Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

in Java, how to achieve UDP port scanning?

new here, I'm working on a program for port scanning, TCP works well, but I don know how to ahieve UDP ports scanning. Say I wanna know whether UDP port XXXX on another host in this LAN is open. will this code do the work? if not, what's the problem?

protected String scanUDP(InetAddress IP, int port)
{
    try{
        byte [] bytes = new byte[128];
        DatagramSocket ds = new DatagramSocket();
        DatagramPacket dp = new DatagramPacket(bytes, bytes.length, IP, port);
        ds.setSoTimeout(1000);
        ds.send(dp);
        dp = new DatagramPacket(bytes, bytes.length);
        ds.receive(dp);
        ds.close();
    }
    catch(InterruptedIOException e){
        return "CLOSED";
    }
    catch(IOException e){
        return "CLOSED";
    }
    return "OPEN";
}

just a newbie, still learning. thanks!

like image 548
ralphxiaoz Avatar asked May 03 '11 10:05

ralphxiaoz


People also ask

How would the UDP ports respond to a port scan?

If there is a service running, you might get a UDP response, which means the port is open. No response could mean that the port is open or filtered. One more logical use of a UDP scan is to send a DNS request to UDP port 53 and see if you get a DNS reply.

Is Java good for UDP?

Java provides the reliable stream-based communication for TCP as well as the unreliable datagram communication for UDP. The socket API in Java is provided in the java.net package which has several classes supporting socket-based client/server communication.


2 Answers

UDP is connectionless, so you can't expect a response packet, necessarily. If the port is closed, you might get an ICMP error message, though there's no guarantee of this (e.g. a firewall could silently drop the packet).

like image 52
artbristol Avatar answered Oct 09 '22 05:10

artbristol


UDP Port Scanning is possible, but it is harder than TCP scanning.

One method I have used in python is to slowly scan a host on three or four high-numbered UDP ports and check for ICMP Port Unreachable messages from that host. If you get any of those back, you know that ICMP messages are allowed on the path, so you can reliably infer that lack of a response is an open port. If all those high-numbered ports fail, you must resort to application-aware techniques to guarantee success. Be aware that this should be done slowly (maybe once every second or so) to reduce the probability of host-level ICMP rate-limiting.

like image 33
Mike Pennington Avatar answered Oct 09 '22 06:10

Mike Pennington