port scan of host outside subnet

[mvhulten]

It is very useful that all hosts in the same private subnet are scanned, and that one can then do a port scan by a simple touch on the screen. But it is often also useful to scan a host outside the subnet. Could that feature be added? For instance, as a button next to DISCOVER HOSTS, say ENTER HOST where an IP address or hostname can be added.

To illustrate, I have several subnets at home: one is 192.168.1.0/24 on which I have a device with Port Authority, and another is 10.0.0.0/24 with a host that I want to scan. A router connects those two subnets.

[aaronjwood]

Absolutely. This is something that I've wanted to add, I just haven't gotten around to it yet. #59

[aaronjwood]

Just to note: this will need some thought and possibly some reworking of the internals. Right now I rely heavily on ARP for accuracy. ARP won't work for devices across different subnets. I could do a few different types of scans underneath with fallback mechanisms to support scanning devices anywhere, but it will be a lot of work to have something that is as accurate as the ARP checks that are done now.

There would be many edge cases out of this too, and each one would need to have some fallback mechanism in order to do a "thorough" scan. For example, what if ICMP echo's are blocked? Now you can't rely on a simple ping scan anymore. Do we fall back to checking some well known ports to detect if a host is alive? What if that's not enough? What if we use the wrong ports and miss some hosts? Now do we use UDP? Do any of the hosts have a service listening on a UDP socket? Will they respond?

Unfortunately the more advanced stuff that nmap does like SYN scans (TCP half open) would require root on Android devices. That's not something I want to require users to have.

Still thinking on the best way to tackle all of this...