CN107786556A - A kind of port fast scanning method and device - Google Patents
A kind of port fast scanning method and device Download PDFInfo
- Publication number
- CN107786556A CN107786556A CN201710999543.2A CN201710999543A CN107786556A CN 107786556 A CN107786556 A CN 107786556A CN 201710999543 A CN201710999543 A CN 201710999543A CN 107786556 A CN107786556 A CN 107786556A
- Authority
- CN
- China
- Prior art keywords
- port
- tcp
- packet
- terminal device
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of port fast scanning method and device, including:Scanning system uses special algorithm, and the first TCP sequence number and the first TCP source port are determined according to source IP and purpose IP;Scanning system generates and sends packet according to the first TCP sequence number and the first TCP source port;Terminal device received data packet simultaneously obtains source IP, purpose IP, the first TCP sequence number and the first TCP source port;Terminal device uses the special algorithm consistent with scanning system, and the second TCP sequence number and the second TCP source port are determined according to source IP and purpose IP;Terminal device uses the first TCP sequence number, the first TCP source port, the second TCP sequence number and the second TCP source port verification data bag.The present invention can be directed to different port or different types of port carries out port and quickly scanned, and reduce resource occupation, reduce maintenance cost, improve sweep speed.
Description
Technical field
The present invention relates to computer realm, more specifically, particularly relating to a kind of port fast scanning method and device.
Background technology
Many network admittance control systems are required for the port for the ability of discovery and terminal device for possessing terminal device to open
To one's heart's content condition.It is of the prior art to take the method that traversal all of the port carries out TCP scannings to realize, although this method
It is feasible, but the port to being detected carries out TCP three-way handshake connection, takes substantial amounts of system resource;Simultaneously to being detected
Target IP carries out status tracking, consumes substantial amounts of system resource, adds very high maintenance cost, directly affects the speed of scanning
Degree.
The problem of ample resources, maintenance cost are high, sweep speed is slow is taken for port scan in the prior art, at present still
There is not effective solution.
The content of the invention
In view of this, the purpose of the embodiment of the present invention is to propose a kind of port fast scanning method and device, Neng Gouzhen
Port is carried out to different port or different types of port quickly to scan, and is reduced resource occupation, is reduced maintenance cost, improves scanning
Speed.
Based on above-mentioned purpose, the one side of the embodiment of the present invention provides a kind of port fast scanning method, is swept in port
In retouching, each transmission of packet comprises the following steps:
Scanning system uses special algorithm, and the first TCP sequence number and the first TCP sources are determined according to source IP and purpose IP
Mouthful;
Scanning system generates and sends packet according to the first TCP sequence number and the first TCP source port;
Terminal device received data packet simultaneously obtains source IP, purpose IP, the first TCP sequence number and the first TCP source port;
Terminal device uses the special algorithm consistent with scanning system, and the second TCP sequence is determined according to source IP and purpose IP
Number with the second TCP source port;
Terminal device uses the first TCP sequence number, the first TCP source port, the second TCP sequence number and the second TCP source port
Verification data bag.
In some embodiments, each packet includes at least one of:SYN messages, ACK messages, RST messages.
In some embodiments, when the terminal device of scanning system scanning has open port, scanning system is to end
End equipment sends the first packet with SYN messages, and terminal device is sent after the first packet is received to scanning system
The second packet with SYN messages Yu ACK messages, scanning system is sent after the second packet is received to terminal device to be had
There are the 3rd packet of RST messages and completing port scanning.
In some embodiments, when the terminal device of scanning system scanning has close port, scanning system is to end
End equipment sends the first packet with SYN messages, and terminal device is sent after the first packet is received to scanning system
The 4th packet with RST messages and completing port scanning.
In some embodiments, special algorithm comprises the following steps:
Rijndael algorithms are used to source IP and purpose IP, generate AES ciphertexts;
AES ciphertexts are divided into the first AES ciphertexts section and the 2nd AES ciphertext sections;
Using the first AES ciphertexts section as the first TCP sequence number or the second TCP sequence number;
By the 2nd AES ciphertexts section with the terminal device number sum that currently detects to remaining Number of Available/Faulty Ports modulus, and it is superimposed
Upper sending port start numbers are as the first TCP source port or the second TCP source port.
