Re^5: udp recv question

You need to read up on port scanning. UDP is connectionless ie you can't see if a port is open by seeing if you can connect a socket to it, you have to send some data and check for a response.

Port scanning usually means scanning for TCP ports, which are connection-oriented and therefore give good feedback to the attacker. UDP, or connection-less traffic, responds in a different manner. In order to find UDP ports, the attacker generally sends empty UDP datagrams at the port. If the port is listening, the service will send back an error message or ignore the incoming datagram. If the port is closed, then the operating system sends back an "ICMP Port Unreachable" message.

Note that UDP packets may be dropped by all manner of devices along the way (so you get no response). The response, if it is coming, will arrive on the socket you sent the probe out on as shown. You have to send some sort of valid(ish) UDP packet to incite a response from the server.

NetworkInfo::Discovery::Scan does what you want and you can pull code from there.

cheers

tachyon

Comment on Re^5: udp recv question

Replies are listed 'Best First'.
Re^6: udp recv question by smackdab (Pilgrim) on Jun 28, 2004 at 04:42 UTC
I did that reading, and I thought I provided a complete sample program that does exactly the technique you describe. From a sniffer, I know a UDP packet goes out and an ICMP one comes back. I can't figure out to read the ICMP into memory (not decode, just read into a buffer...) No worries, no more comments needed, I'll review my code in the morning...maybe a good night sleep will clear out the cobbwebs...	[reply]
Re^7: udp recv question by Anonymous Monk on Jun 28, 2004 at 06:12 UTC
you'll have to use Net::Pcap most likely. use it to capture the appropriate ICMP packets that may be returned in response to your UDP packet. dealing with ICMP requires root access and is a pain. i would just make a call out to nmap or some other external port scanner.	[reply]