in reply to Low Level Network Connections

I have everything the script working with the socket() for my block of IP's, but want to reduce the load. Thus changing the code to only use the syn, syn/ack, rst to reduce network load thus reducing the overall time.

What is your basis for determining that you need to reduce a 7 packet connect/disconnect sequence to 3 packets? Are you really sure you need to reduce load, or might you be indulging in a round of premature optimization?

Unless you need sub-second awareness of new hosts, I wouldn't bother with this. A simple "can I open a socket to a port at this IP address" test is more sufficient, and more maintainable to whoever picks up the code after you move on.

Replies are listed 'Best First'.
Re: Re: Low Level Network Connections
by Anonymous Monk on Mar 01, 2002 at 19:30 UTC
    Currently the scan of a /28 network via a dial-up connection takes roughly 1.5 hours. We are migrating from one /28 to 7-/27's, 1-/25 and 1-/24. I'm looking to reduce time any place I can. PS... Our policy insists that we use an outside connection and broadband isn't available. That is why I'm using a dial-up connection.
[reply]
      If this is taking 1.5 hours, then whatever system you are using can't be that efficient. Assuming you're looking for a particular port to be open, you can do this quickly with NMAP. Here is an example that looks for machines with port 80 (http) open: 
      % nmap X.X.X.0/24 -p 80 -T Insane -n
The 1 scanned port on  (X.X.X.137) is: closed
The 1 scanned port on  (X.X.X.146) is: closed
The 1 scanned port on  (X.X.X.147) is: closed
Interesting ports on  (X.X.X.152):
Port       State       Service
80/tcp     open        http                    
:

      [download]
      So you get this output quickly and easily. If you want, you can choose XML output using -oX and then use XML::Parser to get the goods.

      As the root user you can engage the -PS option which uses SYN instead of ACK, the feature you were asking how to implement.

      Even over 300-baud dial-up, NMAP should be able to finish in several minutes for a /28, which is all of 30 hosts. 30. That's not a lot.
[reply]
[d/l]
        OK... I need to explain why I am doing this, I think this will help everyone out.

        Background-
        Our current hosting platform is hosted and maintained internally. We recently extended our hosting platform/WAN to all locations, which makes 9 unique IP blocks - each with their own router and firewalls (2). Our admins and operations group is known for throwing out servers (Unreal, ftp etc.) without running them through security or architecture.
        Problem-
        In order to monitor this, our security policy was amended to clearly outlaw this type of activity. The controls are from diverse groups (Security & Architecture). Security is to monitor the internally managed IP blocks for any host that responds on any port, includng non-standard ports from an external source. That means this script needs to scan every possible host on every possible port (including non-standard) on a scheduled basis, noting any deviations from the controlled baseline.

        I was able to run a scan using a tool called IP-Tools on a single block and maintain the baseline without much hassle. However, this tool took 1.5 hours on a dial-up connection.
        Given that the number of connects across our new block with all ports is 39714210, you can see that if I can reduce the communication traffic from 7 to 3 frames, that would be a significant decrease in processing time and network traffic.
        I tested NMAP, however am not an expert. I did see, however, that my configuration scanned 2503 ports, I need to scan 65K.
        I did, however, find a piece of C code that does a syn scan and think that I can extend it to do what I need it to do, however, would rather use PERL.

        Edit by myocom: Removed superfluous code tags and fixed formatting
[reply]
      Currently the scan of a /28 network via a dial-up connection takes roughly 1.5 hours.

      This sounds very wrong. That's 90 minutes to scan 31 hosts. That's nearly 3 minutes per host! I can manually ping all 31 hosts faster than that.

      Show us your code.

[reply]

In Section Seekers of Perl Wisdom