In some embodiments, when the first TCP sequence number is equal to the second TCP sequence number and the first TCP source port etc.
When the second TCP source port, terminal device assert that packet verifies successfully.
The another aspect of the embodiment of the present invention, a kind of quick scanning means in port is additionally provided, has used the above method.
The another aspect of the embodiment of the present invention, additionally provide a kind of computer equipment, including memory, at least one processing
Device and storage perform above-mentioned on a memory and the computer program that can run on a processor, during computing device program
Method.
The another aspect of the embodiment of the present invention, additionally provide a kind of computer-readable recording medium, computer-readable storage
Media storage has computer program, and above-mentioned method is performed when computer program is executed by processor.
The another aspect of the embodiment of the present invention, additionally provides a kind of computer program product, and computer program product includes
The calculation procedure being stored on computer-readable recording medium, calculation procedure include instruction, when executed by the processor, made
Computer performs the above method.
The present invention has following advantageous effects:Port fast scanning method and device provided in an embodiment of the present invention,
By determining the first TCP sequence number and the first TCP source port according to source IP and purpose IP, packet is generated and sent;Receive number
The second TCP sequence number and the second TCP source port are determined come the technical scheme of verification data bag according to bag and according to source IP and purpose IP,
Avoid and TCP three-way handshake connection is carried out to detection port and to a large amount of systems moneys caused by detection IP progress status trackings
The consumption in source, resource occupation is effectively reduced, maintenance cost is reduced, improves sweep speed.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to needed for embodiment
The accompanying drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention,
For those of ordinary skill in the art, on the premise of not paying creative work, can also be obtained according to these accompanying drawings
Other accompanying drawings.
Fig. 1 is the schematic flow sheet of one embodiment of port fast scanning method provided by the invention;
Fig. 2 is the open port handshake procedure signal of second embodiment of port fast scanning method provided by the invention
Figure;
Fig. 3 is the close port handshake procedure signal of second embodiment of port fast scanning method provided by the invention
Figure;
Fig. 4 is the TCP message product process signal of the 3rd embodiment of port fast scanning method provided by the invention
Figure;
Fig. 5 is the TCP message checking process signal of the 3rd embodiment of port fast scanning method provided by the invention
Figure;
Fig. 6 is the hard of one embodiment of the computer equipment provided by the invention for performing the port fast scanning method
Part structural representation.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with specific embodiment, and reference
Accompanying drawing, the embodiment of the present invention is further described.
It should be noted that all statements for using " first " and " second " are for differentiation two in the embodiment of the present invention
The non-equal entity of individual same names or non-equal parameter, it is seen that " first " " second " should not only for the convenience of statement
The restriction to the embodiment of the present invention is interpreted as, subsequent embodiment no longer illustrates one by one to this.
Based on above-mentioned purpose, the embodiment of the present invention the on one side, it is proposed that one kind can be directed to different port or not
The port of same type carries out the one embodiment for the method that port is quickly scanned.Fig. 1 is illustrated that port provided by the invention
The schematic flow sheet of one embodiment of fast scanning method.
The port fast scanning method comprises the following steps in each transmission of packet:
Step S101, scanning system use special algorithm, and the first TCP sequence number and first is determined according to source IP and purpose IP
TCP source port.
Wherein, alternatively, source IP is located in the IP messages of packet with purpose IP, and scanning system and terminal device can
Source IP and purpose IP are directly obtained on the premise of not read data packet content, therefore source IP is adapted as verification with purpose IP
According to use.
Step S103, scanning system generate and send packet according to the first TCP sequence number and the first TCP source port.
Wherein, alternatively, TCP message can quote the content of IP messages as the upper-level protocol message of IP messages.Meanwhile
Because IP message contents are disclosed in itself, therefore the other information in IP messages can also be used as calibration reference.
Step S105, terminal device received data packet simultaneously obtain source IP, purpose IP, the first TCP sequence number and the first TCP sources
Port.
Wherein, alternatively, terminal device obtains source IP, purpose IP from IP messages, and the first TCP is obtained from TCP message
Sequence number, the first TCP source port.First TCP sequence number and the information that the first TCP source port is in derived data bag, in theory
It is possible to be tampered.
