I've made a very basic port-scan program in C to scan a port range. Here it is:
#include <stdio.h>
#include <sys/socket.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <string.h>
#define HOST "127.0.0.1"
#define PORT 4444
int createConnection(const char *host[], const int port)
{
struct sockaddr_in addr;
int sock = 0;
int ret;
struct sockaddr_in server_addr;
if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
{
printf("Error %d socket creating.\n", sock);
return -1;
}
else
{
memset(&server_addr, '0', sizeof(server_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(port);
ret = inet_pton(AF_INET, host, &server_addr.sin_addr);
if (ret <= 0)
{
printf("Error %d unsuported address: %d\n", ret);
return -2;
}
else
{
ret = connect(sock, (struct sockaddr *)&server_addr, sizeof(server_addr));
if (ret < 0)
{
//printf("[-] Port %d closed.\n", port);
close(sock);
return 1;
}
else
{
printf("[+] Port %d open.\n", port);
close(sock);
return 0;
}
}
}
}
int main(int argc, const char *argv[])
{
for (int i = 1; i < 65536; i++)
{
createConnection("127.0.0.1", i);
}
}
As you can see in the for loop, it scans from port 1 to port 65535. The problem is that when I start it, I get this output:
[+] Port 42178 open.
[+] Port 48650 open.
[+] Port 60078 open.
The "open ports" always change, but are always superior to 40000. But, I checked with netstat -tulpn, only my port 68 is open for the dhclient, which is UDP and not TCP. Why does it say that I have open ports ?
I suspect you're running into your open socket source ports while scanning.
TCP connections have a source port. If one is not assigned to a socket (via bind), then the kernel assigns an ephemeral port (in the high range) to the socket when you call connect, before the SYN is sent.
Since you are connecting your sockets to your local machine, as you loop through the destination ports, it is possible that the kernel will assign a random ephemeral source port that happens to match the same destination port to which you're about to connect.
See: