Use VC ++ for port scanning

I. Preface

A port is a potential communication channel and an intrusion channel. A port scan on a computer can obtain a lot of useful information. Scan can be performed manually or by using Port Scan software. During manual scanning, You need to familiarize yourself with various commands and analyze the output after the command is executed. When scanning with the scanning software, the scanning software can perform corresponding data analysis functions.

This article introduces the working principle and technical advantages of the scanner, and finally creates a simple scanner with a program.

Ii. working principle and technical advantages of scanners

A scanner is a program that automatically detects remote or local host security vulnerabilities, by using a scanner, you can discover the distribution of various TCP ports on the remote server, the services provided, and the software versions they use! This information can indirectly understand the security problems of the remote host.

The scanner works by connecting to different remote TCP/IP ports and recording the response from the target. In this way, you can collect a lot of information about the host (whether anonymous logon can be performed, whether there is a writable FTP directory, and whether Telnet can be used; httpd is running with root or nobady ......).

One of the main functions of the scanner is to discover a host or network and check which services are running on this host. In addition, the scanner can further test these services and discover system vulnerabilities. To implement these functions, you only need to use a simple TCP connect () scan. The CONNECT () System Call provided by the operating system is used to connect to each target computer port. If the port is in the listening status, connect () is successful. Otherwise, the port cannot be used, that is, it does not provide services.

The biggest advantage of this technology is that it does not require any permissions. Any user in the system has the right to use this call. Another advantage is speed. If you use a separate connect () call to each target port in a linear manner, it will take quite a long time. We can open multiple sockets at the same time to accelerate scanning. The use of non-blocking I/O allows you to set a low time exhaustion cycle, while observing multiple sockets.

3. Procedures

① Use Appwizard to create a dialog box-based application. Note that the program must support winsocket.

Add resources for the dialog box, as shown in the following figure. The preceding is an IP address, and the following is an editing box. Click "scan" and Its ID is id_scan.

Self-made scanner Interface

② Add control variables, as shown in the following table:

③ Add the testconnection Function

The function mainly creates a socket and then tests whether the port is opened through the connect method. The main code is as follows:

Bool cportscandlg: testconnection (cstring IP, unit nport)

{

Csocket * psocket;

Psocket = new csocket;

Assert (psocket );

If (! Psocket-> Create ())

{

Delete psocket;

Psocket = NULL;

Return false;

}

While (! Psocket-> connect (IP, nport ))

{

Delete psocket;

Psocket = NULL;

Return false;

}

Psocket-> close ();

Delete psocket;

Return true;

}

④ Add a function for id_scan.

Simply accept the data and call the testconnection (IP, Port) function.

Now, the port scanning program is complete, which implements a simple port detection function.