CN107786556A - A kind of port fast scanning method and device - Google Patents

A kind of port fast scanning method and device Download PDF

Info

Publication number
CN107786556A
CN107786556A CN201710999543.2A CN201710999543A CN107786556A CN 107786556 A CN107786556 A CN 107786556A CN 201710999543 A CN201710999543 A CN 201710999543A CN 107786556 A CN107786556 A CN 107786556A
Authority
CN
China
Prior art keywords
port
tcp
packet
terminal device
sequence number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710999543.2A
Other languages
Chinese (zh)
Inventor
林皓
宋成龙
刘文超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Shenzhouxinyuan System Engineering Co Ltd
Original Assignee
Jiangsu Shenzhouxinyuan System Engineering Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Shenzhouxinyuan System Engineering Co Ltd filed Critical Jiangsu Shenzhouxinyuan System Engineering Co Ltd
Priority to CN201710999543.2A priority Critical patent/CN107786556A/en
Publication of CN107786556A publication Critical patent/CN107786556A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of port fast scanning method and device, including:Scanning system uses special algorithm, and the first TCP sequence number and the first TCP source port are determined according to source IP and purpose IP;Scanning system generates and sends packet according to the first TCP sequence number and the first TCP source port;Terminal device received data packet simultaneously obtains source IP, purpose IP, the first TCP sequence number and the first TCP source port;Terminal device uses the special algorithm consistent with scanning system, and the second TCP sequence number and the second TCP source port are determined according to source IP and purpose IP;Terminal device uses the first TCP sequence number, the first TCP source port, the second TCP sequence number and the second TCP source port verification data bag.The present invention can be directed to different port or different types of port carries out port and quickly scanned, and reduce resource occupation, reduce maintenance cost, improve sweep speed.

