1
// Small program to find out packet-filtered ports
2
// (SYN) (C) 2001 Sebastian Krahmer, use at your own risk
11
using namespace usipp;
18
int main(int argc, char **argv)
20
char s[1000], filter[1000];
22
// only TRUEs allowed. Closed ports dont
24
map<unsigned short, bool> push_open, syn_open;
26
unsigned short port = 0;
30
printf("usage: %s <target> <source> <interface>\n", argv[0]);
34
TCP tcp(argv[1]), sn("localhost");
36
// setting port to >1023 will avoid source-port alerts in IDS
37
tcp.set_srcport(7350);
39
if (strcmp(argv[2], "0") != 0)
42
// one might change this to TH_URG to have an urgent-scan then
43
tcp.set_flags(TH_PUSH);
46
sn.init_device(argv[3], 1, 60);
47
snprintf(filter, sizeof(filter),
48
"tcp and src %s and dst %s and port 7350", argv[1], argv[2]);
50
for (port = MINPORT; port <= MAXPORT; port++) {
51
tcp.set_dstport(port);
56
if (sn.sniffpack(s, 60) == 0 && sn.timeout())
57
push_open[port] = true;
61
tcp.set_flags(TH_SYN);
62
for (port = MINPORT; port <= MAXPORT; port++) {
63
tcp.set_dstport(port);
68
if (sn.sniffpack(s, 60) == 0 && sn.timeout())
70
if (sn.get_flags() == (TH_ACK|TH_SYN))
71
syn_open[port] = true;
73
map<unsigned short, bool>::iterator i;
74
for (i = push_open.begin(); i != push_open.end(); ++i)
75
printf("%d P-open.\n", i->first);
78
for (i = syn_open.begin(); i != syn_open.end(); ++i)
79
printf("%d S-open.\n", i->first);