An Interest In:
Web News this Week
- April 29, 2024
- April 28, 2024
- April 27, 2024
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
Some of Our Sources
- BoingBoing
- Techcrunch
- Joshua Blankenship
- Pearsonified
- You The Designer
- Noupe
- Web Design Ledger
- Stylized Web
- Daily Now
- Hashedout
Help Webnuz
Referal links:
Simple port scanning without a port scanner
We all been in the situation where we need to understand if a port on a server can be reached, reachability is unsure, and no port scanner such as nmap is available, nor install is allowed.
ping
Please mind this is not about if the host in general can be reached. This generally can be done using the ping command. Although it should be considered that ping generally uses a specific protocol (ICMP), which is different from the generally used TCP protocol for encrypted and unencrypted communication.
TCP port scanning
The port state of a TCP port on an host can be determined if the openssl utility is available on the machine that needs to connect to the host. Nowadays, SSL/encryption almost always is a requirement, which makes it very likely the openssl package is installed, which contains the openssl utility.
A TCP port on a host can have 3 principal states:
- Unreachable/firewalledIf a host or hostname is specified that does not exist, then obviously it's impossible to connect to a port on that host, and there will be no communication back. The same happens when a host or hostname does exist, but is unreachable, or if the entire host (all ports) or the specific port is firewalled.
- OpenIf a host or hostname does allow communication with a specific port, and an executable is listening on that port, then communication can happen.
- ClosedIf a host or hostname does allow communication with a specific port, but no executable is listening on that port, then communication with that executable cannot happen. In such a case, the TCP/IP (network) stack will respond to the request by refusing the connection.
Now with these 3 states in mind, you can use the openssl utility to obtain the exact state of a hostname and port combination. This is how that looks like:
Unreachable
openssl s_client -connect 192.168.66.79:80If a host is unreachable, it will not, and cannot respond. In that case, the utility will not produce any response for a long time, because it's waiting for the response. Eventually it will time out:
connect: Operation timed outconnect:errno=60Open
openssl s_client -connect 192.168.66.80:7000CONNECTED(00000003)...much more output related to SSL...If a host is reachable, and has an executable listening on the port on the port specified, it will be able to connect, which is what the CONNECTED(00000003) message means. This means the port is open, and can interact with the executable.
All the other output that follows is related to SSL, and might or might not be relevant. It is not for determining the port state.
Closed
openssl s_client -connect 192.168.66.80:7001connect: Connection refusedconnect:errno=61If a host is reachable, but has no executable listening on the port specified, the message will specify 'Connection refused'.
Original Link: https://dev.to/yugabyte/simple-port-scanning-without-a-port-scanner-3mj7
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To