Port scanning from different source ports

This is just some quick script I hacked up to scan TCP ports using different source ports. The aim of the script is to find badly configured firewalls that allow traffic from certain source ports. This is for instance explained in the NMAP book. I’ve done it in scapy (yeah I know python ones again) and still admire scapy, it’s a wonderful piece of software. Here are some nice references if you decide to write your own networking stuff in scapy:

#   – http://www.secdev.org/projects/scapy/doc/usage.html
#   – http://www.secdev.org/conf/scapy_pacsec05.pdf
#   – https://cs.uwindsor.ca/~rfortier/CRIPT/uploads/slides/Python_Scapy.pdf

You can find the source here.

I chose manual output analysis, this means that the script doesn’t have any logic whatsoever and you will have to decide, if it allows or doesn’t allow traffic from different source ports yourself. Example output:

Received 34 packets, got 8 answers, remaining 28 packets
srcport, dstport, flags, humanflags
20,80,18,[‘SYN’, ‘ACK’]
20,443,18,[‘SYN’, ‘ACK’]
53,80,18,[‘SYN’, ‘ACK’]
53,443,18,[‘SYN’, ‘ACK’]
67,80,18,[‘SYN’, ‘ACK’]
67,443,18,[‘SYN’, ‘ACK’]
88,80,18,[‘SYN’, ‘ACK’]
88,443,18,[‘SYN’, ‘ACK’]

Hope it’s also useful for someone out there.