Discussion:
lightweight scan strategy - libnet?
David Wuertele
2005-02-09 20:03:10 UTC
Permalink
I've got an embedded system on which I want to host a very lightweight
and fast SMB scanner. This scanner will need to ping a large number
(hundreds, potentially thousands) of IP addresses, and for each host
that replies it will try connecting to port 139, just to see if it is
open. That's all this program has to do.

If I want to maximize speed and simplicity, do you think that libnet
is the right way to inject packets? It doesn't appear that libnet has
a facility for getting replies --- is there a more suitable library
that does?

Thanks,
Dave
Mike Schiffman
2005-02-16 02:43:58 UTC
Permalink
Sure, libnet with libpcap is what you want. You can cannibalize the
code from the sample files, or if you want to be an early adopter, I'll
be releasing hummingbird soon (super fast asynchronous scanning
framework) and it already has everything you need. The ICMP_ECHO
module will ping hundreds of thousands of hosts if you need it to, and
do it faster than anything else out there today and the TCP_PORT module
will do the TCP port scanning to port 139...
Post by David Wuertele
I've got an embedded system on which I want to host a very lightweight
and fast SMB scanner. This scanner will need to ping a large number
(hundreds, potentially thousands) of IP addresses, and for each host
that replies it will try connecting to port 139, just to see if it is
open. That's all this program has to do.
If I want to maximize speed and simplicity, do you think that libnet
is the right way to inject packets? It doesn't appear that libnet has
a facility for getting replies --- is there a more suitable library
that does?
Thanks,
Dave
--
Mike Schiffman, CISSP
http://www.packetfactory.net/schiffman
Doveryay No Proveryay
David Wuertele
2005-02-16 18:18:24 UTC
Permalink
Mike> or if you want to be an early adopter, I'll be releasing
Mike> hummingbird soon (super fast asynchronous scanning framework)
Mike> and it already has everything you need. The ICMP_ECHO module
Mike> will ping hundreds of thousands of hosts if you need it to, and
Mike> do it faster than anything else out there today and the TCP_PORT
Mike> module will do the TCP port scanning to port 139...

Oooh, I'm all about early adoption. Where do I sign up?

Loading...