Page 1 of 1

Please add basic portScan tool ( port scanner scan )

Posted: Sun Mar 18, 2018 5:57 pm
by jo2jo
Hi, I’ve been using routerOS since v 2.x (and LOVE IT), and have hundreds of mt s deployed, a feature I’m constantly in need of is even a bare-bones/basic built in port scanner:
/tool portscan (or /tool portScanner)

It doesn’t have to be powerful or advanced like nmap, nor fast, just a tool that can help admins identify/recall private IPs or other internal network uses ( ie, which ip is running the Web server on this office network? Or which ip is running the SQL Server on this network?) - this could be very helpful versus having to keep a Linux VM attached to a VPN, strictly for port scanning my internal networks when I can’t remember the private IP of a customers VNC server , and when I need to remote-in support their PC) - or which private subnet, DHCP-server provided ip (192.168..) is running XYZ service, so I can quickly set up this Dst-nat rule for them)

I’m not sure how tools like a built-in SMB server (or built in tftp/ftp server) made it into routerOS before a useful, network-centric tool like portscan ( but I’m happy to have both/all three).

Please strongly consider adding a basic (even if only TCP only, 1 port per second limit, if needed) port scan tool to ROS 7 ROS 6.X.

Thanks

Re: Please add basic portScan tool

Posted: Sun Mar 18, 2018 7:42 pm
by honzam
+ 1

Re: Please add basic portScan tool

Posted: Mon Mar 19, 2018 3:56 am
by MayestroPW
+ 1

Re: Please add basic portScan tool

Posted: Mon Mar 26, 2018 3:59 am
by emikrotik
+ 1

Re: Please add basic portScan tool

Posted: Wed Mar 28, 2018 12:47 pm
by Steveocee
+1 to this as well.

Re: Please add basic portScan tool

Posted: Wed Mar 28, 2018 1:13 pm
by soulflyhigh
Yes, please.
+1

Re: Please add basic portScan tool

Posted: Wed Mar 28, 2018 7:19 pm
by jspool
+1 Please

Re: Please add basic portScan tool

Posted: Wed Mar 28, 2018 10:36 pm
by boxpik
+1 for such a useful tool

Re: Please add basic portScan tool

Posted: Sun Apr 01, 2018 5:22 pm
by poizzon
Will TheDude not save the situation?

Re: Please add basic portScan tool

Posted: Mon Apr 02, 2018 1:24 am
by jo2jo
Will TheDude not save the situation?
Not sure how theDude is relevant to this ( or thedude is just as relevant/irrelevant as manually running nmap outside ros ) , we are looking for a port scan utility to be added to routerOS, this way it is accessible directly from/on our various routerboards/rOSdevices directly.
Tks

Re: Please add basic portScan tool

Posted: Tue May 01, 2018 6:51 pm
by vipe
+1 xpon

Re: Please add basic portScan tool

Posted: Tue May 01, 2018 7:44 pm
by Cal5582
+1 on this

Re: Please add basic portScan tool

Posted: Wed May 02, 2018 10:05 am
by thobias
Yes, this would be great to be able to identify what is a printer or a web server in a network.
Combined with a MAC-address vendor list (in winbox) to show the manufacturer of all devices.

Re: Please add basic portScan tool ( port scanner scan )

Posted: Fri Jul 06, 2018 5:01 pm
by jo2jo
while i know it is wrong to " bump" your own thread, but on a weekly basis ( weekly is a bare minimum, sometimes daily basis) i need a portscan tool on ros. Its ridiculous having to look up mac-address OIDs and/or use /sys telnet port=x as a rough port scan tool to ID devices.
Often when i come into a new , existing network to begin managing (or clean up / improve) there will be a managed switch somewhere on the network (but the prior admin either has not ID'd / noted it or it has grabbed a dhcp IP like the 100s of other random client devices , wo a readable dhcp client id. Ofcourse a ros built-in portscan tool would help in this scenario tremendously ( even slowed/restricted ps tool). But incase it helps others, here is a rough work around i use. ( you will need to change the mac addresses to which ever vendor's device you are trying to locate, i usually grab the OIDs from a website like "Wireshark · OUI Lookup Tool" (google search) and type into that site the vendor (netgear / ruckus in this case). then use linux cli tools, or an app like notepad +++ (w regex find/replace) to modify this command to paste in the list of macs.

