端口掃描實(shí)驗(yàn)報(bào)告

1、精選優(yōu)質(zhì)文檔-傾情為你奉上網(wǎng)絡(luò)端口掃描實(shí)驗(yàn)報(bào)告 1、 網(wǎng)絡(luò)端口掃描簡(jiǎn)介TCP/IP協(xié)議在網(wǎng)絡(luò)層是無(wú)連接的，而“端口”，就已經(jīng)到了傳輸層。端口便是計(jì)算機(jī)與外部通信的途徑。一個(gè)端口就是一個(gè)潛在的通信通道，也就是一個(gè)入侵通道。對(duì)目標(biāo)計(jì)算機(jī)進(jìn)行端口掃描，能得到許多有用的信息。進(jìn)行掃描的方法很多，可以是手工進(jìn)行掃描，也可以用端口掃描軟件進(jìn)行。在手工進(jìn)行掃描時(shí)，需要熟悉各種命令，對(duì)命令執(zhí)行后的輸析出進(jìn)行分，效率較低。用掃描軟件進(jìn)行掃描時(shí)，許多掃描器軟件都有分析數(shù)據(jù)的功能。通過(guò)端口掃描，可以得到許多有用的信息，從而發(fā)現(xiàn)系統(tǒng)的安全漏洞。掃描工具根據(jù)作用的環(huán)境不同可分為：網(wǎng)絡(luò)漏洞掃描工具和主機(jī)漏洞掃描工具。前者

2、指通過(guò)網(wǎng)絡(luò)檢測(cè)遠(yuǎn)程目標(biāo)網(wǎng)絡(luò)和主機(jī)系統(tǒng)所存在漏洞的掃描工具。后者指在本機(jī)運(yùn)行的檢測(cè)本地系統(tǒng)安全漏洞的掃描工具。本實(shí)驗(yàn)主要針對(duì)前者。端口是TCP協(xié)議中定義的，TCP協(xié)議通過(guò)套接字（socket）建立起兩臺(tái)計(jì)算機(jī)之間的網(wǎng)絡(luò)連接。它采用【IP地址：端口號(hào)】形式定義，通過(guò)套接字中不同的端口號(hào)來(lái)區(qū)別同一臺(tái)計(jì)算機(jī)上開(kāi)啟的不同TCP和UDP連接進(jìn)程。端口號(hào)在065535之間，低于1024的端口都有確切的定義，它們對(duì)應(yīng)著因特網(wǎng)上常見(jiàn)的一些服務(wù)。這些常見(jiàn)的服務(wù)可以劃分為使用TCP端口（面向連接如打電話）和使用UDP端口（無(wú)連接如寫(xiě)信）兩種。端口與服務(wù)進(jìn)程一一對(duì)應(yīng)，通過(guò)掃描開(kāi)放的端口就可以判斷計(jì)算機(jī)中正在運(yùn)行的服務(wù)

3、進(jìn)程。2、 實(shí)驗(yàn)?zāi)康?. 了解熟悉MFC及的基本原理和方法。2. 加深對(duì)tcp的理解，學(xué)習(xí)端口掃描技術(shù)和，原理熟悉socket編程。3. 通過(guò)自己編程實(shí)現(xiàn)簡(jiǎn)單的IP端口掃描器模型。4.通過(guò)端口掃描了解目標(biāo)主機(jī)開(kāi)放的端口和服務(wù)程序。三、實(shí)驗(yàn)環(huán)境Windows操作系統(tǒng)VC+6.0開(kāi)發(fā)環(huán)境四、實(shí)驗(yàn)設(shè)計(jì)實(shí)驗(yàn)原理通過(guò)調(diào)用socket函數(shù)connect()連接到目標(biāo)計(jì)算機(jī)上,完成一次完整的三次握手過(guò)程，如果端口處于偵聽(tīng)狀態(tài)，那么connect()就可以成功返回，否則這個(gè)端口不可用，即沒(méi)有提供服務(wù)。實(shí)驗(yàn)內(nèi)容1. 設(shè)計(jì)實(shí)現(xiàn)端口掃描器 2. IP地址、端口范圍可以用戶輸入。

4、0;3. 要求有有好的可視化操作界面。實(shí)驗(yàn)步驟： 1、用戶界面：使用vc6.0里的MFC來(lái)開(kāi)發(fā)用戶界面 2、端口掃描：使用socket函數(shù)中的connect()連接計(jì)算機(jī)來(lái)判定目標(biāo)計(jì)算機(jī)是否開(kāi)放了要測(cè)試的端口五、代碼實(shí)現(xiàn)#include <afxext.h>#include <winsock.h>#pragma comment(lib,"wsock32.lib")#define ZERO (fd_set *)0int maxth, scanok, scannum;int portip, hoststart, hostst

5、op, startport, endport; long searchnum, searched;void usage(char *); void playx(int);void setip2(char *); void customport(char *, char *, char *); void portscannow(int);int main(int argc, char *argv)WSADATA wsadata;system("cls.exe");printf("rn= 命令行端口掃描器 PortScanner V1.0 =");if (a

6、rgc < 3) | (argc > 4)usage(argv0);return -1;if(!(stricmp(strlwr(argv1), "-p") = 0)usage(argv0);return -1;if (WSAStartup(MAKEWORD(1,1), &wsadata) != 0) printf("rnWsatartup error"); return -1;if (argc = 3)setip2(argv2);elseif (argc = 4)customport(argv0, argv2, argv3);else