Description

A kind of port fast scanning method and device
Technical field
The present invention relates to computer realm, more specifically, particularly relating to a kind of port fast scanning method and device.
Background technology
Many network admittance control systems are required for the port for the ability of discovery and terminal device for possessing terminal device to open To one's heart's content condition.It is of the prior art to take the method that traversal all of the port carries out TCP scannings to realize, although this method It is feasible, but the port to being detected carries out TCP three-way handshake connection, takes substantial amounts of system resource;Simultaneously to being detected Target IP carries out status tracking, consumes substantial amounts of system resource, adds very high maintenance cost, directly affects the speed of scanning Degree.
The problem of ample resources, maintenance cost are high, sweep speed is slow is taken for port scan in the prior art, at present still There is not effective solution.
The content of the invention
In view of this, the purpose of the embodiment of the present invention is to propose a kind of port fast scanning method and device, Neng Gouzhen Port is carried out to different port or different types of port quickly to scan, and is reduced resource occupation, is reduced maintenance cost, improves scanning Speed.
Based on above-mentioned purpose, the one side of the embodiment of the present invention provides a kind of port fast scanning method, is swept in port In retouching, each transmission of packet comprises the following steps:
Scanning system uses special algorithm, and the first TCP sequence number and the first TCP sources are determined according to source IP and purpose IP Mouthful;
Scanning system generates and sends packet according to the first TCP sequence number and the first TCP source port;
Terminal device received data packet simultaneously obtains source IP, purpose IP, the first TCP sequence number and the first TCP source port;
Terminal device uses the special algorithm consistent with scanning system, and the second TCP sequence is determined according to source IP and purpose IP Number with the second TCP source port;
Terminal device uses the first TCP sequence number, the first TCP source port, the second TCP sequence number and the second TCP source port Verification data bag.
In some embodiments, each packet includes at least one of:SYN messages, ACK messages, RST messages.
In some embodiments, when the terminal device of scanning system scanning has open port, scanning system is to end End equipment sends the first packet with SYN messages, and terminal device is sent after the first packet is received to scanning system The second packet with SYN messages Yu ACK messages, scanning system is sent after the second packet is received to terminal device to be had There are the 3rd packet of RST messages and completing port scanning.
In some embodiments, when the terminal device of scanning system scanning has close port, scanning system is to end End equipment sends the first packet with SYN messages, and terminal device is sent after the first packet is received to scanning system The 4th packet with RST messages and completing port scanning.
In some embodiments, special algorithm comprises the following steps:
Rijndael algorithms are used to source IP and purpose IP, generate AES ciphertexts;
AES ciphertexts are divided into the first AES ciphertexts section and the 2nd AES ciphertext sections;
Using the first AES ciphertexts section as the first TCP sequence number or the second TCP sequence number;
By the 2nd AES ciphertexts section with the terminal device number sum that currently detects to remaining Number of Available/Faulty Ports modulus, and it is superimposed Upper sending port start numbers are as the first TCP source port or the second TCP source port.
In some embodiments, when the first TCP sequence number is equal to the second TCP sequence number and the first TCP source port etc. When the second TCP source port, terminal device assert that packet verifies successfully.
The another aspect of the embodiment of the present invention, a kind of quick scanning means in port is additionally provided, has used the above method.
The another aspect of the embodiment of the present invention, additionally provide a kind of computer equipment, including memory, at least one processing Device and storage perform above-mentioned on a memory and the computer program that can run on a processor, during computing device program Method.
The another aspect of the embodiment of the present invention, additionally provide a kind of computer-readable recording medium, computer-readable storage Media storage has computer program, and above-mentioned method is performed when computer program is executed by processor.
The another aspect of the embodiment of the present invention, additionally provides a kind of computer program product, and computer program product includes The calculation procedure being stored on computer-readable recording medium, calculation procedure include instruction, when executed by the processor, made Computer performs the above method.
The present invention has following advantageous effects:Port fast scanning method and device provided in an embodiment of the present invention, By determining the first TCP sequence number and the first TCP source port according to source IP and purpose IP, packet is generated and sent;Receive number The second TCP sequence number and the second TCP source port are determined come the technical scheme of verification data bag according to bag and according to source IP and purpose IP, Avoid and TCP three-way handshake connection is carried out to detection port and to a large amount of systems moneys caused by detection IP progress status trackings The consumption in source, resource occupation is effectively reduced, maintenance cost is reduced, improves sweep speed.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to needed for embodiment The accompanying drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, For those of ordinary skill in the art, on the premise of not paying creative work, can also be obtained according to these accompanying drawings Other accompanying drawings.
Fig. 1 is the schematic flow sheet of one embodiment of port fast scanning method provided by the invention;
Fig. 2 is the open port handshake procedure signal of second embodiment of port fast scanning method provided by the invention Figure;
Fig. 3 is the close port handshake procedure signal of second embodiment of port fast scanning method provided by the invention Figure;
Fig. 4 is the TCP message product process signal of the 3rd embodiment of port fast scanning method provided by the invention Figure;
