?
I just need to set up the option to open a local port and it''ll work as an FTP client. Right now I can download web pages in plain text. I don''t know if that uses UDP and/or TCP though.
With the program you set a range of ports to check so you don''t have to check them all. It''s just a good idea.
Ben
I just need to set up the option to open a local port and it''ll work as an FTP client. Right now I can download web pages in plain text. I don''t know if that uses UDP and/or TCP though.
With the program you set a range of ports to check so you don''t have to check them all. It''s just a good idea.
Ben
When you are downloading plain text webpages, you are using TCP. And it''s not FTP, it''s HTTP.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement