On Mon, Apr 16, 2007 at 10:30:08PM +0900, mrpink wrote:
> I wanna write a simple and fast port scanner which scans one host for 
> some open ports. I need to do this in a SYN scan mode which is described 
> as follows:
> 
> 'This technique is often referred to as half-open scanning, because you 
> don't open a full TCP connection. You send a SYN packet, as if you are 
> going to open a real connection and then wait for a response. A SYN/ACK 
> indicates the port is listening (open), while a RST (reset) is 
> indicative of a non-listener. If no response is received after several 
> retransmissions, the port is marked as filtered. The port is also marked 
> filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or 
> 13) is received.'
> 
> But a simple question ;) How do I send a SYN packet ? Google didn't want 
> to drop a usefull answer for that question so I hope I can get here some 
> infos about that.

Simple and fast solution: just use nmap.

If you want to write one yourself: then read the source code for nmap to see
how it's done. And buy yourself a copy of the Stevens networking book and
read about raw sockets.
http://www.amazon.com/Unix-Network-Programming-Vol-Networking/dp/0131411551/ref=sr_1_2/104-5978442-9615919?ie=UTF8&s=books&qid=1176733652&sr=8-2

If you want to do this from Ruby, you'll probably have to work it out for
yourself, unless you can find some sample code which uses raw sockets.

Regards,

Brian.