Coding Challenge  #45 - Port Scanner

Coding Challenge #45 - Port Scanner

This challenge is to build your own version of a port scanner like nmap .

A port scanner is an program that probes a host to identify open network ports. Bad actors use port scanners to find network services running on a host in order to find and exploit vulnerabilities. Security analysts and network administrators use port scanners to confirm network security policies are being complied with.

Nmap (short for Network Mapper) is probably the most widely used port scanner. It is a free open source tool written in C. You can find the source in the Nmap GitHub repo if you’re interested in digging into it.

If You Enjoy Coding Challenges Here Are Five Ways You Can Help Support It

  1. Sign up for the newsletter on Substack. ??
  2. Refer a friend or colleague to the Substack newsletter . ??
  3. Sign up for a paid subscription - think of it as buying me a coffee ?? twice a month, except you also get 20% off any of my courses . ??
  4. Buy one of my courses that walk you through a Coding Challenge. ??
  5. If you work for a company that sells to software engineers, encourage them to sponsor the newsletter . ??

The Challenge - Building A Network Port Scanner

In this challenge we’re going to build a command line tool to scan a network or range of host looking for open ports.


How a Port Scanner Works

Running a port scan on a network or server reveals which ports are open and listening as well as revealing the presence of devices, such as?firewalls.

Port scanning is a valuable technique for both testing?network security?and the strength of the system’s firewall. For the same reason it is also a popular starting point for bad actors seeking a point of access to break into a network or server.

Ports vary in their services offered. They are numbered from 0 to 65535, but certain ranges are more frequently used. Ports 0 to 1023 are identified as the “well-known ports” and have been assigned services by the Internet Assigned Numbers Authority (IANA). Some of the most prominent ports and their assigned services include:

  • Port 20 (UDP) — File Transfer Protocol (FTP).
  • Port 22 (TCP) — Secure Shell (SSH).
  • Port 23 (TCP) — Telnet protocol - usually not available these days due to it being unencrypted and therefore unsecure.
  • Port 53 (UDP) — Domain Name System (DNS).
  • Port 80 (TCP) — HTTP.
  • Port 443 (TCP) — HTTPS.

There are standard services offered on ports above 1023 too - for example, as we saw in the build your own Redis challenge, the default Redis port is 6379.

There are other ports that, if open, may indicate a system that has been compromised. Thus a port scanner can be an incredibly useful tool for system administrators, security engineers and anyone responsible for securing a network.


Step Zero

As always, before we tackle Step 1 of the Coding Challenge , you’re going to set your environment up ready to begin developing and testing your solution.

I’ll leave you to choose your target platform, setup your editor and programming language of choice. I’d encourage you to pick a tech stack that you’re comfortable doing network programming with - we’re building a network tool after all! ??

??WARNING - Only run a port scanner against a host that you have permission to scan??

??The good folks behind Nmap provide a public host you can scan, please read and respect their fair usage policy, details here: https://scanme.nmap.org/


Step 1

In this step your goal is to create a CLI program that will accept two command line arguments:

  1. A host
  2. A port

It will then try to open a TCP connection to the port and will report back if the port is open. For example if you have a service running locally on port 5000 and you run you port scanner it should look something like this:

% ccscan -host=localhost -port=5000
Scanning host: localhost port: 5000
Port: 5000 is open
        

If a port is open you’ll be able to make a full TCP connection to it.


Continued...

You can find Step 2 and beyond on the Coding Challenges website as build your own port scanner .

Or if you'd rather get the whole challenge delivered to you inbox every week, you can subscribe on the Coding Challenges Substack .


2 Other Ways I Can Help You:

  1. I write another FREE newsletter?Developing Skills ?that helps you level up the other skills you need to be a great software developer.
  2. I have some courses available: Build Your Own Redis Server (Python Edition) which guides you through solving the Redis Coding Challenge in Python. Build Your Own Shell (Go Edition) which guides you through solving the Shell Coding Challenge in Go.


ákos K?m?ves

Senior Software Engineer

10 个月

I just finished the wc implementation in Go. It was quite fun! Go is great! ??

要查看或添加评论,请登录

社区洞察

其他会员也浏览了