Hi I need to check 500 servers to see if they can basically get an answer from port 8014 on a remote server 10.10.10.30.
If the host I am on is 10.10.10.20 and I want to see if it can connect to port 8014 on host 10.10.10.30 I would normally use telnet to find the answer:
Telnet 10.10.10.30 8014
I will get an answer if it can connect or a time out if I can not…
Is there a way to do this using native IEM scripting
If you have an application actively trying to connect (Symantec client is running, for instance) you can check its connection status with something like
exists sockets whose (remote port of it = 443 and established of tcp states of it and exists remote address whose (it as string = "192.168.1.1") of it) of network
Of course, if that newly edited above relevance fails, that doesn’t mean a remote client can’t connect, it just means it is not currently connected.
i’d definitely suggest an analysis to really deep dive into many of these possibilities so you can figure out the subtitles of the specific failure or success indicators.
Instead of telnet, an option would be also to use nmap to test for the remote host/port availability (you can use the default fixlets to deploy a nmap scanpoint to distribute it on Windows and Linux systems), then you can use it in a task selecting the appropriate options depending on the protocol used by the listening host, and reducing the other discovery attempts. I’d specify the options -p8014 ( portlist) and -sT (for TCP) or -sU (for UDP sevice, depending on listening host’s behavior), and use the same analysis techniques suggested to return info about success/failure of connection, and possibly the latency of the connection. Also -Pn can help removing a ping attempt. wait nmap -Pn -sT -p8014 -oN /tmp/10101030_8014.nmap 10.10.10.30 > /dev/null
Just to complement a little more this post for further usage, recently I had the same request to verify port connection status to a destination server.
Initially I tried the nmap coming from the BES Asset Discovery as suggested by Kapax. For Linux it worked ok but for Windows it was failing to install the winpcap.
As I didn’t want to waste time figuring out what was wrong with the wincap installation I used the portquery Microsoft binary uploaded to my root servers.
Below is the task if needed:
if {version of client >= “9.0”}
parameter “GTS_HOME” = “{pathname of parent folder of data folder of client}/BESScanner-NMAP”
else
parameter “GTS_HOME” = “{pathname of parent folder of file (value of variable “BESClientConfigPath” of environment)}/BESScanner-NMAP”
endif
if {(name of operating system as lowercase contains “red hat”) or (name of operating system as lowercase contains “centos”)}
// previously need to run the task Designate Nmap Scan Point RH/CentOS
delete /tmp/10101030_8014.nmap
delete __createfile
delete /tmp/check_itm.sh
createfile until ENDOFFILE
!/bin/sh
cd {(parameter “GTS_HOME”)}
./nmap -Pn -sT -p8014 -oN /tmp/10101030_8014.nmap 10.10.10.30 > /dev/null
ENDOFFILE
move __createfile /tmp/check_itm.sh
wait chmod 755 /tmp/check_itm.sh
wait /tmp/check_itm.sh
elseif {(name of operating system as lowercase contains “win”)}
prefetch PortQry.exe sha1:6bc8bc559c80218055dcd58cc9376ea7d10babde size:143360 http://localhost:52311/Uploads/6bc8bc559c80218055dcd58cc9376ea7d10babde/PortQry.exe
parameter “standaloneSource” = “PortQry.exe”
parameter “PortQry” = "{(client folder of current site as string) & “__Download”}"
delete “{pathname of windows folder}\Temp\10101030_8014.nmap”
delete __createfile
delete “{pathname of windows folder}\Temp\check_itm.bat”
createfile until ENDOFFILE
cd “{(parameter “PortQry”)}”
{(parameter “standaloneSource”)} -n 10.10.10.30 -nr -e 8014 -l “{pathname of windows folder}\Temp\10101030_8014.nmap” > NUL
ENDOFFILE
move __createfile “{pathname of windows folder}\Temp\check_itm.bat”
waithidden “{pathname of windows folder}\Temp\check_itm.bat”
endif
The analysis will be pretty much the same:
Linux:
(if (name of operating system starts with “Linux Red Hat”) then ( exist lines whose (it contains “open” and it contains “8014”) of file “/tmp/10101030_8014.nmap” ) else ( error " " ) )
Windows:
(if (name of operating system starts with “Win”) then ( exists lines of file ((pathname of windows folder) & “\Temp\10101030_8014.nmap”) whose (it contains “TCP port 8014” AND it contains “LISTENING”) ) else ( " " ) )
@JasonWalker Hi Hope you are good, yours support really help me in renameing ATMFD.dll
Need yours support, here requirement is to telnet one ip form multiple windows computers for port 1433 & gathers the result.
What is the simplest way to do from Bigfix.
Waiting yours reply
Many thanks in advance.