It helps to learn about and study the system before trying to defeat it rather than just following instructions with little background/knowledge which will get you no where when dealing with different scenarios, try read some books on firewalls, maybe this is a good start:

http://www.amazon.co.uk/Firewalls-Internet-Security-Addison-Wesley-Professional/dp/020163466X/ref=sr_1_7?s=books&ie=UTF8&qid=1357663320&sr=1-7

What SecurityMonkey meant is that the HR won't appreciate them, so in other words, the won't get you a job or anything.

Great stuff on Hack.me, don sounds cool 

Hi H1t M0nk3y,

I am using Java for this task, first I didn't know that Java does not have access to the IP layer (the lowest it can get is to Transport Layer), so I did some research and found out about the pcap library. The job was easier after I found out that the JPCAP library exists (not the one on sourceforge), which uses the WinPcap/LibPcap libraries, wraps them up from C to Java including the important functions of pcap such as reading/sending packets, it is actually written for sniffing the network but since it can send packets I am using it to scan ports, I have figured out how to send a packet with controlling flags, also read the flags set in the responding packet form the target also I have a full control of all the headers (introducing spoofing), supporting different protocols (TCP/UDP/ICMP/ARP), I am aware of what happens in the back end when sniffing the packet as Tcpdump provides a very well written document for that (at the kernel space and user space), only not fully aware on how the sending part occur as there is no documents for that. The challenging part is multi-threading (at least for me), imagine the control of threads when the users scans 1000 or 60000 ports, struggling with this, also when the user enters multiple hosts, so its like creating multiple threads of threads.

I am doing this for educational purposes and also provide some functions that are not in other scanners such as schedulers that Maxe suggested and some others, my program isn't strong enough yet (it can't detect the OS) this is a whole topic by itself and requires a lot of researches, really just trying to make it decent/simple at first then will add more complex features such as idle scanning/OS fingerprinting.. and yes it is CHALLENGING!

How about you what languages do you use for this?

Thanks,

I was actually speaking of doing this in object oriented programming, this isn't an issue in nmap I know but it is for me, now you got me into thinking of actually doing it, it introduces a lot of multi-threading control but your post was just a reminder for me on how important it is. keep them coming 

This could slow down the process of scanning as the network interface buffer could get overloaded if the user scans loads of multiple hosts. also can introduce multi-threading risks. thanks for trying though  

MaXe, excellent idea thanks

Hi,

From all the port scanners you have been using, is there a function that you always find missing? I am trying to come up with new ideas for a port scanner, like a cool/powerful feature. Any ideas I'm kind of stuck (It can be anything from GUI to command-line)

Thanks

ajohnson, exactly, its just that when dealing with raw sockets.. you can mess things up badly (at least at your side).

superkojiman, thanks again, apart from what you said I also compared those scans:

nmap -sT scanme.nmap.org -p22:
22/tcp open   ssh

nmap -sU scanme.nmap.org -p22:
22/udp closed ssh

Its just sending UDP packets to all 1000 ports and checking for UDP services, I though that I had to filter all the TCP port numbers out when performing UDP scanning (programming wise). But that’s not efficient anyway since the application can be set to listen on any port and that UDP won't connect to a TCP, this make a lot more sense now.

Thanks,

superkojiman, thanks very much for this information, I don't understand why Fyodor set it like this. I am programming a port scanner and I want to know what are the action made when a UDP packet is sent to a TCP port to check the state of the port (open/closed). In reality what happens if a UDP frame is sent to a TCP port? I am trying to research on this topic, all I get is the difference between TCP and UDP which isn't a mystery.

Thanks alot.

Hi all,

When you scan a host using Nmap without specifying ports, by default it scans 1000 TCP ports, or 1000 UDP ports if you specifically ask Nmap to scan UDP ports (-sU). As far as I am concerned UDP ports are less than TCP ports. What is Nmap actually doing? There is a conflict here, for example port 20 (FTP) is a TCP port, when sending a UDP packet to a TCP port for example "nmap -sU scanme.nmap.org -p 20", Nmap output is:

20/udp closed ftp-data

What? 20 is TCP how did this happen, how did it read the status of the port when the port is TCP and not UDP. Another questions, Nmap states that UDP and TCP cannot be sent together, so when performing a stealth scan (-sS), does this means that it is performing a half-open connection scan only on TCP ports?

Thanks

Hi forum,

I am trying to write a port scanner using JPCAP library in Java, the thing is and before I go deeper into coding. I wanted to do some research on how can a programmer handle the packet instead of the tcp/ip stack on kernel. I mean I can just write the program without knowing what is happening at the back end which is not satisfying for me. I am a little confused about this topic. As far as I know is that kernel is responsible for building, sending and receiving a packet, but a programmer can bypass the kernel packet's handling and take control of sending/modifying packets.
So for instance when I write a program that can access the IP layer, with the ability of building up the packet + modifying it and what not. This just means that my program did bypass the kernel.. how does that happen?
Can someone guide me or mention a good recourse on this.

Note: I know how to write a program that can craft a packet I just need to do some researches on what happens at the back-end.
FYI: JPCAP is a library based on libpcap/winpcap

Thanks

Ops.. forget what I said apparently blanked out & got the whole thing wrong. I need some rest. Thanks hayabusa for embarrassing me. just joking  

You might wanna change "namp" to "nmap", also the gateway isn't always 192.168.1.0, the script is good over all, but try replace 192.168.1.0 with localhost so you don't have to change it every time when using different networks. Just like this:

nmap -sP localhost/24 > /pentest/results/scans/pingscan.txt && echo scan complete.

Thanks for sharing