June 10th, 2005 08:56 AM
hello! i came to an idea to write my own (simple) port scanner.Everything is fine but i've got some questions:
1)how long it takes nmap to make a full connect() scan (normal home user computer)
2)how should i write a UDP scan function?? should i use connect() function to? or maby sendto() or recvfrom()...what response should i expect from the server??
BTW. I'm using winXP (that's why i'm asking u to chcek nmap-it's not working on this OS correctly)
June 10th, 2005 09:47 AM
NMap actually doesn't work well on Windows, especially SP2. You might want to pick a different scanner to base off of?
With the implementation of Windows XP Service Pack 2 (SP2), Microsoft has removed the ability to create TCP frames through the raw sockets Application Programming Interface (API). UDP packets with spoofed IP addresses are also prevented with SP2. To work around these SP2 raw socket issues, nmap was modified to create raw Ethernet frames instead of raw TCP/IP frames. This fix allows most of the nmap options to work properly, although nmap’s raw socket functions can now only create frames on Ethernet networks.
Microsoft also implemented another TCP/IP stack change to Windows XP SP2 that limits the number of simultaneous outbound TCP connections. This has a chilling effect on nmap’s TCP connect() scan (-sT), since this scan normally creates many TCP connections. There is at least one non-Microsoft patch that removes this limitation, but the use of this patch is outside the scope of this tutorial. The nmap-hackers mailing list archive has more information on Microsoft’s changes and some of the workarounds:
That should give you an idea on how Nmap does things on Windows. For the rest... why not look at the Nmap source?
I myself have never bothered to get into serious programming, but I applaud your efforts.
June 10th, 2005 10:15 AM
thx for posting..it's very helpful .(especially this tutorial)
CAN ANYBODY CHECK HOW LONG IT TAKES NMAP TO MAKE A CONNECT SCAN(LINUX OR WIN)
June 10th, 2005 10:42 AM
why dont YOU see how long it takes? It really depepnds on what type of scan you use. I have some that taken almost a minute for a single computer and some that take 5 seconds or less.
June 10th, 2005 11:40 AM
Why is the connection timing so important to you? If you want to see exactly how fast it takes for NMAP or any other scanner to perform a task, fire up ethereal and follow the connection stream. It will give you all the information you want.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
June 10th, 2005 06:43 PM
I told u in the 1st post that nmap seems to work badly on my platform ..thanks to d00p i'll be able to use it. Thanks 4 all your replies.I'll check that etheral.
June 13th, 2005 02:31 AM
If you are using nmap with SP2, there is a necessary workaround posted on the nmap site.
June 13th, 2005 03:14 AM
yea, I actually won't use Nmap on windows. But, I don't use windows often either, but that is niether here nor there. As for coding. What language? I am assuming you are going to use C. If I remember my C correctly those were C functions you were naming. Could of been java, not really sure.
Tell me the language and I will see if I can throw something together to help you. I have a portscanner I have written in C+ and another one in perl laying around somewhere. I can let you get them or just explain them to you.
I believe there is also a tutorial on writing a port scanner a 3 part tutorial if I remember correctly. It should be in the tutorials section. Can't really remember which of the 2 forums, but it is in there. It might go over a specific language though. Can't remember been a really really long time since I read it. Let me know if you want the C+ code, if you want it in C, I can think for a little while and put something together.
June 13th, 2005 04:13 AM
what you first want to do is stop using winxp.
June 13th, 2005 04:22 AM
And what pray tell is wrong with XP?
Or at least... what you think is wrong with it?