Please add basic portScan tool ( port scanner scan )

jo2jo · March 18, 2018, 3:57pm

Hi, I’ve been using routerOS since v 2.x (and LOVE IT), and have hundreds of mt s deployed, a feature I’m constantly in need of is even a bare-bones/basic built in port scanner:
/tool portscan (or /tool portScanner)

It doesn’t have to be powerful or advanced like nmap, nor fast, just a tool that can help admins identify/recall private IPs or other internal network uses ( ie, which ip is running the Web server on this office network? Or which ip is running the SQL Server on this network?) - this could be very helpful versus having to keep a Linux VM attached to a VPN, strictly for port scanning my internal networks when I can’t remember the private IP of a customers VNC server , and when I need to remote-in support their PC) - or which private subnet, DHCP-server provided ip (192.168..) is running XYZ service, so I can quickly set up this Dst-nat rule for them)

I’m not sure how tools like a built-in SMB server (or built in tftp/ftp server) made it into routerOS before a useful, network-centric tool like portscan ( but I’m happy to have both/all three).

Please strongly consider adding a basic (even if only TCP only, 1 port per second limit, if needed) port scan tool to ROS 7 ROS 6.X.

Thanks

honzam · March 18, 2018, 5:42pm

1

MayestroPW · March 19, 2018, 1:56am

1

emikrotik · March 26, 2018, 12:59am

1

Steveocee · March 28, 2018, 9:47am

+1 to this as well.

soulflyhigh · March 28, 2018, 10:13am

Yes, please.
+1

jspool · March 28, 2018, 4:19pm

+1 Please

boxpik · March 28, 2018, 7:36pm

+1 for such a useful tool

poizzon · April 1, 2018, 2:22pm

Will TheDude not save the situation?

jo2jo · April 1, 2018, 10:24pm

Not sure how theDude is relevant to this ( or thedude is just as relevant/irrelevant as manually running nmap outside ros ) , we are looking for a port scan utility to be added to routerOS, this way it is accessible directly from/on our various routerboards/rOSdevices directly.
Tks

vipe · May 1, 2018, 3:51pm

+1 xpon

Cal5582 · May 1, 2018, 4:44pm

+1 on this

thobias · May 2, 2018, 7:05am

Yes, this would be great to be able to identify what is a printer or a web server in a network.
Combined with a MAC-address vendor list (in winbox) to show the manufacturer of all devices.

jo2jo · July 6, 2018, 2:01pm

while i know it is wrong to " bump" your own thread, but on a weekly basis ( weekly is a bare minimum, sometimes daily basis) i need a portscan tool on ros. Its ridiculous having to look up mac-address OIDs and/or use /sys telnet port=x as a rough port scan tool to ID devices.
Often when i come into a new , existing network to begin managing (or clean up / improve) there will be a managed switch somewhere on the network (but the prior admin either has not ID’d / noted it or it has grabbed a dhcp IP like the 100s of other random client devices , wo a readable dhcp client id. Ofcourse a ros built-in portscan tool would help in this scenario tremendously ( even slowed/restricted ps tool). But incase it helps others, here is a rough work around i use. ( you will need to change the mac addresses to which ever vendor’s device you are trying to locate, i usually grab the OIDs from a website like “Wireshark · OUI Lookup Tool” (google search) and type into that site the vendor (netgear / ruckus in this case). then use linux cli tools, or an app like notepad +++ (w regex find/replace) to modify this command to paste in the list of macs.

(also note, you may need to search /ip arp if you are not using ros bridges, or this may not work at all depending upon your network layout):

(ex. to find IP of a netgear managed switch)

/int bridge host print where mac-address~"00:09:5B" || mac-address~"00:0F:B5" || mac-address~"00:14:6C" || mac-address~"00:18:4D" || mac-address~"00:1B:2F" || mac-address~"00:1E:2A" || mac-address~"00:1F:33" || mac-address~"00:22:3F" || mac-address~"00:24:B2" || mac-address~"00:26:F2" || mac-address~"00:8E:F2" || mac-address~"04:A1:51" || mac-address~"08:02:8E" || mac-address~"08:BD:43" || mac-address~"10:0D:7F" || mac-address~"10:DA:43" || mac-address~"20:0C:C8" || mac-address~"20:4E:7F" || mac-address~"20:E5:2A" || mac-address~"28:C6:8E" || mac-address~"2C:30:33" || mac-address~"2C:B0:5D" || mac-address~"30:46:9A" || mac-address~"40:5D:82" || mac-address~"44:94:FC" || mac-address~"4C:60:DE" || mac-address~"50:4A:6E" || mac-address~"50:6A:03" || mac-address~"6C:B0:CE" || mac-address~"74:44:01" || mac-address~"78:D2:94" || mac-address~"80:37:73" || mac-address~"84:1B:5E" || mac-address~"8C:3B:AD" || mac-address~"9C:3D:CF" || mac-address~"9C:D3:6D" || mac-address~"A0:04:60" || mac-address~"A0:21:B7" || mac-address~"A0:40:A0" || mac-address~"A0:63:91" || mac-address~"A4:2B:8C" || mac-address~"B0:39:56" || mac-address~"B0:7F:B9" || mac-address~"B0:B9:8A" || mac-address~"C0:3F:0E" || mac-address~"C0:FF:D4" || mac-address~"C4:04:15" || mac-address~"C4:3D:C7" || mac-address~"CC:40:D0" || mac-address~"DC:EF:09" || mac-address~"E0:46:9A" || mac-address~"E0:91:F5" || mac-address~"E4:F4:C6" || mac-address~"E8:FC:AF" || mac-address~"F8:73:94"

(find IPs of ruckus APs - i use /ip arp here just to show 2nd command option, /int bridge host print where , may work better depending upon your network layout ) :

/ip arp print where mac-address~"00:13:92" || mac-address~"00:1D:2E" || mac-address~"00:1F:41" || mac-address~"00:22:7F" || mac-address~"00:24:82" || mac-address~"00:25:C4" || mac-address~"04:4F:AA" || mac-address~"0C:F4:D5" || mac-address~"1C:B9:C4" || mac-address~"24:79:2A" || mac-address~"24:C9:A1" || mac-address~"2C:5D:93" || mac-address~"2C:C5:D3" || mac-address~"2C:E6:CC" || mac-address~"30:87:D9" || mac-address~"34:8F:27" || mac-address~"34:FA:9F" || mac-address~"38:FF:36" || mac-address~"44:1E:98" || mac-address~"50:A7:33" || mac-address~"54:3D:37" || mac-address~"58:93:96" || mac-address~"58:B6:33" || mac-address~"60:D0:2C" || mac-address~"68:92:34" || mac-address~"6C:AA:B3" || mac-address~"74:3E:2B" || mac-address~"74:91:1A" || mac-address~"84:18:3A" || mac-address~"8C:0C:90" || mac-address~"90:3A:72" || mac-address~"94:F6:65" || mac-address~"AC:67:06" || mac-address~"C0:8A:DE" || mac-address~"C0:C5:20" || mac-address~"C4:01:7C" || mac-address~"C4:10:8A" || mac-address~"D4:68:4D" || mac-address~"D4:C1:9E" || mac-address~"D8:38:FC" || mac-address~"E0:10:7F" || mac-address~"E8:1D:A8" || mac-address~"EC:58:EA" || mac-address~"EC:8C:A2" || mac-address~"F0:3E:90" || mac-address~"F0:B0:52" || mac-address~"F8:E7:1E"

(also it may help to run an /tool ip-scan of your entire subnet, before running these commands, if device you are trying to find has not pushed any traffic for awhile, and thus is not in the arp/hosts tables)

DotTest37 · September 6, 2018, 12:52am

+1 from me

dagelf · November 1, 2018, 8:19pm

Until then, here you go: (This conforms to your “it doesn’t have to be advanced” request

:for p from=1 to=65535 do={put $p;/sys telnet 192.168.1.1 port=$p}

vecernik87 · November 1, 2018, 8:39pm

@dagelf
Originally I thought you just came with miracle, but it does not really work. Firstly, it would take huge amount of time as it does not work in parallel and you have to interrupt each connection which gets established, secondly, it actually crashed my winbox and produced autosupout.rif … Not really sure what happened in there and i was unable to replicate it.

mitzone · November 26, 2018, 10:47am

+1 .

kc7aad · February 12, 2019, 3:03pm

+1 +1 +1 +1 +1 +1!!

vitich · February 17, 2019, 7:09pm

+1 pls!