Fig. 5 is the TCP message checking process signal of the 3rd embodiment of port fast scanning method provided by the invention Figure;
Fig. 6 is the hard of one embodiment of the computer equipment provided by the invention for performing the port fast scanning method Part structural representation.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with specific embodiment, and reference Accompanying drawing, the embodiment of the present invention is further described.
It should be noted that all statements for using " first " and " second " are for differentiation two in the embodiment of the present invention The non-equal entity of individual same names or non-equal parameter, it is seen that " first " " second " should not only for the convenience of statement The restriction to the embodiment of the present invention is interpreted as, subsequent embodiment no longer illustrates one by one to this.
Based on above-mentioned purpose, the embodiment of the present invention the on one side, it is proposed that one kind can be directed to different port or not The port of same type carries out the one embodiment for the method that port is quickly scanned.Fig. 1 is illustrated that port provided by the invention The schematic flow sheet of one embodiment of fast scanning method.
The port fast scanning method comprises the following steps in each transmission of packet:
Step S101, scanning system use special algorithm, and the first TCP sequence number and first is determined according to source IP and purpose IP TCP source port.
Wherein, alternatively, source IP is located in the IP messages of packet with purpose IP, and scanning system and terminal device can Source IP and purpose IP are directly obtained on the premise of not read data packet content, therefore source IP is adapted as verification with purpose IP According to use.
Step S103, scanning system generate and send packet according to the first TCP sequence number and the first TCP source port.
Wherein, alternatively, TCP message can quote the content of IP messages as the upper-level protocol message of IP messages.Meanwhile Because IP message contents are disclosed in itself, therefore the other information in IP messages can also be used as calibration reference.
Step S105, terminal device received data packet simultaneously obtain source IP, purpose IP, the first TCP sequence number and the first TCP sources Port.
Wherein, alternatively, terminal device obtains source IP, purpose IP from IP messages, and the first TCP is obtained from TCP message Sequence number, the first TCP source port.First TCP sequence number and the information that the first TCP source port is in derived data bag, in theory It is possible to be tampered.
Step S107, terminal device use the special algorithm consistent with scanning system, and the is determined according to source IP and purpose IP Two TCP sequence numbers and the second TCP source port.
Wherein, alternatively, the second TCP sequence number and the second TCP source port are according to the information of IP messages determination, IP messages Itself it will not be tampered, therefore the second TCP sequence number should reflect real scanning system sender with the second TCP source port.
Step S109, terminal device use the first TCP sequence number, the first TCP source port, the second TCP sequence number and second TCP source port verification data bag.
Wherein, alternatively, the other information in TCP message can also be further verified if necessary.
From above-described embodiment as can be seen that port fast scanning method provided in an embodiment of the present invention, by according to source IP The first TCP sequence number and the first TCP source port are determined with purpose IP, generates and sends packet;Received data packet and according to source IP and purpose IP determines that the second TCP sequence number carrys out the technical scheme of verification data bag with the second TCP source port, avoids to detection Port carries out TCP three-way handshake connection and the consumption of a large amount of system resources caused by status tracking is carried out to detection IP, has Effect reduces resource occupation, reduces maintenance cost, improves sweep speed.
The embodiment of the present invention also proposed one kind can be quick for different port or different types of port progress port Second embodiment of the method for scanning.
In some embodiments, each packet includes at least one of:SYN messages, ACK messages, RST messages.
Wherein, alternatively, traditional TCP three-way handshake scanning is a complete TCP scanning process, terminal device with sweep The system of retouching is required for establishing communication socket, and when scanning IP and during scanning port number increase, the socket of scanning system will be by Exhaust, scanning system will be unable to operate.
As shown in Fig. 2 in some embodiments, when the terminal device of scanning system scanning has open port, sweep Retouch system and send the first packet with SYN messages to terminal device, terminal device is after the first packet is received to sweeping Retouch system and send the second packet with SYN messages and ACK messages, scanning system is after the second packet is received to terminal Equipment sends the 3rd packet with RST messages and completing port scanning.
Wherein, alternatively, open port can be scanning system feedback link status request, when both sides send mutually connection Success of shaking hands can be directly determined during status request, thus three-way handshake agreement need not be performed completely, this measure is intended to save band Width takes and reduced sweep time.Completion purpose resets the purpose that connection has reached port detection immediately also will not be to system Shen Please socket resources.
As shown in figure 3, in some embodiments, when the terminal device of scanning system scanning has close port, sweep Retouch system and send the first packet with SYN messages to terminal device, terminal device is after the first packet is received to sweeping Retouch system and send the 4th packet with RST messages and completing port scanning.
Wherein, alternatively, close port not feedback link status request, can when terminal device receives connection status request Success of shaking hands is determined with direct, thus three-way handshake agreement need not be performed completely, this measure, which is again intended to, saves bandwidth occupancy simultaneously Reduce sweep time.Completion purpose resets the purpose that connection has reached port detection immediately also will not be to system application socket Resource.
