TCP and UDP Port Scanner

PROGRAM DESCRIPTION:

For this project you will implement a basic network port scanner in C or C++. Port scanning software can analyze a machine for open network ports. They are an invaluable tool for network administrators and security analysts in verifying the security of machines in their network and proving proper implementation of firewall technologies. They are also one of the first tools used by attackers once they have identified a target as it allows them to quickly enumerate possible entry points and methods to escalate their access. An example of a well-known, open source port scanner is Nmap. In this project you will create a stripped-down port scanner, written for network administrators interested in ensuring that machines on their network run only expected services. During this project, you will also gain experience with basic socket programming.

Note: A malleable port scanning tool can be an excellent resource in network assessments and could be a very useful tool for you in the future, so make sure that you do a good job at writing this one.

PROJECT SPECIFICATION:

The basic idea behind a port scanner is simple: Given the IP address of a machine and a list of ports to scan, the scanner will connect on each port using TCP sockets, make a determination of whether or not the port is open based on success of the connection request and close the socket before moving on to the next port to scan (send a TCP RST command). For this project, you will NOT allow for "half-open" scans (connection requests without a corresponding close) as it can lead to network failures (though you may want to consider this ability for your own use later on). Also, It will then similarly scan UDP sockets to attempt to enumerate closed ports there. For this exercise, you will simply make a UDP determination based on whether or not you receive an ICMP Destination Unreachable message.

Specifics of Expected Port Scanner Functionality:

Your scanner should run on the CSE Linux machines and you must write it in C/C++. An administrator would invoke it as: "./portScan [option1, ..., optionN]". Implement the following options:

• --help < display invocation options>
• --port < ports to scan>
• --ip < IP address to scan>
• --file < file name containing IP addresses to scan>
• --transport < TCP or UDP>

You may also wish to allow for "shortcut" variations (-p for ports) but this is not a requirement.

Details of each option are given below:

• help: When portScan is invoked with this option, it should display the various options available to the user as well as the accepted input format/s.
• ports: You portScan will scan ports 1-1024 by default. However, if this option is specified, it will scan any individual ports or the range specified on the command line from 1 to 65535. Your program must allow for entry of an individual port (--port 23), a list of comma-separated values (--port 21, 80, 443) or a range separated by a hyphen "- including the listed ports (--port 2000-3000).
• ip/file: These options allow a user to scan an individual IP address, a comma separated list of IP addresses, a hyphenated range of IP addresses within the same subnet, or a list of IP addresses from a file respectively. When IP addresses are specified in a file, you can assume them to be one on each line. A user may invoke the portScan with more than one of these options. If none of these options are specified, check for the presence of an individual IP address as an argument. If that check also fails, flag an error and ask the user to try again.
• transport: By default, your portScan should scan both TCP and UDP ports. However, a user can specify if he/she wants to scan only TCP or UDP ports.

Output: After each invocation, the portScan should output a succinct summary of the list of open TCP and UDP ports on each IP address. Additionally, for each open port from 1 to 1024, it will include the name of the service that is likely running. To find services associated with ports [1-1024], visit http://www.iana.org/assignments/port-numbers.

Sample Output File:

started Mon Nov 19 20:14:15 CST 2018 .
--------------------------------- .
192.168.1.1 .
No Open Ports or Host Down .
--------------------------------- .
192.168.1.2 .
No Open Ports or Host Down .
--------------------------------- .
192.168.1.3 .
No Open Ports or Host Down .
--------------------------------- .
192.168.1.4 .
TCP PORT STATE SERVICE .
21 closed ftp .
22 closed ssh .
80 open http .
139 open netbios-ssn .
443 open http protocol over TLS/SSL .
445 open microsoft-ds .
8081 open Unknown .
.
UDP PORT STATE SERVICE . 53 open DNS .
--------------------------------- .
192.168.1.5 .
No Open Ports or Host Down .
--------------------------------- .
END OF LIST

Getting Started: Begin by familiarizing yourself with the Nmap software. This is pre-installed on Kali Linux. A simple starting point is to scan your machine, aka, localhost, via "nmap 127.0.0.1". Another useful resource is telnet which will allow you to interact with a server using a plain text command line. (try telnet towel.blinkenlights.nl for fun!)

Other Resources: As always, you are encouraged to research using Internet resources and Linux manual pages when completing the assignment. Socket tutorials such as, https://www.tutorialspoint.com/unix_sockets/ will be helpful in understanding socket programming. Another great place to start is by reviewing the RFC for the protocols themselves: https://tools.ietf.org/html/rfc793 and https://tools.ietf.org/html/rfc768