TCP扫描：意外的套接字异常

Question

I'm writing a simple TCP Port scanner. Here's my code:

for (int port : portList) {
    Socket socket = new Socket();

    try {
        socket.connect(new InetSocketAddress(targetIP, port), 5000);

        // If we get to this point, port is open
        Log.d(DEBUG_TAG, "Port " + port + " open");

    } catch (Exception e) {
        Log.d(DEBUG_TAG, e.toString());
    } finally {
        // Try to close
        try {
            socket.close();
        } catch (Exception e) {}
    }
}

Here's the debug output. I've run the scan several times and get the exact same output with the same port ECONNREFUSED while others EHOSTUNREACH .

D/TCPSCAN﹕ java.net.SocketException: failed to connect to /192.168.0.10 (port 21) after 5000ms: isConnected failed: EHOSTUNREACH (No route to host)
D/TCPSCAN﹕ java.net.ConnectException: failed to connect to /192.168.0.10 (port 22) after 5000ms: isConnected failed: ECONNREFUSED (Connection refused)
D/TCPSCAN﹕ java.net.SocketException: failed to connect to /192.168.0.10 (port 23) after 5000ms: isConnected failed: EHOSTUNREACH (No route to host)
D/TCPSCAN﹕ java.net.SocketException: failed to connect to /192.168.0.10 (port 80) after 5000ms: isConnected failed: EHOSTUNREACH (No route to host)
D/TCPSCAN﹕ java.net.SocketException: failed to connect to /192.168.0.10 (port 443) after 5000ms: isConnected failed: EHOSTUNREACH (No route to host)

The Android device I'm running on can successfully ping -c 1 -W 1 192.168.0.10 . My phone detects the remote host as online, which is why I don't understand why I'm getting EHOSTUNREACH . More curious is the fact that port 22 - which is not open on the target - gets a ECONNREFUSED .

The only port that is actually open on the target is FTP port 21 (confirmed with nmap ).

I've read some answers to similar problems. The main fix seems to be restarting the phone's WiFi connection, which didn't work for me.

Note

For the sake of clarity I'm not posting my whole code here but I am checking that the target host 192.168.0.10 is online with:

Process process = runtime.exec("/system/bin/ping -c 1 -W 1 192.168.0.10");
// Wait until the process finishes and check exit code (0 for success)
int exitCode = process.waitFor();
if (exitCode == 0)
    Log.d(DEBUG_TAG, "Online");

The device I'm running on is a Samsung Galaxy S2, I'm targetting my laptop, a Macbook Pro running Fedora. Both devices are on the same WiFi network.

From my laptop I can detect and run an nmap scan on the Android phone ( 192.168.0.3 ). It's definitely reachable.

Answer 1

Could you please provide more details about your test?

• What is your source device (android phone)?
• What destination are you trying to reach and scan? Computer on local or outside network?
• Are both source and destination devices on the same network (probably WiFi)?

EHOSTUNREACH - no route to host should say it is either

• ISO/OSI Layer 3 issue (devices on the different private IP networks without routes to each other)

• destination device is down

• ICMP protocol/ECHO replies are blocked somewhere in between (or firewall on source or destination device)

ECONNREFUSED - should be even more clear - this particular port is not opened on destination device

Maybe you can split your code logic into two parts:

1. Check if device is up and running (PING - ICMP protocol)
2. Then perform port scan
   • if isConnected == TRUE (port is open) else (port is closed)

Output could be:

1. PING is Successful && isConnected == TRUE (device is UP and port is OPEN)
2. PING is Successful && isConnected == FALSE (device is UP but port is CLOSED)
3. PING is Unsuccessful && isConnected == TRUE (probably ICMP protocol/ECHO request is BLOCKED - device is UP and port is OPENED)
4. PING is Unsuccessful && isConnected == FALSE (device is probably DOWN or ICMP is BLOCKED and port is CLOSED)

Try to give it a try.

Thank you.