Much like netscan.c, this was written during an exploratory phase. You give it an IP/hostname, it tells you which TCP ports are listening on that host. I never used it for evil, just for seeing what was out there. There are much better ways of doing this. Last modified August 24, 1998.

#include <errno.h> /* obligatory includes */ #include <signal.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/wait.h> #include <netinet/in.h> #include <netdb.h> #include <fcntl.h> #include <time.h> int call_socket(char *hostname, unsigned short portnum) { struct sockaddr_in sa; struct hostent *hp; int a, s; if ((hp= gethostbyname(hostname)) == NULL) { errno= ECONNREFUSED; return(-2); } memset(&sa,0,sizeof(sa)); memcpy((char *)&sa.sin_addr,hp->h_addr,hp->h_length); /* set address */ sa.sin_family= hp->h_addrtype; sa.sin_port= htons((u_short)portnum); if ((s= socket(hp->h_addrtype,SOCK_STREAM,IPPROTO_IP)) < 0) /* get socket */ return(-1); if (connect(s,(struct sockaddr *)&sa,sizeof sa) < 0) { /* connect */ close(s); return(-1); } return(s); } int main(int argc,char *argv[]){ int i,s; if (argc!=2){printf("dying...\n");return -1;} if ((s=call_socket(argv[1],1))<-1){ printf("alert!\n");return -1;} printf("scanning ports on %s\n",argv[1]); for(i=2;i<1025;i++){ if ((s=call_socket(argv[1],i))>0){ printf("%d\n",i);} close(s);} }