SCTPScan

Description

SCTPscan is a tool written by Philippe Langlois, to scan SCTP endpoints. SCTP is a protocol that is used to carry SS7 over TCP/IP, among other things. It is part of the SIGTRAN protocol family, for SIGnalling TRANsport. It is a protocol like TCP with builtin support in major OS (Linux kernel 2.6, Solaris 10, FreeBSD 7, Mac OS X with kernel extension, …). SCTP has some very interesting features (multihoming, multi-stream, resists well to Denial of Service – DoS, high performance). It’s used for telecommunication backbone over IP (SS7 over IP aka SIGTRAN), Internet2 transfers, Cluster high-speed communication.

Usage

Syntax

 sctpscan [options]

Options

-p, –port <port>
port specifies the remote port number
(default: 10000)
-P, –loc_port <port>
port specifies the local port number
(default: 10000)
-l, –loc_host <loc_host>
loc_host specifies the local (bind) host for the SCTP stream with optional local port number
(default: 127.0.0.1)
-r, –rem_host <rem_host>
rem_host specifies the remote (sendto) address for the SCTP stream with optional remote port number
(default: 127.0.0.2)
-s, –scan -r aaa[.bbb[.ccc]]
scan all machines within network
-m, –map
map all SCTP ports from 0 to 65535 (portscan)
-F, –Frequent
Portscans the frequently used SCTP ports (1, 7, 9, 20, 21, 22, 80, 100, 128, 179, 260, 250, 443, 1167, 1812, 2097, 2000, 2001, 2010, 2011, 2020, 2021, 2100, 2110, 2120, 2225, 2427, 2477, 2577, 2904, 2905, 2906, 2907, 2908, 2909, 2944, 2945, 3000, 3097, 3565, 3740, 3863, 3864, 3868, 4000, 4739, 4740, 5000, 5001, 5060, 5061, 5090, 5091, 5672, 5675, 6000, 6100, 6110, 6120, 6130, 6140, 6150, 6160, 6170, 6180, 6190, 6529, 6700, 6701, 6702, 6789, 6790, 7000, 7001, 7102, 7103, 7105, 7551, 7626, 7701, 7800, 8000, 8001, 8471, 8787, 9006, 9084, 9899, 9911, 9900, 9901, 9902, 10000, 10001, 11146, 11997, 11998, 11999, 12205, 12235, 13000, 13001, 14000, 14001, 20049, 29118, 29168, 30000, 32905, 32931, 32768)
-a, –autoportscan
Portscans automatically any host with SCTP aware TCP/IP stack
-i, –linein
Receive IP to scan from stdin
-f, –fuzz
Fuzz test all the remote protocol stack
-B, –bothpackets
Send packets with INIT chunk for one, and SHUTDOWN_ACK for the other
-b, –both_checksum
Send both checksum: new crc32 and old legacy-driven adler32
-C, –crc32
Calculate checksums with the new crc32
-A, –adler32
Calculate checksums with the old adler32
-Z, –zombie
Does not collaborate to the SCTP Collaboration platform. No reporting.
-d, –dummyserver
Starts a dummy SCTP server on port 10000. You can then try to scan it from another machine.
-E, –exec <script_name>
Executes <script_name> each time an open SCTP port is found.
Execution arguments: <script_name> host_ip sctp_port
-t, –tcpbridge <listen TCP port>
Bridges all connection from <listen TCP port> to remote designated SCTP port.
-S, –streams <number of streams>
Tries to establish SCTP association with the specified <number of streams> to remote designated SCTP destination.

Example

cyborg@cyborg:~$ sudo sctpscan -r 192.168.1.40
SCTPscan - Copyright (C) 2002 - 2009 Philippe Langlois.
Sending Crc32 checksumed packet
End of scan: duration=4 seconds packet_sent=1 packet_rcvd=1 (SCTP=0, ICMP=1)
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?