简体繁体 English

在C ++中检查打开的UDP端口

[英]Checking open UDP Port in C++

原文 2012-06-04 18:25:08 0 2 c++/ network-programming/ udp/ port/ port-scanning

How can I check if a remote UDP port is open by using native C++? 如何使用本机C ++检查远程UDP端口是否打开？ Since UDP is connection-less, calling connect() is not helpful. 由于UDP是无连接的，因此调用connect()没有帮助。 I cannot try binding it since it is not local. 我不能尝试绑定它，因为它不是本地的。 nmap cannot also indicate. nmap也不能表示。 (however netstat can find out, but I think it looks at internal information about open ports/files). （但是netstat可以找到，但是我认为它查看的是有关打开的端口/文件的内部信息）。 Is there anyway to detect it? 反正有检测到吗？ If I go a layer down on network level, is it possible to send a ICMP message by C++ to check port-unreachable status? 如果我在网络级别上走下一层，是否可以通过C ++发送ICMP消息以检查端口无法到达状态？ I mean, would that give enough information on port status? 我的意思是，这是否可以提供足够的端口状态信息？

Platform is Linux. 平台是Linux。

2 个解决方案

I assume that you are trying to determine whether or not a UDP port on a remote machine is being passed through a firewall and/or has an application running on it. 我假设您正在尝试确定远程计算机上的UDP端口是否正在通过防火墙和/或正在运行应用程序。

You cannot reliably determine this. 您无法可靠地确定这一点。 The closest you can come is to try sending a series of small datagrams to that address and port, spaced about 1 second apart for about 10 seconds. 您能找到的最接近的是尝试向该地址和端口发送一系列小数据报，它们间隔约1秒，持续约10秒钟。

If there are no firewalls blocking the port and no application is running, then the remote system might send back ICMP_UNREACH_PORT (port unreachable). 如果没有防火墙阻止该端口并且没有应用程序在运行，则远程系统可能会发回ICMP_UNREACH_PORT （端口不可达）。 If there are no blocking firewalls and the remote system is down, a router might send back ICMP_UNREACH_HOST or ICMP_UNREACH_NET . 如果没有阻塞防火墙并且远程系统已关闭，则路由器可能会发回ICMP_UNREACH_HOST或ICMP_UNREACH_NET 。 If a firewall is blocking you, it might send back ICMP_UNREACH_FILTER_PROHIB , but most firewalls don't send back anything. 如果防火墙阻止了您，则它可能会发回ICMP_UNREACH_FILTER_PROHIB ，但是大多数防火墙都不会发回任何东西。

The odds of getting any of those back are pretty slim because most firewalls block that sort of ICMP feedback. 由于大多数防火墙都会阻止此类ICMP反馈，因此收回这些费用的可能性很小。 Even if an ICMP message does come back, linux generally does not let you see it unless you are running as root. 即使返回了ICMP消息，Linux也通常不会让您看到它，除非您以root身份运行。 Some operating systems will report ICMP errors as a failure of the next sendto() to the same address/port, which is why you need to repeat the message several times. 某些操作系统会将下一个sendto()失败报告给同一地址/端口，这是ICMP错误的原因，这就是为什么您需要重复几次该消息的原因。 But some do not, in which case you must open a specific ICMP port and parse any return messages. 但是有些则不能，在这种情况下，您必须打开特定的ICMP端口并解析所有返回消息。

Even if you do somehow get an ICMP message, understand that they are not reliable. 即使您以某种方式获得了ICMP消息，也要了解它们是不可靠的。 For example, you could get ICMP_UNREACH_PORT even though an application is not only listening, but actively sending you data. 例如，即使应用程序不仅正在侦听，而且正在主动向您发送数据，您也可能获得ICMP_UNREACH_PORT 。 (That's rare, but I've seen it happen.) （这种情况很少见，但我已经看到了。）

If an application is running on the given port and if you know what that application is and if you know how to craft a message which will cause that application to respond to you, then doing so and getting a response is the best indication that the port is open. 如果某个应用程序在给定的端口上运行，并且您知道该应用程序是什么，并且知道如何制作一条消息，该消息将导致该应用程序对您做出响应，那么这样做并获得响应是该端口的最佳指示。开了。 But getting no response means nothing: maybe the port is blocked, maybe the application is not running, or maybe it just didn't like your message. 但是，没有响应就意味着什么：端口可能被阻塞，应用程序未运行，或者只是不喜欢您的消息。

Bottom line: no, not really. 底线：不，不是真的。

There is no bulletproof way to check if a remote port is ready to receive your UDP datagrams. 没有防弹方法来检查远程端口是否已准备好接收UDP数据报。 Since UDP is connectionless you can just tell if the remote host is answering something meaningful to you. 由于UDP是无连接的，因此您只能判断远程主机是否正在回答对您有意义的事情。 There may be ways to get an hint (as port scanners do) but that is nothing I would rely on in production code. 可能有多种方法可以获取提示（就像端口扫描程序一样），但这不是生产代码中我所依赖的。