All geek questions in one place

Determining who opened a TCP session

Given the local IP address and port for the established TCP session, can I figure out which side sent the original SYN? That is, was this connection actively or passively open? I need something that works in C / C ++ on Linux. The hacker way could be in socket () / listen () and catch EADDRINUSE, but I was hoping for something cleaner. I'm not even sure if the kernel is tracking this after the session is established.

EDIT: I would also prefer not to call netstat (or even ss) as they are too slow, with many sockets open. This code will be called frequently.

+4
source share
1 answer

, SYN ( ). , IP- , , , :

netstat --listening | grep given_ip:given_port

, , SYN. , , , SYN.

:

system("netstat --listening | grep given_ip:given_port > tmp.txt");
int fd = open("tmp.txt", O_RDONLY);
char buf[100] ;
if(read(fd,buf,100)>0)
    printf("The socket has received a SYN!");
else
    printf("The socket has sent a SYN!");

EDIT:

, netstat , raw socket TCP.

, SYN . source address:port, destination address:port . , SYN, , .

, ip-, scan , . STL map C++ .

, map , . FIN .

+2

Source: https://habr.com/ru/post/1523453/

More articles:


All Articles