远程检查IP端口状态

发布于 2024-07-05 15:07:14 字数 344 浏览 13 评论 0原文

我找到了一篇关于在计算机上获取活动 tcp/udp 连接的文章。

http://www.codeproject.com/KB/IP/iphlpapi.aspx

然而,我的问题是我需要能够远程确定活动连接 - 以查看特定端口是否正在运行或侦听而不篡改机器。

这可能吗?

看起来不像是原生的,否则可能会带来安全问题。 另一种方法是查询远程服务,然后该服务可以在本地计算机上进行必要的调用。

有什么想法吗?

I found an article on getting active tcp/udp connections on a machine.

http://www.codeproject.com/KB/IP/iphlpapi.aspx

My issue however is I need to be able to determine active connections remotely - to see if a particular port is running or listening without tampering with the machine.

Is this possible?

Doesn't seem like it natively, otherwise it could pose a security issue. The alternative would be to query a remoting service which could then make the necessary calls on the local machine.

Any thoughts?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

2024-07-12 15:07:14

Nmap 就是您要找的。

Nmap is what you are looking for.

迟月 2024-07-12 15:07:14

如果远程计算机不知道,则无法知道哪些端口已打开。 但是您可以在端口上运行的程序不知道该信息的情况下确定该信息(即不干扰程序)。

使用 SYN 扫描:

为了建立连接,TCP 使用三向握手。 可以利用这一点在程序不知道的情况下查明端口是否打开。

握手的工作原理如下:

  1. 客户端通过向服务器发送 SYN 来执行主动打开。
  2. 服务器回复 SYN-ACK。
  3. 通常,客户端将 ACK 发送回服务器。 但这一步被跳过了。

SYN 扫描是最流行的形式
TCP 扫描。 而不是使用
操作系统的网络功能,
端口扫描器生成原始IP
数据包本身,并监视
回应。 此扫描类型也是
称为“半开扫描”,因为
它实际上从未打开完整的 TCP
联系。 端口扫描器生成
一个 SYN 数据包。 如果目标端口是
打开,它将用 SYN-ACK 响应
包。 扫描仪主机响应
RST 数据包,关闭连接
在握手完成之前。

原始网络的使用有几个
优点,让扫描仪充分
控制发送的数据包和
响应超时,并允许
详细报告答复。
关于哪种扫描是有争议的
对目标主机的干扰较小。 同步
扫描的优点是
个人服务实际上从未
收到连接,而一些
连接时服务可能会崩溃
扫描。 然而,RST 期间
握手可能会给某些人带来问题
网络栈,特别简单
打印机等设备。 没有
无论哪种方式都有确凿的论据。

来源维基百科

正如下面提到的,我认为nmap 可以进行SYN扫描。

使用套接字进行 TCP 端口扫描:

确定哪些端口打开的一种方法是打开该端口的套接字。 或者像您提到的那样到另一个端口为您找到信息。

例如,从命令提示符或终端:

telnet google.com 80

UDP 端口扫描

如果 UDP 数据包发送到未开放的端口,系统将响应 ICMP 端口不可达消息。 您可以使用此方法来确定端口是打开还是关闭。 但接收程序会知道。

There is no way to know which ports are open without the remote computer knowing it. But you can determine the information without the program running on the port knowing it (i.e. without interfering with the program).

Use SYN scanning:

To establish a connection, TCP uses a three-way handshake. This can be exploited to find out if a port is open or not without the program knowing.

The handshake works as follows:

  1. The client performs an active open by sending a SYN to the server.
  2. The server replies with a SYN-ACK.
  3. Normally, the client sends an ACK back to the server. But this step is skipped.

SYN scan is the most popular form of
TCP scanning. Rather than use the
operating system's network functions,
the port scanner generates raw IP
packets itself, and monitors for
responses. This scan type is also
known as "half-open scanning", because
it never actually opens a full TCP
connection. The port scanner generates
a SYN packet. If the target port is
open, it will respond with a SYN-ACK
packet. The scanner host responds with
a RST packet, closing the connection
before the handshake is completed.

The use of raw networking has several
advantages, giving the scanner full
control of the packets sent and the
timeout for responses, and allowing
detailed reporting of the responses.
There is debate over which scan is
less intrusive on the target host. SYN
scan has the advantage that the
individual services never actually
receive a connection while some
services can be crashed with a connect
scan. However, the RST during the
handshake can cause problems for some
network stacks, particularly simple
devices like printers. There are no
conclusive arguments either way.

Source Wikipedia

As is mentioned below, I think nmap can do SYN scanning.

Using sockets for TCP port scanning:

One way to determine which ports are open is to open a socket to that port. Or to a different port which finds out the information for you like you mentioned.

For example from command prompt or a terminal:

telnet google.com 80

UDP Port scanning:

if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. You can use this method to determine if a port is open or close. But the receiving program will know.

南街九尾狐 2024-07-12 15:07:14

neouser99(等人)建议NMAP。 如果您只想检测远程计算机上打开的端口,则 NMAP 非常有用。

但从您的问题的声音来看,您实际上是在尝试确定远程计算机上打开和连接的端口。 如果您需要通用监控解决方案(包括连接的端口),那么您可以在远程计算机上安装 snmp 服务器。 有两个 MIB 可让您检查端口状态,它们是 TCP-MIB::tcpConnectionTable 和 UDP-MIB::udpEndpointTable。

net-snmp 中提供的守护进程(服务器)很可能获得了对这些 mib 的支持。

neouser99 (et al) has suggested NMAP. NMAP is very good if all you're trying to do is to detect ports that are open on the remote machine.

But from the sounds of your question you're actually trying to determine what ports are both open and connected on your remote machine. If you're after a general monitoring solution, including the connected ports, then you could install an snmp server on your remote machine. There are two MIBs that let you check for port status which are TCP-MIB::tcpConnectionTable and UDP-MIB::udpEndpointTable.

The daemon (server) supplied in net-snmp has most likely got support for these mibs.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文