Thread: How to find the ipaddress of hackers who enter through open ports to PC?

Hello tej,

You would need to write some kind of port watching program that looks for unauthorised incoming connections.

Are you looking into this as a personal project or are you under attack from hackers?

A good firewall will protect you.

Could you please post your code? I will take a look and see if I can add the method to get the ip address.

here is mycode

import java.net.*;
 
 public class PortScannerApp
 
{
 
        public static void main(String args[])
       {
          Socket ServerSok ;
           int  startPortRange=0;
           int  stopPortRange=65536;
 
              for(int i=startPortRange; i <=stopPortRange; i++)
      {
                        try
                        {
                      ServerSok = new Socket("127.0.0.1",i);
                     //  System.out.println(""+ServerSok.getRemoteSocketAddress());
                       //System.out.println(""+ServerSok.getLocalSocketAddress());
                System.out.println("Port in use: " + i );{
 
                 ServerSok.close();
                       }
                catch (Exception e)
                       {
                e.printStackTrace();
                       }
        System.out.println("Port not in use: " + i );
 
        }
       }
        }
 }

Hey tej,

There were all sorts of errors in that code. I've cleaned it up for you though..

public class PortScannerApp {
 
    public static void main(String args[]){
 
          Socket ServerSok ;
          int  startPortRange=0;
          int  stopPortRange=65536;
 
          for(int i=startPortRange; i <=stopPortRange; i++) {
 
              try
              {
              ServerSok = new Socket("127.0.0.1",i);
              //  System.out.println(""+ServerSok.getRemoteSocketAddress());
              //System.out.println(""+ServerSok.getLocalSocketAddress());
              System.out.println("Port in use: " + i );
 
              ServerSok.close();
              }catch (Exception e){
               e.printStackTrace();
              }
 
              System.out.println("Port not in use: " + i );
             }
      }
 
}

the above code is scanning the ports.and displaying which port is used and which port is in unused.
its displaying the output port in use &not in use at the same number.
[port in use:80
port not in use:80]
but it takes very huge time to scan the total ports(0 to 56635).from these opened ports how i can get
the hackers details(i.e ipaddress,location).please help me..

Hello tej,

Take a look at this code.

It will watch a port for incoming connections. When someone connects, their IP is printed and the connection is closed.

In this case we are watching port 101.

import java.net.*;
import java.io.*;
 
public class PortMonitor {
 
    /**
     * JavaProgrammingForums.com
     */
    public static void main(String[] args) throws Exception {
 
        // Port to monitor
        final int myPort = 101;
        ServerSocket ssock = new ServerSocket(myPort);
        System.out.println("port " + myPort + " opened");
 
        Socket sock = ssock.accept();
        System.out.println("Someone has made socket connection");
 
        OneConnection client = new OneConnection(sock);
 
    }
 
}
 
class OneConnection {
    Socket sock;
    BufferedReader in = null;
    DataOutputStream out = null;
 
    OneConnection(Socket sock) throws Exception {
        this.sock = sock;
        in = new BufferedReader(new InputStreamReader(sock.getInputStream()));
        out = new DataOutputStream(sock.getOutputStream());
 
        // Get IP and send message
        System.out.println(sock.getRemoteSocketAddress());
        out.writeBytes("Go away!");
 
    }
 
}

Originally Posted by tej

thank u very much.when i executed the code by changing the port to 5222 it giving the exception but i am not getting
the ipaddress .i tested this code in lan to find my friends ipaddress.

Exception in thread "main" java.net.BindException: Address already in use: JVM_Bind
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java :359)
at java.net.ServerSocket.bind(ServerSocket.java:319)
at java.net.ServerSocket.<init>(ServerSocket.java:185 )
at java.net.ServerSocket.<init>(ServerSocket.java:97)
at remopteipaddress.PortMonitor.main(PortMonitor.java :20)

I think you are getting this Exception because port 5222 is already in use. This program monitors the port by opening it first. Try running the program and opening a port that is not in use. Do you get the same error?

The problem with your last code is that the hacker would have to be attempting to connect to the exact port at the exact time it is scanned. I can't see this method ever working correctly. I think the fastest way would be to gather a list of all ports in use and then watch those ports rather than constantly scanning the giant port range.

You could always use the code I posted earlier as a 'hunny trap' You can open a port that is not normally used, and when a hacker does a port scan or attempts to connect to the open port, their IP will be displayed. This is a much more effective method of catching an intruder.

Yes the Netstat command is a good way to show connected IPs although I am unsure as to how to parse this in Java. It'll be easier to do it manually and write the result down!

Originally Posted by tej

ok.this discussion gives me lot of usefull information .ok now i move forther with this information
thank u very much

No problem tej, I hope this helps you to complete your task.