TCP Port Scanner
A minimal, single-threaded TCP port scanner written in C. Designed for educational purposes to demonstrate the fundamentals of TCP connect-based scanning.
Overview
The scanner tests a range of TCP ports on a target IP by attempting a full TCP connection (connect()).
Key characteristics:
- Sequential: Scans ports one by one (simple, but slow for large ranges).
- Non-blocking I/O: Uses non-blocking sockets with
select()to avoid hanging. - Timeout-based: Waits up to 1 second per port before reporting a timeout.
Build & Run
Compile:
gcc -o scanner scanner.c
Run:
./scanner <IP> <Start Port> <End Port>
Example:
./scanner 127.0.0.1 80 100
Output Meaning
[OPEN]— TCP connection succeeded (service listening)[TIMEOUT]— No response within timeout (likely filtered)[ERROR]— System or socket error- (No output) — Port closed (connection refused immediately)
Example Use Cases
-
Verify local services
./scanner 127.0.0.1 8080 8080 -
Check common service ports
./scanner 127.0.0.1 22 3306 -
Detect filtered or non-responsive hosts
./scanner 192.0.2.1 80 85
Notes & Limitations
- Scanning large ranges (e.g.
1–65535) is slow due to sequential execution. - Uses a full TCP handshake (not stealthy).
- No service, version, or OS detection.
- Intended for learning, not production use.
Comparison with Nmap
| Feature | This Scanner | Nmap |
|---|---|---|
| Scan Speed | Sequential | Parallel |
| Scan Technique | TCP connect | Multiple |
| Service Detection | No | Yes |
| OS Detection | No | Yes |
| Extensibility | No | NSE scripts |
Troubleshooting
If you see [ERROR]:
- Verify the IP address
- Check network connectivity
- Ensure outbound connections are allowed
- Confirm you have permission to scan the target
Future Improvements
Possible extensions to improve functionality and performance:
- Parallel Scanning: to scan multiple ports concurrently.
- Configurable Timeout: Allow users to set custom timeout values.
- Scan Modes: Add support for half-open (SYN) scans instead of full TCP connects.
- Service Identification: Perform basic banner grabbing to identify common services.
- IPv6 Support: Extend the scanner to handle IPv6 addresses.
- Output Options: Support machine-readable formats (e.g., JSON) for automation and scripting.
Disclaimer: Scan only systems you own or have explicit authorization to test. Unauthorized port scanning may be illegal.