Step S107, terminal device use the special algorithm consistent with scanning system, and the is determined according to source IP and purpose IP
Two TCP sequence numbers and the second TCP source port.
Wherein, alternatively, the second TCP sequence number and the second TCP source port are according to the information of IP messages determination, IP messages
Itself it will not be tampered, therefore the second TCP sequence number should reflect real scanning system sender with the second TCP source port.
Step S109, terminal device use the first TCP sequence number, the first TCP source port, the second TCP sequence number and second
TCP source port verification data bag.
Wherein, alternatively, the other information in TCP message can also be further verified if necessary.
From above-described embodiment as can be seen that port fast scanning method provided in an embodiment of the present invention, by according to source IP
The first TCP sequence number and the first TCP source port are determined with purpose IP, generates and sends packet;Received data packet and according to source
IP and purpose IP determines that the second TCP sequence number carrys out the technical scheme of verification data bag with the second TCP source port, avoids to detection
Port carries out TCP three-way handshake connection and the consumption of a large amount of system resources caused by status tracking is carried out to detection IP, has
Effect reduces resource occupation, reduces maintenance cost, improves sweep speed.
The embodiment of the present invention also proposed one kind can be quick for different port or different types of port progress port
Second embodiment of the method for scanning.
In some embodiments, each packet includes at least one of:SYN messages, ACK messages, RST messages.
Wherein, alternatively, traditional TCP three-way handshake scanning is a complete TCP scanning process, terminal device with sweep
The system of retouching is required for establishing communication socket, and when scanning IP and during scanning port number increase, the socket of scanning system will be by
Exhaust, scanning system will be unable to operate.
As shown in Fig. 2 in some embodiments, when the terminal device of scanning system scanning has open port, sweep
Retouch system and send the first packet with SYN messages to terminal device, terminal device is after the first packet is received to sweeping
Retouch system and send the second packet with SYN messages and ACK messages, scanning system is after the second packet is received to terminal
Equipment sends the 3rd packet with RST messages and completing port scanning.
Wherein, alternatively, open port can be scanning system feedback link status request, when both sides send mutually connection
Success of shaking hands can be directly determined during status request, thus three-way handshake agreement need not be performed completely, this measure is intended to save band
Width takes and reduced sweep time.Completion purpose resets the purpose that connection has reached port detection immediately also will not be to system Shen
Please socket resources.
As shown in figure 3, in some embodiments, when the terminal device of scanning system scanning has close port, sweep
Retouch system and send the first packet with SYN messages to terminal device, terminal device is after the first packet is received to sweeping
Retouch system and send the 4th packet with RST messages and completing port scanning.
Wherein, alternatively, close port not feedback link status request, can when terminal device receives connection status request
Success of shaking hands is determined with direct, thus three-way handshake agreement need not be performed completely, this measure, which is again intended to, saves bandwidth occupancy simultaneously
Reduce sweep time.Completion purpose resets the purpose that connection has reached port detection immediately also will not be to system application socket
Resource.
From above-described embodiment as can be seen that port fast scanning method provided in an embodiment of the present invention, by according to source IP
The first TCP sequence number and the first TCP source port are determined with purpose IP, generates and sends packet;Received data packet and according to source
IP and purpose IP determines that the second TCP sequence number carrys out the technical scheme of verification data bag with the second TCP source port, avoids to detection
Port carries out TCP three-way handshake connection and the consumption of a large amount of system resources caused by status tracking is carried out to detection IP, has
Effect reduces resource occupation, reduces maintenance cost, improves sweep speed.
The embodiment of the present invention also proposed one kind can be quick for different port or different types of port progress port
3rd embodiment of the method for scanning.
Prior art is to carry out message confirmation by sequence number in TCP connections, therefore in the mode of traditional scanning
In, these status informations are all stored in protocol stack, and the preservation, inquiry and maintenance to the information of these states can significantly
Reduce the efficiency of scanning.The embodiment then uses stateless scan mode, and this scan mode does not need protocol stack to preserve this
A little status informations and verify destination interface and ACK sequence numbers.
