In this Lab, we explored various things about ports scanning

Notes

After looking at a Wireshark capture of a tcp connection, looking at the interplay of flags during setup and teardown. I enhanced the default port scanning script we were given.

Below is that script, Link to source:

#!/bin/bash
# Author: Oliver Mustoe
# Improvements:
# 1. Changed output to be listing ports open per host
# 2. Check for having two files entered
# 3. Make .csv file if wanted


# Check if 2 parameters are inputted
if [ -n $1 ](/Oliver-Mustoe/Oliver-Mustoe-Tech-Journal/wiki/--n-$1-) && [ -n $2 ](/Oliver-Mustoe/Oliver-Mustoe-Tech-Journal/wiki/--n-$2-); then

# Read input for whether to make .csv or not
read -p "Would you like to export this as a .csv?[y/N] " FileOrNo
# Make that input uppercase
FileOrNoUP=${FileOrNo^^}

# If .csv yes, echo certain results to console and screen
if [ $FileOrNoUP ==  "Y" ]] ](/Oliver-Mustoe/Oliver-Mustoe-Tech-Journal/wiki/|-[[-$FileOrNoUP-==-"YES"-); then
	echo "Saving result to 'portscanresult.csv'"
	echo "host,port" >> portscanresult.csv
fi

# Assign input into variables
hostfile=$1
portfile=$2

for host in $(cat $hostfile); do
	# Create array for open ports
	PortsOpen=()
	echo "HOST: $host"

	for port in $(cat $portfile); do
		timeout .1 bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null && # && is important here to keep errors away from data
		# Append open port to port array
		PortsOpen+="$port," && # Here too

		# if .csv yes, echo host and port in csv format to file
		if [ $FileOrNoUP ==  "Y" ]] ](/Oliver-Mustoe/Oliver-Mustoe-Tech-Journal/wiki/|-[[-$FileOrNoUP-==-"YES"-); then
			echo "$host,$port" >> portscanresult.csv

		fi

	done # End of portfile loop
	# Echo open ports, use sed to substitute last "," for open space
	echo "OPEN PORTS: $PortsOpen" | sed 's/,$//'	
	echo "---"
done # End of hostfile loop


else
	echo "Need 2 inputs; current inputs are $1 and $2"
fi # End of if for parameters

# Sources Used:
# https://stackoverflow.com/questions/14840953/how-to-remove-a-character-at-the-end-of-each-line-in-unix
# https://opensource.com/article/18/5/you-dont-know-bash-intro-bash-arrays
# https://linuxhint.com/bash_append_array/
# https://linuxhint.com/bash_lowercase_uppercase_strings/

I also learned about the /dev/tcp file. The file “/dev/tcp/thehostip/thetcpport” is a pseudo-device file that can be used to open a TCP connection to the associated socket. A pseudo-device file is a device driver without an actual device. For example, “/dev/null” is another pseudo-device file that discards whatever is written to it.

I also worked with nmap to see how using sudo and non-sudo affects output in Wireshark. I learned about the following flags:

• -p {port} - Specify Port
• -Pn - Tells nmap to skip ping test and scan every target host provided

More flags and one-liner can be found in the Dedicated NMAP commands and techniques page.

SOURCES:

• https://tldp.org/LDP/abs/html/devref1.html
• https://lyngvaer.no/log/writing-pseudo-device-driver
• https://linuxhint.com/what_is_dev_null/
• https://nmap.org/book/port-scanning-options.html