If C++ is your language then you are at the wrong forum

I want to develope a new tool like Nmap written in c++ and can be easily downloaded from wwwdotinsecuredotorg. Can any one knows how do i start. I know how to detect ports but how to map them with services.

No offence shaikh_mshariq but your post does realy sound like you wish to create your project in c++. You need not to respond to javaAddict as you did.

If you wish to do it in Java you may want to have look at some books like Java Network Programming 3e by E Harold
, An Introduction to Network Programming with Java by Jan Graba (at least first 6 chapters) and java2s.com has some interesting examples in their Network Protocol section

Please read Details carefully before your suggestion.

Your post does sound like you want to create it in c++. Don't berate others for your own failure to write something clearly.

Most such tools (maybe all) simply have a list of ports and the services they typically belong to.
For example port 80 is standardised for http, port 25 for smtp, 21 for ftp, and so on.

Others may try to determine what's running on a port by sending some packets to it and analysing the response.

Very interesting project. I think your first step is to test open ports and then assume the service running on that port. Windows NT for example, have alota open ports and if enough of them are open then we can safely say that we have a Windows NT box. If you plan to take this path, then a site you should most certainly checkout is Microsoft :icon_biggrin:

Analysing network packets is a bit tricky... you'd likely have to use downloaded API on Linux (but Java tends to not be the choice when it comes to this kinda stuff). Windows tends to be restrictive when it comes to packet analysis :?:

An interesting tool to check out for anyone dealing with network security is dSniff.

you will have to look into the sockets API , you can either check if a port is open, then if it is assume that the corresponding service is ruinning on it. For instance if port 80 is open you could assume that http is running. The alternative to this is to attempt to figure out what protocal is running by analyzing the packets sent back from the server.

For UDP protocols you can only tell if a port is open if a. the server responds to a packet or b. the server sends a ICMP port unavailable when the UDP port is closed. ( since the TCP handshake does not happen with UDP ).

Anyhow, I don't know if this helps, But I hope it does

I agree with Paul; Plus it seems like the easiest way (plus I'm not really sure of any other way to test if a port is open!). But what extra information would you want from the packet? There is certainly no field that specifies the OS. It's still a matter of what services are likely to run on a particular OS. So if you do analyse the packets, it's only to attempt to verify that indeed the service that you think should be running on port x is indeed that service.

You still need a database with port, service and OS records. Of course certain services run on both while others don't. But I do believe that that is the only way.

Some services will send version information when requested. This should allow one to determine the OS running on different machines. For instance RFC 2616 for HTTP describes the server response header

The Server response-header field contains information about the software used by the origin server to handle the request. The field can contain multiple product tokens (section 3.8) and comments identifying the server and any significant subproducts. The product tokens are listed in order of their significance for identifying the application.

This may be used to find the operating system if it is listed in the header, Although there is no guarantee that it will be listed

yes, but such information is not specified in any specific format.
It's usually a free format string of some length.
There's also no guarantee that the software sending the information is telling you the truth.
I've made use of that myself to trick firewalls to let information pass by making it look like it was coming from for example Apache or Sendmail, or reverse to get strict servers to accept packages by making them look like they were coming from Internet Explorer or Netscape.

no, the header field is FREE FORMAT.
It MAY contain that information but there's no requirement.

And that's only for http, for other protocols there is no such information AT ALL.

Since you obviously have no clue about what you're trying to accomplish using JNI (which you apparently also have no clue about how to use) to call a program written in C or C++ (which you apparently don't know) isn't going to solve anything.