As shown in figs. 4 and 5, in some embodiments, special algorithm comprises the following steps:
Rijndael algorithms are used to source IP and purpose IP, generate AES ciphertexts;
AES ciphertexts are divided into the first AES ciphertexts section and the 2nd AES ciphertext sections;
Using the first AES ciphertexts section as the first TCP sequence number or the second TCP sequence number;
By the 2nd AES ciphertexts section with the terminal device number sum that currently detects to remaining Number of Available/Faulty Ports modulus, and it is superimposed
Upper sending port start numbers are as the first TCP source port or the second TCP source port.
Wherein, alternatively, the embodiment of the present invention generates an AES ciphertext for being used to verify by rijndael algorithms, should
The calculation of ciphertext is as described below:
AES ciphertexts=rijndael (source IP, purpose IP)
Wherein AES ciphertexts are stored in the shaping array validation that a size is 4.
The sequence number and source port of the SYN messages sent to scanning system carry out Initialize installation, and method is as follows:
TCP sequence numbers=validation [0],
TCP source port=sending port starting symbol+(validation [1]+the terminal device number currently detected) % residues
Number of Available/Faulty Ports, wherein validation [0] are the first segmentation of AES ciphertexts, and validation [1] is the second of AES ciphertexts
Segmentation.Scanning system uses identical algorithm with terminal device.
In some embodiments, when the first TCP sequence number is equal to the second TCP sequence number and the first TCP source port etc.
When the second TCP source port, terminal device assert that packet verifies successfully.
Wherein, alternatively, terminal device can also examine the other information in TCP message simultaneously.
From above-described embodiment as can be seen that port fast scanning method provided in an embodiment of the present invention, by according to source IP
The first TCP sequence number and the first TCP source port are determined with purpose IP, generates and sends packet;Received data packet and according to source
IP and purpose IP determines that the second TCP sequence number carrys out the technical scheme of verification data bag with the second TCP source port, avoids to detection
Port carries out TCP three-way handshake connection and the consumption of a large amount of system resources caused by status tracking is carried out to detection IP, has
Effect reduces resource occupation, reduces maintenance cost, improves sweep speed.
It is important to note that each step in each embodiment of above-mentioned port fast scanning method can phase
Mutually intersect, replace, increase, delete, therefore, alternatively fast scanning method should also be as belonging in port for these rational permutation and combination changes
In protection scope of the present invention, and protection scope of the present invention should not be confined on the embodiment.
Based on above-mentioned purpose, second aspect of the embodiment of the present invention, it is proposed that one kind can be directed to different port or not
The port of same type carries out the one embodiment for the quick scanning means in port that port is quickly scanned.Quickly scan the port
Device has used above-mentioned port fast scanning method.
From above-described embodiment as can be seen that the quick scanning means in port provided in an embodiment of the present invention, by according to source IP
The first TCP sequence number and the first TCP source port are determined with purpose IP, generates and sends packet;Received data packet and according to source
IP and purpose IP determines that the second TCP sequence number carrys out the technical scheme of verification data bag with the second TCP source port, avoids to detection
Port carries out TCP three-way handshake connection and the consumption of a large amount of system resources caused by status tracking is carried out to detection IP, has
Effect reduces resource occupation, reduces maintenance cost, improves sweep speed.
It is important to note that the embodiment of the above-mentioned quick scanning means in port employs the port quickly side of scanning
The embodiment of method illustrates the course of work of each module, and those skilled in the art can be it is readily conceivable that by these modules
It is applied in the other embodiment of the port fast scanning method.Certainly, due to the port fast scanning method embodiment
In each step can intersect, replace, increase, delete, therefore, these rational permutation and combination become alternatively in described
The quick scanning means in port be should also be as belonging to protection scope of the present invention, and protection scope of the present invention should not be confined to institute
State on embodiment.
Based on above-mentioned purpose, the 3rd aspect of the embodiment of the present invention, it is proposed that one kind performs the port and quickly scanned
One embodiment of the computer equipment of method.
The computer equipment for performing the port fast scanning method include memory, at least one processor and
Storage perform on a memory and the computer program that can run on a processor, during computing device program it is above-mentioned any one
Method.
An as shown in fig. 6, reality for the computer equipment provided by the invention for performing the port fast scanning method
Apply the hardware architecture diagram of example.
By taking computer equipment as shown in Figure 6 as an example, include a processor 601 and one in the computer equipment
Memory 602, and can also include:Input unit 603 and output device 604.
