Information Gatheringsctpscannernetworkportscandiscovery

SCTPscan

SCTP network scanner for discovering SCTP services and performing port scans on remote networks. Uses CRC32 checksummed packets to identify SCTP stack availability and scan frequent ports.

Description

sctpscan is a specialized tool for scanning SCTP (Stream Control Transmission Protocol) networks, primarily used for discovery of SCTP-enabled hosts and security assessments of SCTP services. It supports scanning individual hosts, network ranges, and frequently used ports to identify SCTP stack availability and open services.

Common use cases include verifying SCTP endpoint connectivity, mapping SCTP services across networks, and performing security audits on SCTP implementations. The tool is particularly useful for telecommunications networks and systems using SCTP for telephony signaling (SS7/SIGTRAN) or other reliable transport needs.

Note that sctpscan does not work behind most NAT devices since routers and firewalls typically cannot NAT SCTP packets. It requires a public IP address (non-RFC1918) for proper operation.

How It Works

sctpscan uses CRC32 checksummed SCTP packets for network scanning and service discovery. It sends SCTP INIT chunks to target hosts/ports and analyzes responses to determine SCTP stack presence and service availability. The tool supports both host discovery (-s flag) and port scanning modes (-F for frequent ports), binding to specified local interfaces to establish SCTP streams with remote endpoints.

Installation

bash

sudo apt install sctpscan

Flags

-sScan for SCTP stack availability / host discovery

-FScan frequently used ports

-p, --port <port>Remote port number (default: 10000)

-P, --loc_port <port>Local port number (default: 10000)

-l, --loc_host <loc_host>Local bind host for SCTP stream (default: 127.0.0.1)

-r, --rem_host <rem_host>Remote host (default: 127.0.0.2)

-dDebug mode

Examples

Scan for frequently used ports on the remote network 192.168.1.*

sctpscan -s -F -r 192.168.1.*

Scan port 9999 on 192.168.1.24

sctpscan -l 192.168.1.2 -r 192.168.1.24 -p 9999

Scans for availability of SCTP on 172.17.8.* and portscan any host with SCTP stack

sctpscan -s -l 172.22.1.96 -r 172.17.8

Scans frequently used ports on 172.17.8.*

sctpscan -s -F -l 172.22.1.96 -r 172.17.8

Scans all class-B network for frequent ports using interface IP

sctpscan -s -F -r 172.22 -l `ifconfig eth0 | grep 'inet addr:' |  cut -d: -f2 | cut -d ' ' -f 1 `

Start sctpscan in debug mode (first part of local verification)

sctpscan -d &

Simple verification end-to-end on local network (second part)

sctpscan -s -l 192.168.1.24 -r 192.168.1 -p 10000

Updated 2026-04-16kali.org ↗