Index of /code/smtp_survey
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory 20-Aug-2008 18:07 -
![[TXT]](/icons/text.gif)
20050408.txt 09-Apr-2005 00:34 2k
![[DIR]](/icons/folder.gif)
code/ 09-Apr-2005 00:06 -
Function: Determine SMTP Software popularity
notes:
I've seperated Critical Path qmail, netqmail, and qmail. In the real
world, these numbers should be combined to recognize qmail.
smtp_survey.pl:
the main perl program that forks off all the children.
this program does no scanning, it just generates a list of IP
Addresses to scan, and puts them in /tmp/ips_to_scan.N, where N
is the child number (not process number).
We skip most RFC3330 IP space (that we're rather sure wont accept
connections anyway).
the number of IPs to scan is determined by the 'total' variable.
the number of children to spawn is set by the 'procs' variable.
on my UltraSparc 360 w/ 1GB ram, i've set the procs to 160.
It is normal for smtp_survey.pl to chew your CPU for a bit (in my
case, about 90 seconds), while it generates the random IP Addresses
and starts forking off the children.
After about two minutes, the children were mostly in a sleeping state,
and all together were taking about 13% of the CPU.
each smtp_agent.pl took about 4MB of memory on my machine - make sure
you have enough ram to handle $procs * 4MB.
$procs should evenly divide $total. for example, if $total is 1000000:
$procs could be 10, 100, 125, 160, 200.
smtp_agent.pl:
this is the program that actually connects to an IP address and tries
to talk SMTP. One of these programs forked for each file in
/tmp/ips_to_scan.N. after scanning the entire list of IPs in each
file, a log is written to /tmp/ips_to_scan.N.log.
all unknown software types are logged in /tmp/conversations
smtp_total.pl:
this guy goes through each /tmp/ips_to_scan.N.log, and totals up the
numbers.