From above-described embodiment as can be seen that port fast scanning method provided in an embodiment of the present invention, by according to source IP The first TCP sequence number and the first TCP source port are determined with purpose IP, generates and sends packet;Received data packet and according to source IP and purpose IP determines that the second TCP sequence number carrys out the technical scheme of verification data bag with the second TCP source port, avoids to detection Port carries out TCP three-way handshake connection and the consumption of a large amount of system resources caused by status tracking is carried out to detection IP, has Effect reduces resource occupation, reduces maintenance cost, improves sweep speed.
The embodiment of the present invention also proposed one kind can be quick for different port or different types of port progress port 3rd embodiment of the method for scanning.
Prior art is to carry out message confirmation by sequence number in TCP connections, therefore in the mode of traditional scanning In, these status informations are all stored in protocol stack, and the preservation, inquiry and maintenance to the information of these states can significantly Reduce the efficiency of scanning.The embodiment then uses stateless scan mode, and this scan mode does not need protocol stack to preserve this A little status informations and verify destination interface and ACK sequence numbers.
As shown in figs. 4 and 5, in some embodiments, special algorithm comprises the following steps:
Rijndael algorithms are used to source IP and purpose IP, generate AES ciphertexts;
AES ciphertexts are divided into the first AES ciphertexts section and the 2nd AES ciphertext sections;
Using the first AES ciphertexts section as the first TCP sequence number or the second TCP sequence number;
By the 2nd AES ciphertexts section with the terminal device number sum that currently detects to remaining Number of Available/Faulty Ports modulus, and it is superimposed Upper sending port start numbers are as the first TCP source port or the second TCP source port.
Wherein, alternatively, the embodiment of the present invention generates an AES ciphertext for being used to verify by rijndael algorithms, should The calculation of ciphertext is as described below:
AES ciphertexts=rijndael (source IP, purpose IP)
Wherein AES ciphertexts are stored in the shaping array validation that a size is 4.
The sequence number and source port of the SYN messages sent to scanning system carry out Initialize installation, and method is as follows:
TCP sequence numbers=validation [0],
TCP source port=sending port starting symbol+(validation [1]+the terminal device number currently detected) % residues Number of Available/Faulty Ports, wherein validation [0] are the first segmentation of AES ciphertexts, and validation [1] is the second of AES ciphertexts Segmentation.Scanning system uses identical algorithm with terminal device.
In some embodiments, when the first TCP sequence number is equal to the second TCP sequence number and the first TCP source port etc. When the second TCP source port, terminal device assert that packet verifies successfully.
Wherein, alternatively, terminal device can also examine the other information in TCP message simultaneously.
From above-described embodiment as can be seen that port fast scanning method provided in an embodiment of the present invention, by according to source IP The first TCP sequence number and the first TCP source port are determined with purpose IP, generates and sends packet;Received data packet and according to source IP and purpose IP determines that the second TCP sequence number carrys out the technical scheme of verification data bag with the second TCP source port, avoids to detection Port carries out TCP three-way handshake connection and the consumption of a large amount of system resources caused by status tracking is carried out to detection IP, has Effect reduces resource occupation, reduces maintenance cost, improves sweep speed.
It is important to note that each step in each embodiment of above-mentioned port fast scanning method can phase Mutually intersect, replace, increase, delete, therefore, alternatively fast scanning method should also be as belonging in port for these rational permutation and combination changes In protection scope of the present invention, and protection scope of the present invention should not be confined on the embodiment.
Based on above-mentioned purpose, second aspect of the embodiment of the present invention, it is proposed that one kind can be directed to different port or not The port of same type carries out the one embodiment for the quick scanning means in port that port is quickly scanned.Quickly scan the port Device has used above-mentioned port fast scanning method.
From above-described embodiment as can be seen that the quick scanning means in port provided in an embodiment of the present invention, by according to source IP The first TCP sequence number and the first TCP source port are determined with purpose IP, generates and sends packet;Received data packet and according to source IP and purpose IP determines that the second TCP sequence number carrys out the technical scheme of verification data bag with the second TCP source port, avoids to detection Port carries out TCP three-way handshake connection and the consumption of a large amount of system resources caused by status tracking is carried out to detection IP, has Effect reduces resource occupation, reduces maintenance cost, improves sweep speed.
It is important to note that the embodiment of the above-mentioned quick scanning means in port employs the port quickly side of scanning The embodiment of method illustrates the course of work of each module, and those skilled in the art can be it is readily conceivable that by these modules It is applied in the other embodiment of the port fast scanning method.Certainly, due to the port fast scanning method embodiment In each step can intersect, replace, increase, delete, therefore, these rational permutation and combination become alternatively in described The quick scanning means in port be should also be as belonging to protection scope of the present invention, and protection scope of the present invention should not be confined to institute State on embodiment.
Based on above-mentioned purpose, the 3rd aspect of the embodiment of the present invention, it is proposed that one kind performs the port and quickly scanned One embodiment of the computer equipment of method.
The computer equipment for performing the port fast scanning method include memory, at least one processor and Storage perform on a memory and the computer program that can run on a processor, during computing device program it is above-mentioned any one Method.
An as shown in fig. 6, reality for the computer equipment provided by the invention for performing the port fast scanning method Apply the hardware architecture diagram of example.
By taking computer equipment as shown in Figure 6 as an example, include a processor 601 and one in the computer equipment Memory 602, and can also include:Input unit 603 and output device 604.
Processor 601, memory 602, input unit 603 and output device 604 can pass through bus or other modes Connect, in Fig. 6 exemplified by being connected by bus.
Memory 602 is used as a kind of non-volatile computer readable storage medium storing program for executing, available for storage non-volatile software journey Sequence, non-volatile computer executable program and module, such as the port fast scanning method pair in the embodiment of the present application Programmed instruction/the module answered.Processor 601 by run storage non-volatile software program in the memory 602, instruction with And module, various function application and data processing so as to execute server, that is, realize that the port of above method embodiment is fast Fast scan method.
Memory 602 can include storing program area and storage data field, wherein, storing program area can store operation system Application program required for system, at least one function;Storage data field can store uses institute according to the quick scanning means in port Data of establishment etc..In addition, memory 602 can include high-speed random access memory, non-volatile memories can also be included Device, for example, at least a disk memory, flush memory device or other non-volatile solid state memory parts.In some embodiments In, memory 602 is optional including that can pass through net relative to the remotely located memory of processor 601, these remote memories Network is connected to local module.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, mobile communication Net and combinations thereof.
Input unit 603 can receive the numeral or character information of input, and produce the use with the quick scanning means in port The key signals input that family is set and function control is relevant.Output device 604 may include the display devices such as display screen.
Programmed instruction/module corresponding to one or more of port fast scanning methods is stored in the memory In 602, when being performed by the processor 601, the port fast scanning method in above-mentioned any means embodiment is performed.
Any one embodiment of the computer equipment for performing the port fast scanning method, can reach therewith The identical or similar effect of corresponding foregoing any means embodiment.
Based on above-mentioned purpose, the 4th aspect of the embodiment of the present invention, it is proposed that a kind of computer-readable recording medium, institute Stating computer-readable recording medium storage has computer executable instructions, and the computer executable instructions can perform above-mentioned any side Port fast scanning method in method embodiment is with realizing that dress is quickly scanned in the port in above-mentioned any device/system embodiment Put/system.The embodiment of the computer-readable recording medium, can reach corresponding foregoing any means and device/ The identical or similar effect of system embodiment.
Based on above-mentioned purpose, the 5th aspect of the embodiment of the present invention, it is proposed that a kind of computer program product, the calculating Machine program product includes the calculation procedure being stored on computer-readable recording medium, and the computer program includes instruction, when this When instruction is computer-executed, the computer is set to perform the port fast scanning method in above-mentioned any means embodiment with realizing Quick scanning means/the system in port in above-mentioned any device/system embodiment.The embodiment of the computer program product, The corresponding foregoing any means effect identical or similar with device/system embodiment can be reached.
Finally it should be noted that one of ordinary skill in the art will appreciate that realizing the whole in above-described embodiment method Or part flow, related hardware can be instructed to complete by computer program, described program can be stored in a computer In read/write memory medium, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, it is described Storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..The embodiment of the computer program, corresponding foregoing can be reached The identical or similar effect of embodiment of the method for anticipating.
In addition, typically, it can be various electric terminal equipments that the embodiment of the present invention, which discloses described device, equipment etc., example Such as mobile phone, personal digital assistant (PDA), tablet personal computer (PAD), intelligent television or large-scale terminal device, such as service Device etc., therefore protection domain disclosed in the embodiment of the present invention should not limit as certain certain types of device, equipment.It is of the invention real It can be applied to above-mentioned any with the combining form of electronic hardware, computer software or both to apply example and disclose described client In a kind of electric terminal equipment.
In addition, disclosed method is also implemented as the computer program performed by CPU according to embodiments of the present invention, should Computer program can store in a computer-readable storage medium.When the computer program is performed by CPU, the present invention is performed The above-mentioned function of being limited in method disclosed in embodiment.
In addition, above method step and system unit can also utilize controller and make it that controller is real for storing The computer-readable recording medium of the computer program of existing above-mentioned steps or Elementary Function is realized.
In addition, it should be appreciated that computer-readable recording medium (for example, memory) as described herein can be volatile Property memory or nonvolatile memory, or both volatile memory and nonvolatile memory can be included.As example Sub and nonrestrictive, nonvolatile memory can include read-only storage (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM) or flash memory.Volatile memory can include arbitrary access Memory (RAM), the RAM can serve as external cache.Nonrestrictive as an example, RAM can be with more Kind form obtains, such as synchronous random access memory (DRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate SDRAM (DDR SDRAM), enhancing SDRAM (ESDRAM), synchronization link DRAM (SLDRAM) and directly Rambus RAM (DRRAM). The storage device of disclosed aspect is intended to the memory of including but not limited to these and other suitable type.
