tcp - Listening Application (winsock2) behavior towards Port scanning (Syn Scan) -


should server application listens on port, able detect , logs down connection attempt done syn scanning?

test scenario

i had written windows program called "simpleserver.exe". program simulation of basic server application. listens on port, , wait incoming messages. listening socket defined tcp stream socket. that's program doing.

i had been deploying exact same program on 2 different machines, both running on windows 7 professional 64bit. machine act host. , stationed in same network area.

then, using program "nmap", used machine on same network, act client. using "-ss" parameter on "nmap", syn scan, ip , port of listening simpleserver on both machine (one attempt @ time).

(note 2 hosts had "wireshark" started, , monitoring on tcp packets client's ip , listening port.)

in "wireshark" entry, on both machine, saw expected tcp packet syn scan:

client ----(syn)----> host  client <--(syn/ack)-- host  client ----(rst)----> host

the above packet exchange suggests connection not established.

but on "simpleserver.exe", 1 of had "new incoming connection" printed in logs, while other instance not alerted of new incoming connection, hence no logs @ all.

code snippets

// socket bind , listen done above loop  while(true) {     sclient=accept(slisten,(sockaddr*)&remoteaddr,&naddrlen);     if(sclient == invalid_socket)     {         printf("failed accept()");         continue;     }     dwsockopt (slisten);     printf ("recv connection: %s\n", inet_ntoa(remoteaddr.sin_addr));      closesocket(sclient); }

side note: yes, since simple program, flow might little funny, such no break in while loop. please don't mind simple , flawed design.

further investigation

i had put getsockopt() in "simpleserver" right after went listening state, check differences of both listening socket's sol_socket option.

one notable difference found between 2 hosts, so_max_msg_size. host detects incoming connection has hex value of 0x3fffffff (1073741823), while other 1 has no logs 0xffffffff (-1). not sure if related or not, spammed whatever differences may found in test environment. other value of sol_socket more or less same.

side note: tested on other machine, covers windows 7 professional, windows server 2008 r2, windows server 2003. not sure if coincidence or not, machine have so_max_msg_size == -1, did not detect connection of syn scanning. maybe coincidence. have nothing prove tho.

help needed

  • why different behavior 2 same of same application on different machine same os?
  • what determines value of so_max_msg_size? considering 2 same os having 2 different values.

if connection never established, accept() never return. disposes of 90% of question.

the explanation 'new incoming connection' (or 'recv connection' or whatever is) message else connected.

so_max_msg_size has no meaning tcp socket, let alone listening tcp socket. whatever variation experienced meaningless.


-

Popular posts from this blog

c# - ODP.NET Oracle.ManagedDataAccess causes ORA-12537 network session end of file -

overview i want replace oracle.dataaccess orcale. managed dataaccess, opening connection latter throws ora-12537 network session end of file exception. exception message / stack trace {oracleinternal.network.networkexception (0x000030f9): ora-12537 : netzwerksession: dateiende @ oracleinternal.network.readerstream.read(orabuf ob) @ oracleinternal.ttc.orabufreader.getdatafromnetwork() @ oracleinternal.ttc.orabufreader.read(boolean bignoredata) @ oracleinternal.ttc.marshallingengine.unmarshalub1(boolean bignoredata) @ oracleinternal.ttc.ttcprotocolnegotiation.readresponse()} i trying connect oracle 11g database , not have client installed on local machine. working test application (unmanaged) using oracle.dataaccess works fine . using system; using oracle.dataaccess.client; namespace app.odp.unmanaged { internal class program { private static void main(string[] args) { //dummy connection string
Read more

matlab - Compression and Decompression of ECG Signal using HUFFMAN ALGORITHM -

i want compress , decompress ecg signal stored text message text file , find out file size, cr,prd ratio,and qs. here code compression , decompression of ecg signal using huffman algorithm. i'm trying find out file size, compression ratio,prd ratio,qs. but error i'm getting the ecg file in text format. %clearing variables , screen enter code here clear all; close all; clc; [file1]=uigetfile('*.txt'); %fprintf('enter ecg file name :%s',file1); p=file1; t=sprintf('%s',p); b1=dlmread([file1]); len=length(b1); lead=input('enter lead number :'); %lead=str2double(lead); col2=b1(1:end,lead); e=fix(sqrt(len)); m=1; i=1:e j=1:e g2(i,j)=fix(col2(m)*1000); %amplifying 1000 m=m+1; end end g3=g2; i=1:e j=1:e
Read more

utf 8 - split utf-8 string into bytes in python -

i trying split utf-8 string bytes in python 3. problem is, when use bytearray, byte, encode etc functions array size of element 14 bytes, not 1 byte expected. need split text file sequence of bytes , send them byte after byte using sockets. tried this: infile = open (file, "r") str = infile.read() byte_str = bytes(str, 'utf-8') print("size of byte_str",sys.getsizeof(byte_str[0])) print gives me 14, need 1... suggestion? quoting official documentation : sys.getsizeof(object[, default]) return size of object in bytes. object can type of object. built-in objects return correct results, not have hold true third-party extensions implementation specific. only memory consumption directly attributed object accounted for, not memory consumption of objects refers to. if given, default returned if object not provide means retrieve size. otherwise typeerror raised. getsizeof() calls object’s __sizeof__ method , adds
Read more