Processor 601, memory 602, input unit 603 and output device 604 can pass through bus or other modes
Connect, in Fig. 6 exemplified by being connected by bus.
Memory 602 is used as a kind of non-volatile computer readable storage medium storing program for executing, available for storage non-volatile software journey
Sequence, non-volatile computer executable program and module, such as the port fast scanning method pair in the embodiment of the present application
Programmed instruction/the module answered.Processor 601 by run storage non-volatile software program in the memory 602, instruction with
And module, various function application and data processing so as to execute server, that is, realize that the port of above method embodiment is fast
Fast scan method.
Memory 602 can include storing program area and storage data field, wherein, storing program area can store operation system
Application program required for system, at least one function;Storage data field can store uses institute according to the quick scanning means in port
Data of establishment etc..In addition, memory 602 can include high-speed random access memory, non-volatile memories can also be included
Device, for example, at least a disk memory, flush memory device or other non-volatile solid state memory parts.In some embodiments
In, memory 602 is optional including that can pass through net relative to the remotely located memory of processor 601, these remote memories
Network is connected to local module.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, mobile communication
Net and combinations thereof.
Input unit 603 can receive the numeral or character information of input, and produce the use with the quick scanning means in port
The key signals input that family is set and function control is relevant.Output device 604 may include the display devices such as display screen.
Programmed instruction/module corresponding to one or more of port fast scanning methods is stored in the memory
In 602, when being performed by the processor 601, the port fast scanning method in above-mentioned any means embodiment is performed.
Any one embodiment of the computer equipment for performing the port fast scanning method, can reach therewith
The identical or similar effect of corresponding foregoing any means embodiment.
Based on above-mentioned purpose, the 4th aspect of the embodiment of the present invention, it is proposed that a kind of computer-readable recording medium, institute
Stating computer-readable recording medium storage has computer executable instructions, and the computer executable instructions can perform above-mentioned any side
Port fast scanning method in method embodiment is with realizing that dress is quickly scanned in the port in above-mentioned any device/system embodiment
Put/system.The embodiment of the computer-readable recording medium, can reach corresponding foregoing any means and device/
The identical or similar effect of system embodiment.
Based on above-mentioned purpose, the 5th aspect of the embodiment of the present invention, it is proposed that a kind of computer program product, the calculating
Machine program product includes the calculation procedure being stored on computer-readable recording medium, and the computer program includes instruction, when this
When instruction is computer-executed, the computer is set to perform the port fast scanning method in above-mentioned any means embodiment with realizing
Quick scanning means/the system in port in above-mentioned any device/system embodiment.The embodiment of the computer program product,
The corresponding foregoing any means effect identical or similar with device/system embodiment can be reached.
Finally it should be noted that one of ordinary skill in the art will appreciate that realizing the whole in above-described embodiment method
Or part flow, related hardware can be instructed to complete by computer program, described program can be stored in a computer
In read/write memory medium, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, it is described
Storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory
(Random Access Memory, RAM) etc..The embodiment of the computer program, corresponding foregoing can be reached
The identical or similar effect of embodiment of the method for anticipating.
In addition, typically, it can be various electric terminal equipments that the embodiment of the present invention, which discloses described device, equipment etc., example
Such as mobile phone, personal digital assistant (PDA), tablet personal computer (PAD), intelligent television or large-scale terminal device, such as service
Device etc., therefore protection domain disclosed in the embodiment of the present invention should not limit as certain certain types of device, equipment.It is of the invention real
It can be applied to above-mentioned any with the combining form of electronic hardware, computer software or both to apply example and disclose described client
In a kind of electric terminal equipment.
In addition, disclosed method is also implemented as the computer program performed by CPU according to embodiments of the present invention, should
Computer program can store in a computer-readable storage medium.When the computer program is performed by CPU, the present invention is performed
The above-mentioned function of being limited in method disclosed in embodiment.
In addition, above method step and system unit can also utilize controller and make it that controller is real for storing
The computer-readable recording medium of the computer program of existing above-mentioned steps or Elementary Function is realized.