Those skilled in the art will also understand is that, the various illustrative logical blocks with reference to described by disclosure herein, mould Block, circuit and algorithm steps may be implemented as the combination of electronic hardware, computer software or both.It is hard in order to clearly demonstrate This interchangeability of part and software, enters with regard to the function of various exemplary components, square, module, circuit and step to it General description is gone.This function is implemented as software and is also implemented as hardware depending on concrete application and application Design constraint to whole system.Those skilled in the art can realize described in a variety of ways for every kind of concrete application Function, but this realize that decision should not be interpreted as causing a departure from scope of disclosure of the embodiment of the present invention.
Various illustrative logical blocks, module and circuit with reference to described by disclosure herein, which can utilize, to be designed to The following part of function described here is performed to realize or perform:General processor, digital signal processor (DSP), special collection Into circuit (ASIC), field programmable gate array (FPGA) or other PLDs, discrete gate or transistor logic, divide Any combinations of vertical nextport hardware component NextPort or these parts.General processor can be microprocessor, but alternatively, processing Device can be any conventional processors, controller, microcontroller or state machine.Processor can also be implemented as computing device Combination, for example, the combination of DSP and microprocessor, multi-microprocessor, one or more microprocessors combination DSP and/or any Other this configurations.
The step of method or algorithm with reference to described by disclosure herein, can be directly contained in hardware, be held by processor In capable software module or in combination of the two.Software module may reside within RAM memory, flash memory, ROM storages Device, eprom memory, eeprom memory, register, hard disk, removable disk, CD-ROM or known in the art it is any its In the storage medium of its form.Exemplary storage medium is coupled to processor so that processor can be from the storage medium Middle reading information writes information to the storage medium.In an alternative, the storage medium can be with processor collection Into together.Processor and storage medium may reside within ASIC.ASIC may reside within user terminal.In a replacement In scheme, processor and storage medium can be used as discrete assembly resident in the user terminal.
In one or more exemplary designs, the function can be real in hardware, software, firmware or its any combination It is existing.If realized in software, can be stored in using the function as one or more instruction or code computer-readable Transmitted on medium or by computer-readable medium.Computer-readable medium includes computer-readable storage medium and communication media, The communication media includes helping for computer program to be sent to any medium of another position from a position.Storage medium It can be any usable medium that can be accessed by a general purpose or special purpose computer.It is nonrestrictive as an example, the computer Computer-readable recording medium can include RAM, ROM, EEPROM, CD-ROM or other optical disc memory apparatus, disk storage equipment or other magnetic Property storage device, or can be used for carry or storage form for instruction or data structure required program code and can Any other medium accessed by universal or special computer or universal or special processor.In addition, any connection can It is properly termed as computer-readable medium.If for example, use coaxial cable, optical fiber cable, twisted-pair feeder, digital subscriber line (DSL) or such as wireless technology of infrared ray, radio and microwave to send software from website, server or other remote sources, Then above-mentioned coaxial cable, optical fiber cable, twisted-pair feeder, DSL or such as wireless technology of infrared ray, radio and microwave are included in The definition of medium.As used herein, disk and CD include compact disk (CD), laser disk, CD, digital versatile disc (DVD), floppy disk, Blu-ray disc, wherein disk generally magnetically reproduce data, and CD reproduce data using laser optics.On The combination for stating content should also be as being included in the range of computer-readable medium.
Above is exemplary embodiment disclosed by the invention, it should be noted that in the sheet limited without departing substantially from claim On the premise of inventive embodiments scope of disclosure, it may be many modifications and change.According to open embodiment described herein The function of claim to a method, step and/or action be not required to perform with any particular order.In addition, although the present invention is implemented Element disclosed in example can be described or required in the form of individual, but be odd number unless explicitly limited, it is understood that be multiple.
It should be appreciated that it is used in the present context, unless context clearly supports exception, singulative " one It is individual " (" a ", " an ", " the ") be intended to also include plural form.It is to be further understood that "and/or" used herein is Referring to includes any of one or more than one project listed in association and is possible to combine.
The embodiments of the present invention disclose that embodiment sequence number is for illustration only, do not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment To complete, by program the hardware of correlation can also be instructed to complete, described program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
Those of ordinary skills in the art should understand that:The discussion of any of the above embodiment is exemplary only, not It is intended to imply that scope of disclosure of the embodiment of the present invention (including claim) is limited to these examples;In the think of of the embodiment of the present invention It under road, can also be combined, and exist as described above between the technical characteristic in above example or different embodiments Many other changes of the different aspect of the embodiment of the present invention, for simplicity, they are not provided in details.Therefore, it is all at this Spiritual and any omission within principle, made, modification, equivalent substitution, improvement of inventive embodiments etc., should be included in this hair Within the protection domain of bright embodiment.

