readme

一个端口扫描器

	IP Port Scanner Version 1.0 ( IPPS 1.0 )


Contents
--------
1. Some words from me, the author..
2. Using this program.

------------------------------------------------------------------------------
1. This is IPPS, a port scanner program. It is not the only one, and probably 
it is not the best also. I made it because I needed a port scanner with the 
options that IPPS offers, and I have failed to find one on the net. May be I 
am just a very bad "finder" and there were a lot of other programs waiting for 
me. I do not care. Now I have the program that I needed.

If you think IPPS is good for you too, it's great. I am not forcing you to
use it (and how could I?). If you have a constructive idea ( a patch for a bug,
or just a bug that you want fixed, or a new facility for the program ) send
it to me and I promise I'll do my best. Please don't lose time telling me what 
awful IPPS is, because I don't have too much time either. Just rm -rf it and
it will be OK for both of us.

I did not write this program to be a tool for hackers. Unfortunately, it
can be, as anyone can use it. I wrote it because after you build up a firewall,
you ask yourself: have I missed something? and this is a fast way to find out.
It would be great if only network administrators would use it, but it can't be
this way. 

Please use it just to protect yourself, not to attack the others. Destroying 
someone's work ( in this case a network ) it's not a good thing, but rather 
a proof that you are mostly an animal ( a primitive one, not even the 
Missing Link in the Evolution of Species ).
							
						Victor STANESCU
						bruno@lmn.pub.ro
						http://www.lmn.pub.ro/~bruno
------------------------------------------------------------------------------

2. IPPS allows you to scan a host or a network (specified by the netmask). 
The only restriction on the command line is to specify first the hostname or
ip address, and after it other options.

You can get faster a brief list of options by running IPPS with no command
line arguments.
 
The options that IPPS understands are:

-b PORT : means that the scan will begin with port number PORT, and continue 
	with PORT+1, PORT+2, until it reaches 1023 or the specified end port 
	(see below)
	example:
		scan myhost.home.net -b 25

-e PORT : same as -b, except that the program will scan from 0 or the port 
	specified with the -b option, until it reaches port number PORT, 
	specified with this option.
	example:
		scan 192.168.100.2 -e 110

-M mask : this option needs an argument like in ipfwadm's netmask(/MASK). 
	it can be a netmask (for example: 255.255.255.0) or a plain number, 
	specifying the number of 1's at the left side of the network mask.
	The netmask 255.255.255.192 is written as:
	11111111.11111111.11111111.11000000
	so instead of -M 255.255.255.192 you may say -M 26.
	example:
		scan 192.168.100.131 -M 26 
	will scan not just the host 192.168.100.131, but the whole network
	from 192.168.100.128 to 192.168.100.191

-S PORT : with this option set, the packets will be sent from the specified
	port, PORT. Why this option? Easy. It is often needed that packets
	coming from all but one port to be denied. So there is one port
	from which the packets bypass the firewall and get inside. You
	should know not just where can a normal packet reach inside your net,
	but also what can be seen inside from a specified port (which probably
	will see more than the others if you forgot something in the firewall
	policy).
	a good example is 
		scan hostname -S 53
 	because I saw in many cases that for the 53 (domain) port, a lot of
	things can be seen inside that from the other ports aren't seen.
	
	NOTE: as binding again and again on the same local port needs this port
	to be free, after a succeeded connection, the program waits sometime
	for the port to close. (that TIME_WAIT state i don't know how and 
	even if it is possible to avoid). Any hint on this problem would be
	great for me.
	The only solution I could find was to write on an open connection the
	word "quit", as it seems to be understood by most of the servers.
	It works for telnet, smtp, time, domain, finger, www, and pop3, which 
	covers the most important ports, so it is a little bit faster than
	without this trick.

-a 	: this is the option for the unpatient people. It will list all
	ports as they are scanned, letting you to know how many ports have
	been already scanned.

-o	: this option makes ipps to save a report for each machine scanned
	in a file named ip_address.dump. I think it is easier than redirecting
	the output or using <Shift><PgUp> in an xterm. At least it provides
	both file and on-screen display for the information.

ERROR CODES RETURNED TO THE SHELL:
0 - on success
1 - gethostbyname failed to resolve a hostname
2 - tried to use a privileged source port (-S option) without being root
3 - command line wrong options
4 - failed to open a dump file in the "-o" mode