#!/bin/sh
 # the next line restarts using -*-Tcl-*-sh \
 exec tclsh "$0" ${1+"$@"}

 # records all attempts to connect to the ports listed
 # in the portlist.
 # log lines consist of a timestamp, the port number
 # that was connected to, and client peer info.
 # original version by: phil@slug.org 

 set portlist [ list 6667 8080 31337 ]

 proc cfg { cid addr port } {
     fileevent $cid writable "handle $cid"
     fconfigure $cid -blocking  off
 }

 proc handle { cid } {
     set peerinfo [ fconfigure $cid -peername ]
     set port     [ fconfigure $cid -sockname ]
     close $cid
     set port [ lindex $port 2 ]
     set time [ clock seconds ]
     set time [ clock format $time -format "%m/%d/%y-%r %Z" ]
     puts stdout "$time $port $peerinfo"
 }

 foreach port $portlist {
    socket -server cfg $port
 }   
 vwait enter-mainloop

----
See also: [fileevent]

See also: [Port scanning in tcl]

----

[TP] 14Sep2005 If your purpose is to detect malicious scanners, perhaps make it somewhat painful for them, by
leaving the socket open for a bit?  Replace 

     close $cid

with:

     set some_pain [expr {60 * 1000}]
     after $some_pain [list close $cid]
     fileevent $cid writable {}

Optimally, you wouldn't leave sockets open, chewing up resources.
I once attended a talk by Marcus Ranum [http://www.ranum.com/] where he described changing
kernel TCP code to send back the TCP handshake, but otherwise ignore the connection.  No need to play
fair with scanners.

----
[Category Application] |
[Category Internet]