Claims (10)

1. a kind of port fast scanning method, it is characterised in that in port scan, each transmission of packet is including following Step:
Scanning system uses special algorithm, and the first TCP sequence number and the first TCP source port are determined according to source IP and purpose IP;
The scanning system generates and sends packet according to first TCP sequence number and first TCP source port;
Terminal device receives the packet and obtains the source IP, the purpose IP, first TCP sequence number and described the One TCP source port;
The terminal device uses the special algorithm consistent with the scanning system, and second is determined according to source IP and purpose IP TCP sequence number and the second TCP source port;
The terminal device uses first TCP sequence number, first TCP source port, second TCP sequence number and institute State the second TCP source port and verify the packet.
2. according to the method for claim 1, it is characterised in that each packet includes at least one of:SYN is reported Text, ACK messages, RST messages.
3. according to the method for claim 2, it is characterised in that when the terminal device of scanning system scanning has During open port, the scanning system sends the first packet with SYN messages, the terminal device to the terminal device After first packet is received the second packet with SYN messages with ACK messages, institute are sent to the scanning system State scanning system and send the 3rd packet with RST messages simultaneously to the terminal device after second packet is received Completing port scans.
4. according to the method for claim 2, it is characterised in that when the terminal device of scanning system scanning has During close port, the scanning system sends the first packet with SYN messages, the terminal device to the terminal device The 4th packet with RST messages is sent to the scanning system and completing port is swept after first packet is received Retouch.
5. according to the method for claim 1, it is characterised in that the special algorithm comprises the following steps:
Rijndael algorithms are used to the source IP and the purpose IP, generate AES ciphertexts;
The AES ciphertexts are divided into the first AES ciphertexts section and the 2nd AES ciphertext sections;
Using the first AES ciphertexts section as first TCP sequence number or second TCP sequence number;
By the 2nd AES ciphertexts section with the terminal device number sum that currently detects to remaining Number of Available/Faulty Ports modulus, and it is superimposed Upper sending port start numbers are as first TCP source port or second TCP source port.
6. according to the method for claim 5, it is characterised in that when first TCP sequence number is equal to the 2nd TCP sequences Row number and when first TCP source port is equal to second TCP source port, the terminal device assert the packet school Test success.
7. a kind of quick scanning means in port, it is characterised in that use method as claimed in any one of claims 1 to 6.
8. a kind of computer equipment, including memory, at least one processor and it is stored on the memory and can be in institute State the computer program run on processor, it is characterised in that such as claim is performed during the computing device described program Method described in 1-6 any one.
9. a kind of computer-readable recording medium, the computer-readable recording medium storage has computer program, and its feature exists In perform claim requires the method described in 1-6 any one when the computer program is executed by processor.
10. a kind of computer program product, it is characterised in that the computer program product includes being stored in computer-readable deposit Calculation procedure on storage media, the calculation procedure include instruction, when the instruction is computer-executed, make the computer Perform claim requires the method described in 1-6 any one.
CN201710999543.2A 2017-10-24 2017-10-24 A kind of port fast scanning method and device Pending CN107786556A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710999543.2A CN107786556A (en) 2017-10-24 2017-10-24 A kind of port fast scanning method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710999543.2A CN107786556A (en) 2017-10-24 2017-10-24 A kind of port fast scanning method and device