In addition, it should be appreciated that computer-readable recording medium (for example, memory) as described herein can be volatile
Property memory or nonvolatile memory, or both volatile memory and nonvolatile memory can be included.As example
Sub and nonrestrictive, nonvolatile memory can include read-only storage (ROM), programming ROM (PROM), electrically programmable
ROM (EPROM), electrically erasable programmable ROM (EEPROM) or flash memory.Volatile memory can include arbitrary access
Memory (RAM), the RAM can serve as external cache.Nonrestrictive as an example, RAM can be with more
Kind form obtains, such as synchronous random access memory (DRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate SDRAM
(DDR SDRAM), enhancing SDRAM (ESDRAM), synchronization link DRAM (SLDRAM) and directly Rambus RAM (DRRAM).
The storage device of disclosed aspect is intended to the memory of including but not limited to these and other suitable type.
Those skilled in the art will also understand is that, the various illustrative logical blocks with reference to described by disclosure herein, mould
Block, circuit and algorithm steps may be implemented as the combination of electronic hardware, computer software or both.It is hard in order to clearly demonstrate
This interchangeability of part and software, enters with regard to the function of various exemplary components, square, module, circuit and step to it
General description is gone.This function is implemented as software and is also implemented as hardware depending on concrete application and application
Design constraint to whole system.Those skilled in the art can realize described in a variety of ways for every kind of concrete application
Function, but this realize that decision should not be interpreted as causing a departure from scope of disclosure of the embodiment of the present invention.
Various illustrative logical blocks, module and circuit with reference to described by disclosure herein, which can utilize, to be designed to
The following part of function described here is performed to realize or perform:General processor, digital signal processor (DSP), special collection
Into circuit (ASIC), field programmable gate array (FPGA) or other PLDs, discrete gate or transistor logic, divide
Any combinations of vertical nextport hardware component NextPort or these parts.General processor can be microprocessor, but alternatively, processing
Device can be any conventional processors, controller, microcontroller or state machine.Processor can also be implemented as computing device
Combination, for example, the combination of DSP and microprocessor, multi-microprocessor, one or more microprocessors combination DSP and/or any
Other this configurations.
The step of method or algorithm with reference to described by disclosure herein, can be directly contained in hardware, be held by processor
In capable software module or in combination of the two.Software module may reside within RAM memory, flash memory, ROM storages
Device, eprom memory, eeprom memory, register, hard disk, removable disk, CD-ROM or known in the art it is any its
In the storage medium of its form.Exemplary storage medium is coupled to processor so that processor can be from the storage medium
Middle reading information writes information to the storage medium.In an alternative, the storage medium can be with processor collection
Into together.Processor and storage medium may reside within ASIC.ASIC may reside within user terminal.In a replacement
In scheme, processor and storage medium can be used as discrete assembly resident in the user terminal.
In one or more exemplary designs, the function can be real in hardware, software, firmware or its any combination
It is existing.If realized in software, can be stored in using the function as one or more instruction or code computer-readable
Transmitted on medium or by computer-readable medium.Computer-readable medium includes computer-readable storage medium and communication media,
The communication media includes helping for computer program to be sent to any medium of another position from a position.Storage medium
It can be any usable medium that can be accessed by a general purpose or special purpose computer.It is nonrestrictive as an example, the computer
Computer-readable recording medium can include RAM, ROM, EEPROM, CD-ROM or other optical disc memory apparatus, disk storage equipment or other magnetic
Property storage device, or can be used for carry or storage form for instruction or data structure required program code and can
Any other medium accessed by universal or special computer or universal or special processor.In addition, any connection can
It is properly termed as computer-readable medium.If for example, use coaxial cable, optical fiber cable, twisted-pair feeder, digital subscriber line
(DSL) or such as wireless technology of infrared ray, radio and microwave to send software from website, server or other remote sources,
Then above-mentioned coaxial cable, optical fiber cable, twisted-pair feeder, DSL or such as wireless technology of infrared ray, radio and microwave are included in
The definition of medium.As used herein, disk and CD include compact disk (CD), laser disk, CD, digital versatile disc
(DVD), floppy disk, Blu-ray disc, wherein disk generally magnetically reproduce data, and CD reproduce data using laser optics.On
The combination for stating content should also be as being included in the range of computer-readable medium.
