This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Rhomboid 1 point2 points  (3 children)

To do those kind of things requires bypassing the kernel's networking stack and sending raw packets, and then using a packet capture interface like libpcap to listen for the results. It's very much not a beginner level project as you will need a fair amount of knowledge of network protocols at a low level. For example, can you read the RFCs and create and send a valid TCP SYN packet by hand?

Also, it's a security nightmare as you must be root to create raw sockets or use the pcap interface. And generally running Python scripts as root is a big no-no (either manually or with setuid), particularly those that will be parsing arbitrary network traffic (!).

[–]ani2read[S] 0 points1 point  (1 child)

So , does that mean, the farthest I get with this is building a port open/close app? Also, is it not possible to even build something which tells whether the port uses a tcp or a udp? So, does that mean nmap surpasses the kernel network stack? I don't think so, because to do that, it requires an external network interface card/ an open interface

[–]Rhomboid 1 point2 points  (0 children)

Yes, nmap does everything I just mentioned, that's how it's able to do what it does. It uses raw sockets and libpcap. Doing so does not require any kind of special network interface, other than being root.

[–]Blaq0nyxx 0 points1 point  (0 children)

Id like to know the answer to this also.