Dear All,

I'm writing a TCP port scanner - it is nearly finished. I wondered if anyone would be interested in reviewing my code and/or testing it?

Ok, I realise that the first reply to this would have said "Why not just use nmap"

So I will reply now to save you the trouble of asking.

---

"Why not just use nmap"

Slowscan by Slarty is a port scanner which under some circumstances, outperforms nmap by several orders of magnitude. It has none of the advanced features of nmap (It doesn't ping, UDP scan, Idle scan, OS version detect or protocol version detect).

However it can scan a lot of ports in a short amount of time with a reasonably high level of accuracy.

Slowscan behaves similarly to nmap with -sS, -P0

If you've ever used nmap -sS -P0 you will know that it spends an enormous amount of time trying to scan hosts which are down before eventually timing out. This is because nmap does not port scan hosts in parallel (it does ping them in parallel which is why the -P0 is important).

Slowscan does all its scanning using a high level of parallelisation. Its timing settings consist of a minimum time between sent packets, syn timeout, and number of retries. It scans each host serially, but over a large number of hosts it scans entirely in parallel.

Because it behaves like -sS it is fairly unobtrusive in normal operation. Each port will have a maximum of n SYN packets sent to it (per host) and nothing more. Servers which are up and sending resets will be skipped very quickly. Servers which are down will take a little longer but not delay things too much, as there are no extra unnecessary packets sent (ala nmap)

A future version will also create a temporary local firewall rule to prevent resets being sent out, thus reducing the bandwidth usage further.

NB: this is Linux only at the moment, and fairly likely to stay that way (Unless someone feels like porting it_

Cheers
Slarty