Above is exemplary embodiment disclosed by the invention, it should be noted that in the sheet limited without departing substantially from claim
On the premise of inventive embodiments scope of disclosure, it may be many modifications and change.According to open embodiment described herein
The function of claim to a method, step and/or action be not required to perform with any particular order.In addition, although the present invention is implemented
Element disclosed in example can be described or required in the form of individual, but be odd number unless explicitly limited, it is understood that be multiple.
It should be appreciated that it is used in the present context, unless context clearly supports exception, singulative " one
It is individual " (" a ", " an ", " the ") be intended to also include plural form.It is to be further understood that "and/or" used herein is
Referring to includes any of one or more than one project listed in association and is possible to combine.
The embodiments of the present invention disclose that embodiment sequence number is for illustration only, do not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment
To complete, by program the hardware of correlation can also be instructed to complete, described program can be stored in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
Those of ordinary skills in the art should understand that:The discussion of any of the above embodiment is exemplary only, not
It is intended to imply that scope of disclosure of the embodiment of the present invention (including claim) is limited to these examples;In the think of of the embodiment of the present invention
It under road, can also be combined, and exist as described above between the technical characteristic in above example or different embodiments
Many other changes of the different aspect of the embodiment of the present invention, for simplicity, they are not provided in details.Therefore, it is all at this
Spiritual and any omission within principle, made, modification, equivalent substitution, improvement of inventive embodiments etc., should be included in this hair
Within the protection domain of bright embodiment.
Claims (10)
1. a kind of port fast scanning method, it is characterised in that in port scan, each transmission of packet is including following
Step:
Scanning system uses special algorithm, and the first TCP sequence number and the first TCP source port are determined according to source IP and purpose IP;
The scanning system generates and sends packet according to first TCP sequence number and first TCP source port;
Terminal device receives the packet and obtains the source IP, the purpose IP, first TCP sequence number and described the
One TCP source port;
The terminal device uses the special algorithm consistent with the scanning system, and second is determined according to source IP and purpose IP
TCP sequence number and the second TCP source port;
The terminal device uses first TCP sequence number, first TCP source port, second TCP sequence number and institute
State the second TCP source port and verify the packet.
2. according to the method for claim 1, it is characterised in that each packet includes at least one of:SYN is reported
Text, ACK messages, RST messages.
3. according to the method for claim 2, it is characterised in that when the terminal device of scanning system scanning has
During open port, the scanning system sends the first packet with SYN messages, the terminal device to the terminal device
After first packet is received the second packet with SYN messages with ACK messages, institute are sent to the scanning system
State scanning system and send the 3rd packet with RST messages simultaneously to the terminal device after second packet is received
Completing port scans.
4. according to the method for claim 2, it is characterised in that when the terminal device of scanning system scanning has
During close port, the scanning system sends the first packet with SYN messages, the terminal device to the terminal device
The 4th packet with RST messages is sent to the scanning system and completing port is swept after first packet is received
Retouch.
5. according to the method for claim 1, it is characterised in that the special algorithm comprises the following steps:
Rijndael algorithms are used to the source IP and the purpose IP, generate AES ciphertexts;
The AES ciphertexts are divided into the first AES ciphertexts section and the 2nd AES ciphertext sections;
Using the first AES ciphertexts section as first TCP sequence number or second TCP sequence number;
By the 2nd AES ciphertexts section with the terminal device number sum that currently detects to remaining Number of Available/Faulty Ports modulus, and it is superimposed
Upper sending port start numbers are as first TCP source port or second TCP source port.
6. according to the method for claim 5, it is characterised in that when first TCP sequence number is equal to the 2nd TCP sequences
Row number and when first TCP source port is equal to second TCP source port, the terminal device assert the packet school
Test success.
7. a kind of quick scanning means in port, it is characterised in that use method as claimed in any one of claims 1 to 6.
8. a kind of computer equipment, including memory, at least one processor and it is stored on the memory and can be in institute
State the computer program run on processor, it is characterised in that such as claim is performed during the computing device described program
Method described in 1-6 any one.
9. a kind of computer-readable recording medium, the computer-readable recording medium storage has computer program, and its feature exists
In perform claim requires the method described in 1-6 any one when the computer program is executed by processor.
