I was searching for a simple tool which can do a port scanning in a huge network quickly without making me wait for ages. I first thought of using nmap, but it was a bit too complex and it takes a lot of time to discover the machines even after optimizing the parameters. After searching a lot, I wrote to one of my seniors, Sandeep Kumar, asking the details of his program which maintains a list of active FTP servers in the network. He replied with a reference to his own findings about the network scanning tools. He is using an enhanced version of a program originally written by Troy Robinson. I tried the program out of curiosity and found out that its damn fast as compared to nmap (no literal comparison) The program can be downloaded from here.
How to use
Compile the program using gcc as
[root@localhost ~]# gcc NetworkScanner.c [ENTER]
Now create a file IPRange.txt containing the IP address ranges for your network. The contents of the file may be
172.16.*.* Meaning all the IP address with first two parts as 172.16 and rest of the address will be generated by permutations.
172.16.1-16.* Meaning the first two parts are fixed. Third part will vary from 1 to 16. And the fourth part will be permuted from 0 to 255.
So an IPRange.txt may look like
Now run the program as
[root@localhost ~]# ./a.out port_to_be_scanned Parallel_attempts IP_list_file output.txt [ENTER]
Parallel_attempts is the number of processes that’ll be forked for scanning the network port. It is safe to have its value as 255. A very high value may hog the network or may even slow down your machine. So an example run would be
[root@localhost ~]# ./a.out 21 255 IPRange.txt Output.txt [ENTER]
I carried out a lot of test on my network using the following setup and parameters
Machine : AMD X2 5600+ (2.6GHz Dual Core), 4GB 800MHz DDR2 RAM, Gigabit Ethernet Card (on 100mbps network).
Port : 21 (FTP)
IPRange.txt : Total 16896 IP Addresses
1 2 3 4 5
Machines on wired (100mbps) network 172.16.1-48.* 192.168.36.* Machines on wireless (54mbps) network 172.17.0-16.*
Scanning Time (seconds)
Upload Bandwidth (kbps)
The interval between two scans was almost 30-40 seconds. I think parallelism beyond 8192 will crash my machine, so I didn’t try. You can try it at your own risk I hope this program help you scan your network.