7、usage(argv0);return -1;portscannow(argc);WSACleanup();return 0;void usage(char * prog)printf("Usage: %s <Option>", prog);printf("rnn <Option>:");printf("rn -p Port|StartPort-EndPort < HostName|IP|StartIP-EndIP >");printf("rnn Example: ");prin

8、tf("rn %s -p 192.168.0.1", prog);printf("rn %s -p 192.168.0.1-192.168.0.254", prog);printf("rn %s -p 21-80 192.168.0.1", prog);printf("rn %s -p 21-80 192.168.0.1-192.168.0.254rn", prog);return;void playx(int play = 0)char *plays12=" | "," / &quo

9、t;," - "," "," | "," / "," - "," "," | "," / "," - "," ",;if (searchnum != 0)for (int i = 0 ; i <= 3; i +) printf(" =%s= %d%s Completed. r", plays , searched * 100 / (searchnum + 1), &quo

10、t;%"); Sleep(5);else printf(" =%s=r", playsplay); Sleep(10);void setip2(char *cp)int host;struct hostent *testhost;char *startip = "", *endip = ""if (strstr(cp, "-") && strlen(cp) > 15 && strlen(cp) < 32)endip = strchr(cp, '-'

11、;) + 1;strncpy(startip, cp, strlen(cp) - strlen(strchr(cp, '-');hoststart = ntohl(inet_addr(startip);hoststop = ntohl(inet_addr(endip);elsetesthost = gethostbyname(startip); if(!testhost) WSACleanup( ); printf("rnCan't get ip of: %s", cp); exit(-1);memcpy(&host, testhost-&g

12、t;h_addr, 4);hoststop = hoststart = ntohl(host);void TestThread(int thread = 200)for (;)playx();if (maxth > thread) Sleep(100);else break;return;void WaitThreadEnd()Sleep(6000);printf("r rn");printf(" Wait ( %d )Thread end.rn", maxth);for(;)if (maxth > 0) Sleep(100); playx(

13、); continue;else break;printf("rn");return;void customport(char *cp, char *cp2, char *cp3)int intport;char *checker;startport = atoi(cp2);endport = atoi(cp2);if (strstr(cp2,"-")intport = atoi(checker = strchr(cp2, '-') + 1);if (intport > 0 && intport < 65536

14、) endport = intport;if (startport < 0 | startport > 65536 | endport < 0 | endport > 65535)usage(cp);exit(-1);setip2(cp3);UINT portscan(LPVOID port)int addr = portip; int sock;struct fd_set mask;struct timeval timeout;struct sockaddr_in server;unsigned long flag = 1;sock = socket(AF_INET,

15、 SOCK_STREAM, 0);if (sock = INVALID_SOCKET)printf("rnSock Error:%s", WSAGetLastError();maxth -;return -1;server.sin_family=AF_INET;server.sin_addr.s_addr = htonl(addr);server.sin_port = htons(short(port); playx();if (ioctlsocket(sock, FIONBIO, &flag) != 0)printf("rnSock Error:%s&q

16、uot;, WSAGetLastError();closesocket(sock);maxth -;return -1;connect(sock, (struct sockaddr*)&server, sizeof(server);timeout.tv_sec = 18;timeout.tv_usec = 0;FD_ZERO(&mask); FD_SET(sock, &mask); switch(select(sock + 1, ZERO, &mask, ZERO, &timeout)case -1: printf("rnSelect() er

17、ror"); maxth -; return -1;case 0: maxth -; closesocket(sock); return -1;default:if(FD_ISSET(sock, &mask) shutdown(sock, 0); printf(" Found: %s Port: %d open.rn", inet_ntoa(server.sin_addr), ntohs(server.sin_port); closesocket(sock); scanok +; maxth -; return 1;return 0;void portsc

18、annow(int xp)int sport;char *timenow, timebuf32;char *ports32="21","22","23","25","53","79","80","110","111","113","123","135","139","143","443","

19、;512","513","514","515","540","1080","1433","1521","1524","3306","3389","5631","6000","6112","8000","8080","12345"timenow = _strtime(ti

20、mebuf);printf("rnPortScan Start Time: %srnn",timenow);maxth = 0;scanok = 0;scannum = 0;searched = 0;searchnum = hoststop - hoststart +1;if(xp = 3)searchnum = searchnum * 32;if(xp = 4)searchnum = searchnum * (endport - startport +1);for (portip = hoststart; portip <= hoststop; portip +,

21、scannum +)if (portip % 256) = 0 | (portip % 256) = 255) if(xp = 3) searchnum = searchnum - 32; if(xp = 4) searchnum = searchnum - (endport - startport +1); scannum -; playx(); continue;if (xp = 3) for (sport = 0; sport < 32; sport +, maxth +, searched +) TestThread(180); CWinThread * pthread = AfxBeginThread(portscan,LPVOID(atoi(char*)portssport); Sleep(120); if (xp = 4) sport = endport - startport; if(sport > 500 ) for(sport = startport; sport <= endport; sport +, maxth +, searched +) TestThread(2000); CWinThread * pthread = AfxBeginTh