Project 4: TCP Port Scanner

A command-line tool that scans a range of ports on a target host, determining which are open, closed, or filtered. Supports concurrent scanning for speed.

Quick Reference

Attribute Value
Primary Language C++
Alternative Languages C, Rust, Go
Difficulty Level 2: Intermediate
Time Estimate 1 week
Knowledge Area Connection States, Timeouts, Concurrent Connections
Tooling nmap-like tool
Prerequisites Project 2-3, understanding of TCP three-way handshake

What You Will Build

A command-line tool that scans a range of ports on a target host, determining which are open, closed, or filtered. Supports concurrent scanning for speed.

Why It Matters

This project builds core skills that appear repeatedly in real-world systems and tooling.

Core Challenges

  • Non-blocking connect() → maps to EINPROGRESS and using select/poll to wait
  • Detecting open vs closed vs filtered → maps to connection success, RST, timeout
  • Concurrent connection attempts → maps to managing many pending connections
  • Reasonable timeout handling → maps to getsockopt() SO_ERROR after select

Key Concepts

  • TCP Connection Establishment: “TCP/IP Illustrated, Volume 1” Chapter 18 - Stevens
  • Non-blocking connect(): “UNIX Network Programming, Volume 1” Section 16.3 - Stevens
  • Connection Timeouts: “The Linux Programming Interface” Section 61.3 - Kerrisk
  • TCP State Machine: RFC 793

Real-World Outcome

$ ./portscan scanme.nmap.org 1-1000
Scanning scanme.nmap.org (45.33.32.156) ports 1-1000...
Concurrent connections: 100
Timeout: 3 seconds

PORT     STATE     SERVICE
22/tcp   open      ssh
80/tcp   open      http
135/tcp  filtered  msrpc
139/tcp  filtered  netbios-ssn
445/tcp  filtered  microsoft-ds
...

Scan complete: 997 closed, 2 open, 3 filtered
Time: 4.2 seconds

$ ./portscan -p 22,80,443,8080 192.168.1.1
PORT     STATE
22/tcp   open
80/tcp   open
443/tcp  closed
8080/tcp closed

Implementation Guide

  1. Reproduce the simplest happy-path scenario.
  2. Build the smallest working version of the core feature.
  3. Add input validation and error handling.
  4. Add instrumentation/logging to confirm behavior.
  5. Refactor into clean modules with tests.

Milestones

  • Milestone 1: Minimal working program that runs end-to-end.
  • Milestone 2: Correct outputs for typical inputs.
  • Milestone 3: Robust handling of edge cases.
  • Milestone 4: Clean structure and documented usage.

Validation Checklist

  • Output matches the real-world outcome example
  • Handles invalid inputs safely
  • Provides clear errors and exit codes
  • Repeatable results across runs

References

  • Main guide: LEARN_CPP_NETWORK_PROGRAMMING.md
  • “TCP/IP Illustrated, Volume 1” by W. Richard Stevens