SYN Scanner?

Jun 19, 2012 at 2:10 AM

Are there any examples of implementing a fast SYN (half-open) scanner? We need to integrate a fast half-open scanner into an existing .NET-based network auditing tool and winpcap seems like the best choice. Unfortunately it's unlike anything I've ever attempted so I'm not entirely sure where to start. The needs are pretty simple -- we just need to look for a single open port but we need to do it really, really fast since the audit will run continually on quite a few IP addresses (it's a big company, they have 10k+ IPs).

Jun 22, 2012 at 6:25 AM

Hi TKraken,


It seems that you simply need to send TCP SYN packets to different IPs, and try to capture the responses (SYN ACK).


Can you be more specific as to what problem you encounter when trying to implement this?



Jun 22, 2012 at 12:45 PM

That was my thought but I was more or less guessing. As simple as it sounds, I just don't have any idea how to get started implementing it. Maybe I've looked over an example that shows how to do something like that?

Jun 23, 2012 at 9:52 AM

If you want to learn how to create Pcap.Net packets, you can look at the examples in the User Guide that are also available in the Developer's pack.

If you want to know how should Port scanning packets look like, you can try some port scanning tools that are available online, capture their packets in Wireshark and try to recreate them in Pcap.Net.


I hope this helps,