10. a kind of computer program product, it is characterised in that the computer program product includes being stored in computer-readable deposit
Calculation procedure on storage media, the calculation procedure include instruction, when the instruction is computer-executed, make the computer
Perform claim requires the method described in 1-6 any one.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710999543.2A CN107786556A (en) | 2017-10-24 | 2017-10-24 | A kind of port fast scanning method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710999543.2A CN107786556A (en) | 2017-10-24 | 2017-10-24 | A kind of port fast scanning method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107786556A true CN107786556A (en) | 2018-03-09 |
Family
ID=61433904
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710999543.2A Pending CN107786556A (en) | 2017-10-24 | 2017-10-24 | A kind of port fast scanning method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107786556A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112596874A (en) * | 2020-12-16 | 2021-04-02 | 北京天融信网络安全技术有限公司 | Information processing method and electronic equipment |
CN114760232A (en) * | 2022-04-14 | 2022-07-15 | 和中通信科技有限公司 | Method for rapidly identifying TCP port opened by host |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030145089A1 (en) * | 2002-01-29 | 2003-07-31 | Xerox Corporation | System and method for enabling arbitrary components to transfer data between each other |
CN103685279A (en) * | 2013-12-18 | 2014-03-26 | 东南大学 | Self-adapting-based network port fast scanning method |
CN106453376A (en) * | 2016-10-27 | 2017-02-22 | 成都知道创宇信息技术有限公司 | Stateless scanning filtering method based on TCP packet feature |
-
2017
- 2017-10-24 CN CN201710999543.2A patent/CN107786556A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030145089A1 (en) * | 2002-01-29 | 2003-07-31 | Xerox Corporation | System and method for enabling arbitrary components to transfer data between each other |
CN103685279A (en) * | 2013-12-18 | 2014-03-26 | 东南大学 | Self-adapting-based network port fast scanning method |
CN106453376A (en) * | 2016-10-27 | 2017-02-22 | 成都知道创宇信息技术有限公司 | Stateless scanning filtering method based on TCP packet feature |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112596874A (en) * | 2020-12-16 | 2021-04-02 | 北京天融信网络安全技术有限公司 | Information processing method and electronic equipment |
CN112596874B (en) * | 2020-12-16 | 2023-07-07 | 北京天融信网络安全技术有限公司 | Information processing method and electronic equipment |
CN114760232A (en) * | 2022-04-14 | 2022-07-15 | 和中通信科技有限公司 | Method for rapidly identifying TCP port opened by host |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11501533B2 (en) | Media authentication using distributed ledger | |
US20170289838A1 (en) | Dynamic selection of tcp congestion control for improved performances | |
WO2017190467A1 (en) | Adjustment method and apparatus for maximum transmission unit of terminal, and terminal device | |
CN101547184A (en) | Method and device for authenticating data block transmitted in network | |
CN106656911A (en) | Portal authentication method, access device and management server | |
CN110753095B (en) | Data processing method and device of network card and storage medium | |
CN112152996B (en) | Data transmission method, device, equipment and storage medium based on gateway cascade | |
CN112261094A (en) | Message processing method and proxy server | |
CN104618316A (en) | Method, device and system of safety verification | |
CN109309684A (en) | A kind of business access method, apparatus, terminal, server and storage medium | |
CN107786556A (en) | A kind of port fast scanning method and device | |
CN109286677A (en) | A kind of method and device of the file transmission based on FTP | |
CN110009332A (en) | Assets transfer method and apparatus | |
WO2019076000A1 (en) | Method and device for identifying encrypted data stream, storage medium, and system | |
CN107800723A (en) | CC attack guarding methods and equipment | |
CN107360247A (en) | The method and the network equipment of processing business | |
CN107872445A (en) | Access authentication method, equipment and Verification System | |
CN107612877A (en) | Verify the methods, devices and systems of multimedia file legitimacy | |
US20180234201A1 (en) | Fiber optic light intensity encryption | |
CN110247846B (en) | Routing method and routing device of virtual private network | |
CN107632927A (en) | A kind of method for testing pressure and device of the encryption of the analogue data in C/S frameworks | |
CN107888563A (en) | A kind of determination method and apparatus of terminal access position | |
CN113691418A (en) | Tunnel detection method and device, storage medium and electronic equipment | |
CN108541000A (en) | A kind of method, medium and the equipment of detection network connection | |
CN110661850B (en) | Edge calculation method, system, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180309 |