TCP Connect Port Scanner Source Code in C with Winsock

Tcp connect port scanning

TCP connect() scanning is the most basic form of TCP scanning. The program performs a connect() command on those ports of the target machine which are to be checked. If the port is open then the connect() command will succeed and a connection will be established. If the port is closed the connect() function would simply timeout in the connection attempt.

The simple steps would be :

1. Start a loop for the port number range to be scanned.
2. Create a Socket inside the loop.
3. Call the connect function using the socket and the port number to connect to the host.
4. If connect returns SOCKET_ERROR then the connection failed hence port closed, otherwise connection established and port open.

The following code does the same. It should be noted that it scans only TCP ports. I have coded the linux version of the tcp connect port scanner as well. Check it out.


 TCP Connect portscanner with winsock

#pragma comment(lib, "ws2_32.lib"); //To link the winsock library  

int main(int argc, char **argv)   
 WSADATA firstsock;   
 struct hostent *host;
 int err,i, startport , endport;
 struct sockaddr_in sa; //this stores the destination address
 char hostname[100];

 strncpy((char *)&sa,"",sizeof sa);  
 sa.sin_family = AF_INET; //this line must be like this coz internet

 //Initialise winsock
 if (WSAStartup(MAKEWORD(2,0),&firstsock) != 0)  //CHECKS FOR WINSOCK VERSION 2.0
  fprintf(stderr,"WSAStartup() failed"); //print formatted data specify stream and options
  exit(EXIT_FAILURE);        //or exit(1);
 printf("Enter hostname or ip to scan : ");
 printf("Enter starting port : ");
 scanf("%d" , &startport);
 printf("Enter ending port : ");
 scanf("%d" , &endport);
  printf("Doing inet_addr...");
  sa.sin_addr.s_addr = inet_addr(hostname); //get ip into s_addr
 else if( (host=gethostbyname(hostname)) != 0)
  printf("Doing gethostbyname()...");
  strncpy((char *)&sa.sin_addr , (char *)host->h_addr_list[0] , sizeof sa.sin_addr);
    printf("Error resolving hostname");

 //Start the portscan loop
 printf("Starting the scan loop...\n");
 for(i = startport ; i<= endport ; i++)
  s = socket(AF_INET , SOCK_STREAM , 0); //make net a valid socket handle
  if(s < 0)  //if not a socket
   perror("\nSocket creation failed");  // perror function prints an error message to stderr
   exit(EXIT_FAILURE);       //or exit(0);
  sa.sin_port = htons(i);
  //connect to the server with that socket
  err = connect(s , (struct sockaddr *)&sa , sizeof sa);

  if(err == SOCKET_ERROR) //connection not accepted
   printf("%s %-5d Winsock Error Code : %d\n" , hostname , i , WSAGetLastError());
  else  //connection accepted
   printf("%s %-5d accepted            \n" , hostname , i);
   if( shutdown( s ,SD_BOTH ) == SOCKET_ERROR )
    perror("\nshutdown");// perror function prints an error message to stderr
  closesocket(s);   //closes the net socket 
 fflush(stdout); //clears the contents of a buffer or flushes a stream

The above can be compiled with vc++ 6.0 for example. Simply create a project and add this file to the project and click run.

Last Updated On : 27th November 2012

Subscribe to get updates delivered to your inbox

2 Comments + Add Comment

  • Thank you, really nice and interesting article. I found almost the same logic but for windows rather than console application It works fast and doesn’t use multythreading.

  • very nice work
    i respect you teacher
    that’s what i look for
    i have project in my school with chat,transfer file and sniffer with winsock in C
    thanks lot
    badr-bari at hotmail dot com

Leave a comment