Publications (1)

Publication Number Publication Date
CN107786556A true CN107786556A (en) 2018-03-09

Family

ID=61433904

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710999543.2A Pending CN107786556A (en) 2017-10-24 2017-10-24 A kind of port fast scanning method and device

Country Status (1)

Country Link
CN (1) CN107786556A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112596874A (en) * 2020-12-16 2021-04-02 北京天融信网络安全技术有限公司 Information processing method and electronic equipment
CN114760232A (en) * 2022-04-14 2022-07-15 和中通信科技有限公司 Method for rapidly identifying TCP port opened by host

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030145089A1 (en) * 2002-01-29 2003-07-31 Xerox Corporation System and method for enabling arbitrary components to transfer data between each other
CN103685279A (en) * 2013-12-18 2014-03-26 东南大学 Self-adapting-based network port fast scanning method
CN106453376A (en) * 2016-10-27 2017-02-22 成都知道创宇信息技术有限公司 Stateless scanning filtering method based on TCP packet feature

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030145089A1 (en) * 2002-01-29 2003-07-31 Xerox Corporation System and method for enabling arbitrary components to transfer data between each other
CN103685279A (en) * 2013-12-18 2014-03-26 东南大学 Self-adapting-based network port fast scanning method
CN106453376A (en) * 2016-10-27 2017-02-22 成都知道创宇信息技术有限公司 Stateless scanning filtering method based on TCP packet feature

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112596874A (en) * 2020-12-16 2021-04-02 北京天融信网络安全技术有限公司 Information processing method and electronic equipment
CN112596874B (en) * 2020-12-16 2023-07-07 北京天融信网络安全技术有限公司 Information processing method and electronic equipment
CN114760232A (en) * 2022-04-14 2022-07-15 和中通信科技有限公司 Method for rapidly identifying TCP port opened by host

Similar Documents

Publication Publication Date Title
US11501533B2 (en) Media authentication using distributed ledger
US20170289838A1 (en) Dynamic selection of tcp congestion control for improved performances
WO2017190467A1 (en) Adjustment method and apparatus for maximum transmission unit of terminal, and terminal device
CN101547184A (en) Method and device for authenticating data block transmitted in network
CN106656911A (en) Portal authentication method, access device and management server
CN110753095B (en) Data processing method and device of network card and storage medium
CN112152996B (en) Data transmission method, device, equipment and storage medium based on gateway cascade
CN112261094A (en) Message processing method and proxy server
CN104618316A (en) Method, device and system of safety verification
CN109309684A (en) A kind of business access method, apparatus, terminal, server and storage medium
CN107786556A (en) A kind of port fast scanning method and device
CN109286677A (en) A kind of method and device of the file transmission based on FTP
CN110009332A (en) Assets transfer method and apparatus
WO2019076000A1 (en) Method and device for identifying encrypted data stream, storage medium, and system
CN107800723A (en) CC attack guarding methods and equipment
CN107360247A (en) The method and the network equipment of processing business
CN107872445A (en) Access authentication method, equipment and Verification System
CN107612877A (en) Verify the methods, devices and systems of multimedia file legitimacy
US20180234201A1 (en) Fiber optic light intensity encryption
CN110247846B (en) Routing method and routing device of virtual private network
CN107632927A (en) A kind of method for testing pressure and device of the encryption of the analogue data in C/S frameworks
CN107888563A (en) A kind of determination method and apparatus of terminal access position
CN113691418A (en) Tunnel detection method and device, storage medium and electronic equipment
CN108541000A (en) A kind of method, medium and the equipment of detection network connection
CN110661850B (en) Edge calculation method, system, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180309