Check to see if a server can connect to a port on a remote host (windows)

Hi I need to check 500 servers to see if they can basically get an answer from port 8014 on a remote server

If the host I am on is and I want to see if it can connect to port 8014 on host I would normally use telnet to find the answer:
Telnet 8014

I will get an answer if it can connect or a time out if I can not…
Is there a way to do this using native IEM scripting

You could run a task that would do this and output the result to a file, then use an analysis to read the results

1 Like

If you have an application actively trying to connect (Symantec client is running, for instance) you can check its connection status with something like

exists sockets whose (remote port of it = 443 and established of tcp states of it and exists remote address whose (it as string = "") of it) of network

checking only the existence of a remote port wouldn’t ensure the other end can connect, but this is definitely a smart first-step.

Quite right, see my edit above to verify the Established state and correct remote IP address.

1 Like

Good stuff.

Of course, if that newly edited above relevance fails, that doesn’t mean a remote client can’t connect, it just means it is not currently connected.

i’d definitely suggest an analysis to really deep dive into many of these possibilities so you can figure out the subtitles of the specific failure or success indicators.

If you wanted to do it your original Telnet way…

Create a Task:

not exists file "/tmp/10101030-8014check"

runhidden Telnet 8014 > "/tmp/10101030-8014check"

I don’t know what Telnet outputs but you’d just write an analysis that differentiates between success and failure

Property: Can Connect to
exists (lines of file "/tmp/10101030-8014check") whose (it contains "Connected to")

1 Like

Instead of telnet, an option would be also to use nmap to test for the remote host/port availability (you can use the default fixlets to deploy a nmap scanpoint to distribute it on Windows and Linux systems), then you can use it in a task selecting the appropriate options depending on the protocol used by the listening host, and reducing the other discovery attempts. I’d specify the options -p8014 ( portlist) and -sT (for TCP) or -sU (for UDP sevice, depending on listening host’s behavior), and use the same analysis techniques suggested to return info about success/failure of connection, and possibly the latency of the connection. Also -Pn can help removing a ping attempt.
wait nmap -Pn -sT -p8014 -oN /tmp/10101030_8014.nmap > /dev/null

should produce a file like:

Nmap 6.47 scan initiated Thu Jul 16 23:20:39 2015 as: nmap -Pn -sT -p8014 -oN /tmp/pio.nmap

Nmap scan report for
Host is up (0.11s latency).
8014/tcp closed unknown

Nmap done at Thu Jul 16 23:20:39 2015 – 1 IP address (1 host up) scanned in 0.23 seconds

and your analysis relevance will sound like:
exist lines whose (it contains open and it contains 8014) of file “/tmp/10101030_1084.nmap”

This technique will also allow you to identify with a single task other ports/hosts if you need to, and will not depend on telnet tcp timeout

1 Like

Just to complement a little more this post for further usage, recently I had the same request to verify port connection status to a destination server.
Initially I tried the nmap coming from the BES Asset Discovery as suggested by Kapax. For Linux it worked ok but for Windows it was failing to install the winpcap.
As I didn’t want to waste time figuring out what was wrong with the wincap installation I used the portquery Microsoft binary uploaded to my root servers.
Below is the task if needed:

if {version of client >= “9.0”}
parameter “GTS_HOME” = “{pathname of parent folder of data folder of client}/BESScanner-NMAP”
parameter “GTS_HOME” = “{pathname of parent folder of file (value of variable “BESClientConfigPath” of environment)}/BESScanner-NMAP”

if {(name of operating system as lowercase contains “red hat”) or (name of operating system as lowercase contains “centos”)}
// previously need to run the task Designate Nmap Scan Point RH/CentOS
delete /tmp/10101030_8014.nmap
delete __createfile
delete /tmp/
createfile until ENDOFFILE


cd {(parameter “GTS_HOME”)}
./nmap -Pn -sT -p8014 -oN /tmp/10101030_8014.nmap > /dev/null
move __createfile /tmp/
wait chmod 755 /tmp/
wait /tmp/
elseif {(name of operating system as lowercase contains “win”)}
prefetch PortQry.exe sha1:6bc8bc559c80218055dcd58cc9376ea7d10babde size:143360 http://localhost:52311/Uploads/6bc8bc559c80218055dcd58cc9376ea7d10babde/PortQry.exe
parameter “standaloneSource” = “PortQry.exe”
parameter “PortQry” = "{(client folder of current site as string) & “__Download”}"
delete “{pathname of windows folder}\Temp\10101030_8014.nmap”
delete __createfile
delete “{pathname of windows folder}\Temp\check_itm.bat”
createfile until ENDOFFILE
cd “{(parameter “PortQry”)}”
{(parameter “standaloneSource”)} -n -nr -e 8014 -l “{pathname of windows folder}\Temp\10101030_8014.nmap” > NUL
move __createfile “{pathname of windows folder}\Temp\check_itm.bat”
waithidden “{pathname of windows folder}\Temp\check_itm.bat”

The analysis will be pretty much the same:

(if (name of operating system starts with “Linux Red Hat”) then ( exist lines whose (it contains “open” and it contains “8014”) of file “/tmp/10101030_8014.nmap” ) else ( error " " ) )

(if (name of operating system starts with “Win”) then ( exists lines of file ((pathname of windows folder) & “\Temp\10101030_8014.nmap”) whose (it contains “TCP port 8014” AND it contains “LISTENING”) ) else ( " " ) )

1 Like

@JasonWalker Hi Hope you are good, yours support really help me in renameing ATMFD.dll
Need yours support, here requirement is to telnet one ip form multiple windows computers for port 1433 & gathers the result.
What is the simplest way to do from Bigfix.
Waiting yours reply
Many thanks in advance.