Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re^4: udp recv question

by smackdab (Pilgrim)
on Jun 28, 2004 at 03:30 UTC ( #370087=note: print w/ replies, xml ) Need Help??


in reply to Re^3: udp recv question
in thread udp recv question

I VERY MUCH APPRECIATE YOUR COMMENTS.

I can also be quite dense on some of these matters...but:
I am NOT trying to SEND an ICMP packet.
I AM trying to see if a remote UDP port is "open"
My assumption has been to send a UDP packet out
and if the port is CLOSED, then I get a ICMP error msg back
Otherwise I know the remote port is OPEN...

The code above sends an UDP packet out and an ICMP error msg is sent back. But I DON'T know how to grab it. I tried reading on the UDP and ICMP sockets but neither *seem* to have it.

Are you saying that I need to send an ICMP packet out???

Again, sorry if I am missing something completely obvious ;-)


Comment on Re^4: udp recv question
Re^5: udp recv question
by JamesNC (Chaplain) on Jun 28, 2004 at 04:13 UTC
    Yes, he is telling you that.

    Taken from the RFC 768

    The UDP protocol provides a procedure for application programs to send messages to other programs with a minimum of protocol mechanism. The protocol is transaction oriented, and delivery and duplicate protection are not guaranteed. Applications requiring ordered reliable delivery of streams of data should use the Transmission Control Protocol (TCP).
Re^5: udp recv question
by tachyon (Chancellor) on Jun 28, 2004 at 04:22 UTC

    You need to read up on port scanning. UDP is connectionless ie you can't see if a port is open by seeing if you can connect a socket to it, you have to send some data and check for a response.

    Port scanning usually means scanning for TCP ports, which are connection-oriented and therefore give good feedback to the attacker. UDP, or connection-less traffic, responds in a different manner. In order to find UDP ports, the attacker generally sends empty UDP datagrams at the port. If the port is listening, the service will send back an error message or ignore the incoming datagram. If the port is closed, then the operating system sends back an "ICMP Port Unreachable" message.

    Note that UDP packets may be dropped by all manner of devices along the way (so you get no response). The response, if it is coming, will arrive on the socket you sent the probe out on as shown. You have to send some sort of valid(ish) UDP packet to incite a response from the server.

    NetworkInfo::Discovery::Scan does what you want and you can pull code from there.

    cheers

    tachyon

      I did that reading, and I thought I provided a complete sample program that does exactly the technique you describe.

      From a sniffer, I know a UDP packet goes out and an ICMP one comes back.

      I can't figure out to read the ICMP into memory (not decode, just read into a buffer...)

      No worries, no more comments needed, I'll review my code in the morning...maybe a good night sleep will clear out the cobbwebs...

        you'll have to use Net::Pcap most likely. use it to capture the appropriate ICMP packets that may be returned in response to your UDP packet. dealing with ICMP requires root access and is a pain.

        i would just make a call out to nmap or some other external port scanner.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://370087]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2014-12-25 09:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (159 votes), past polls