Unix Tip: Finding services on a subnet

By , ITworld.com |  Operating Systems, find, nmap


# nmap -p 23 -P0 -sT 10.3.2.0/24

Starting nmap 3.77 ( http://www.insecure.org/nmap/ ) at 2007-05-12 15:58 EDT
Interesting ports on 10.3.2.0:
PORT   STATE  SERVICE
23/tcp closed telnet

Interesting ports on router.anywhere.com (10.3.2.1):
PORT   STATE SERVICE
23/tcp open  telnet

...

Interesting ports on 10.3.2.255:
PORT   STATE  SERVICE
23/tcp closed telnet

Nmap run completed -- 256 IP addresses (256 hosts up) scanned in 15.735 seconds

Of course, that's easy enough that you hardly need a script to handle the nmap command for you. However, if you don't want to have to remember the arguments to use with nmap to make this query quick and you don't really want to see anything more than the name of each system on which the particular service is running, a script can save you time and trouble.


#!/usr/bin/perl -w
#
# Find services on a subnet:  findAppl port subnet
#                     e.g.,:  findAppl 80 10.3.2.0/24
#
# NOTE: The output we're handling looks like this:
#   Interesting ports on 10.3.2.11:
#   PORT     STATE SERVICE
#   1521/tcp open  oracle

if ( $#ARGV >= 1 ) {
    $port=$ARGV[0];
    $subnet=$ARGV[1];
} else {
    print "Please provide a port> ";
    $port=;
    print "Please provide a subnet> ";
    $subnet=;
}

@results=`nmap -p $port -P0 -sT $subnet 2> /dev/null`;

foreach (@results) {
    if ($_ =~ /Interesting/)
    {
        ($IP)=/(\d+\.\d+\.\d+\.\d+)/;
    }
    if ($_ =~ /open/)
    {
        ($SVC)=/(\S+)\s*$/;
        print "$IP $SVC\n";
    }
}

This script expects two arguments -- the port number and the IP address or subnet to be used in the probing. It will prompt for that information if it doesn't appear on the command line.

The script then runs the nmap command and stuffs the output into an array. It then looks through the data in the array, saving IP addresses in case they are relevant and printing them out when it encounters "open" in the status line. What you see, therefore, is something like this:


# ./findAppl 21 10.1.2.0/24
10.1.2.25 ftp
10.1.2.39 ftp
10.1.2.49 ftp
10.1.2.120 ftp

Nmap can be compiled from source and is distributed under the terms of the GNU General Public License. Packages are available for Solaris and many Linux distributions.




Finding services on a Subnet, part 2

 

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Operating SystemsWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness