Linux C++ socket programming question

[Lazy8s]

EDIT: Sorry that the code isn't indented or anything, it was when I posted it. I tried the "Attach Code" button but it gave me an error every time I tried to attach code.

 tags didn't work either. Is there something I should be using?

Ok, so my first post somehow didn't post. This is the short version. I have to write a port scanner for class. Very basic. I am a Java programmer but this has to be in C++ and I am new to socket programming to forgive me if the answer is simple. After reading Beej's Guide I came up with this:


#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <fcntl.h>
#include <errno.h>
#include <arpa/inet.h>

int status;
int i;
int s;
int c;
int j;
struct sockaddr_in ip4addr;
char Str[16];

int main(int argc, char *argv[])
{
	for(i = 1; i<=65535; i++)
	{
		ip4addr.sin_family = AF_INET;
		ip4addr.sin_port = htons(i);
		inet_pton(AF_INET, "131.204.36.98", &ip4addr.sin_addr);
		
		if ((s = socket(PF_INET, SOCK_STREAM, 0)) == -1)
		{
			//printf("Error creating socket");
		}
		else
		{
			//Set Non-blocking
	      		int opts;
      			opts = fcntl(s, F_GETFL);
			if (1==1) opts = (opts | O_NONBLOCK);
			else opts = (opts & ~O_NONBLOCK);
			fcntl(s, F_SETFL, opts);

			for(j = 0; j<1000; j++)
			{
				if ((c = connect(s, (struct sockaddr*)&ip4addr, sizeof ip4addr)) == -1)
				{
					//if(j==9999){printf("closed: %d\n", i);}
				}
				else
				{
					printf("open: %d\n", i);
					break;
				}
			}
		}
	}
}


The non-blocking section was causing it not to catch open ports hence the loop. This scanner runs fast but is only roughly 97% accurate (sometimes it misses ports). So I did some more reading and looking and came up with this:


#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <fcntl.h>
#include <errno.h>
#include <arpa/inet.h>
#include <unistd.h>

int status;
int i;
int s;
int c;
int j;
struct sockaddr_in ip4addr;
struct hostent *hostaddr;

int main(int argc, char *argv[])
{
	for(i = 1; i<=65535; i++)
	{
		s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
		memset( &ip4addr, 0, sizeof(ip4addr));
		ip4addr.sin_family = AF_INET;
		ip4addr.sin_port = htons(i);
		inet_pton(AF_INET, "131.204.2.251", &ip4addr.sin_addr);

		if ((c = connect(s, (struct sockaddr*)&ip4addr, sizeof ip4addr)) != -1)
		{
			printf("open: %d\n", i);
		}
		close(s);
	}
}

This one is 100% solid, but oh my GOSH is it slow. What the heck do I need to do to speed up the second version? Any help is greatly appreciated. Thank you all in advance.

 

[Markbnj]

C++ and sockets... been awhile for me, but what I assume is going on is that when you try to open a port you don't know whether it is successful or not until the request times out. Your non-blocking version wasn't waiting around to see if that happened, whereas the blocking version is.

That's my current theory anyway.

 

[Lazy8s]

Originally posted by: Markbnj
C++ and sockets... been awhile for me, but what I assume is going on is that when you try to open a port you don't know whether it is successful or not until the request times out. Your non-blocking version wasn't waiting around to see if that happened, whereas the blocking version is.

That's my current theory anyway.

Yeah, that was my first guess as well I am just not entirely sure what the solution is. I spent a few more hours looking tonight and it looks like if I go back to the non-blocking option I can somehow use select() or poll() to set a timeout. If anyone knows how that would be great otherwise I am sure I will figure it out tomorrow when I have time to look at it again.

I have read there is a way to set an interrupt as well but since I already have a threaded version of this apparently the select() or poll() is the way to go since they can manage multiple simultaneous sockets.

 

[EagleKeeper]

Theory:

Use the blocking method on seperate threads for each socket.

 

[Ken g6]

Originally posted by: Common Courtesy
Theory:

Use the blocking method on seperate threads for each socket.

Practice:

You'd have to limit it to a few thousand threads, and wait for the first to time out before proceeding, because a computer can't have too many sockets open at once. Maybe use 1024 threads and have a loop in each, counting by 1024.

Researching this, I saw a forum post elsewhere that said, for the non-blocking method, you should use select(), then determine if select returned because of a connection or because of a timeout. (No, I don't know how to do that.)

 

[EagleKeeper]

Question:

Why do you need so many open sockets?

Note: My background is to use sockets for dedicated data transfers, not open web interfacing.

 

[Lazy8s]

Originally posted by: Common Courtesy
Theory:

Use the blocking method on seperate threads for each socket.

I have a multi-threaded version and it runs about 2x as slow as this one currently does. After some reading apparently there is a lot of overhead switching back and forth between threads to check the timeout.

Originally posted by: Ken g6

Originally posted by: Common Courtesy
Theory:

Use the blocking method on seperate threads for each socket.

Practice:

You'd have to limit it to a few thousand threads, and wait for the first to time out before proceeding, because a computer can't have too many sockets open at once. Maybe use 1024 threads and have a loop in each, counting by 1024.

Researching this, I saw a forum post elsewhere that said, for the non-blocking method, you should use select(), then determine if select returned because of a connection or because of a timeout. (No, I don't know how to do that.)

Yeah, I am trying to figure out how to do that now. I will let you all know if it works.

Originally posted by: Common Courtesy
Question:

Why do you need so many open sockets?

Note: My background is to use sockets for dedicated data transfers, not open web interfacing.

This is a port scanner, I am checking every socket to see if it is open to steal your data. J/K this is for research.

 

[degibson]

Originally posted by: O.P.
The non-blocking section was causing it not to catch open ports hence the loop.

It sounds like without 'blocking', the connect() times out (as expected, since its a handshake operation). If you're serious about making a good TCP port scanner (UDP is a LOT easier, of course), try sending an IP-layer packet that is formatted to look like a TCP SYN packet instead. Any host/port pair that responds with a SYN+ACK is open. Be careful not to inadvertently SYN-flood yourself.

http://en.wikipedia.org/wiki/T...ssion_Control_Protocol
http://linux.die.net/man/7/ip <--- check out RAW sockets