(also note, you may need to search /ip arp if you are not using ros bridges, or this may not work at all depending upon your network layout):

(ex. to find IP of a netgear managed switch)
/int bridge host print where mac-address~"00:09:5B" || mac-address~"00:0F:B5" || mac-address~"00:14:6C" || mac-address~"00:18:4D" || mac-address~"00:1B:2F" || mac-address~"00:1E:2A" || mac-address~"00:1F:33" || mac-address~"00:22:3F" || mac-address~"00:24:B2" || mac-address~"00:26:F2" || mac-address~"00:8E:F2" || mac-address~"04:A1:51" || mac-address~"08:02:8E" || mac-address~"08:BD:43" || mac-address~"10:0D:7F" || mac-address~"10:DA:43" || mac-address~"20:0C:C8" || mac-address~"20:4E:7F" || mac-address~"20:E5:2A" || mac-address~"28:C6:8E" || mac-address~"2C:30:33" || mac-address~"2C:B0:5D" || mac-address~"30:46:9A" || mac-address~"40:5D:82" || mac-address~"44:94:FC" || mac-address~"4C:60:DE" || mac-address~"50:4A:6E" || mac-address~"50:6A:03" || mac-address~"6C:B0:CE" || mac-address~"74:44:01" || mac-address~"78:D2:94" || mac-address~"80:37:73" || mac-address~"84:1B:5E" || mac-address~"8C:3B:AD" || mac-address~"9C:3D:CF" || mac-address~"9C:D3:6D" || mac-address~"A0:04:60" || mac-address~"A0:21:B7" || mac-address~"A0:40:A0" || mac-address~"A0:63:91" || mac-address~"A4:2B:8C" || mac-address~"B0:39:56" || mac-address~"B0:7F:B9" || mac-address~"B0:B9:8A" || mac-address~"C0:3F:0E" || mac-address~"C0:FF:D4" || mac-address~"C4:04:15" || mac-address~"C4:3D:C7" || mac-address~"CC:40:D0" || mac-address~"DC:EF:09" || mac-address~"E0:46:9A" || mac-address~"E0:91:F5" || mac-address~"E4:F4:C6" || mac-address~"E8:FC:AF" || mac-address~"F8:73:94"


(find IPs of ruckus APs - i use /ip arp here just to show 2nd command option, /int bridge host print where , may work better depending upon your network layout ) :
/ip arp print where mac-address~"00:13:92" || mac-address~"00:1D:2E" || mac-address~"00:1F:41" || mac-address~"00:22:7F" || mac-address~"00:24:82" || mac-address~"00:25:C4" || mac-address~"04:4F:AA" || mac-address~"0C:F4:D5" || mac-address~"1C:B9:C4" || mac-address~"24:79:2A" || mac-address~"24:C9:A1" || mac-address~"2C:5D:93" || mac-address~"2C:C5:D3" || mac-address~"2C:E6:CC" || mac-address~"30:87:D9" || mac-address~"34:8F:27" || mac-address~"34:FA:9F" || mac-address~"38:FF:36" || mac-address~"44:1E:98" || mac-address~"50:A7:33" || mac-address~"54:3D:37" || mac-address~"58:93:96" || mac-address~"58:B6:33" || mac-address~"60:D0:2C" || mac-address~"68:92:34" || mac-address~"6C:AA:B3" || mac-address~"74:3E:2B" || mac-address~"74:91:1A" || mac-address~"84:18:3A" || mac-address~"8C:0C:90" || mac-address~"90:3A:72" || mac-address~"94:F6:65" || mac-address~"AC:67:06" || mac-address~"C0:8A:DE" || mac-address~"C0:C5:20" || mac-address~"C4:01:7C" || mac-address~"C4:10:8A" || mac-address~"D4:68:4D" || mac-address~"D4:C1:9E" || mac-address~"D8:38:FC" || mac-address~"E0:10:7F" || mac-address~"E8:1D:A8" || mac-address~"EC:58:EA" || mac-address~"EC:8C:A2" || mac-address~"F0:3E:90" || mac-address~"F0:B0:52" || mac-address~"F8:E7:1E"
(also it may help to run an /tool ip-scan of your entire subnet, before running these commands, if device you are trying to find has not pushed any traffic for awhile, and thus is not in the arp/hosts tables)

Re: Please add basic portScan tool ( port scanner scan )

Posted: Thu Sep 06, 2018 3:52 am
by DotTest37
+1 from me

Re: Please add basic portScan tool ( port scanner scan )

Posted: Thu Nov 01, 2018 10:19 pm
by dagelf
Until then, here you go: (This conforms to your "it doesn't have to be advanced" request :-)
:for p from=1 to=65535 do={put $p;/sys telnet 192.168.1.1 port=$p}

Re: Please add basic portScan tool ( port scanner scan )

Posted: Thu Nov 01, 2018 10:39 pm
by vecernik87
@dagelf
Originally I thought you just came with miracle, but it does not really work. Firstly, it would take huge amount of time as it does not work in parallel and you have to interrupt each connection which gets established, secondly, it actually crashed my winbox and produced autosupout.rif ... Not really sure what happened in there and i was unable to replicate it.

Re: Please add basic portScan tool ( port scanner scan )

Posted: Mon Nov 26, 2018 12:47 pm
by mitzone
+1 .

Re: Please add basic portScan tool ( port scanner scan )

Posted: Tue Feb 12, 2019 5:03 pm
by kc7aad
+1 +1 +1 +1 +1 +1!!

Re: Please add basic portScan tool ( port scanner scan )

Posted: Sun Feb 17, 2019 9:09 pm
by vitich
+1 pls!

Re: Please add basic portScan tool ( port scanner scan )

Posted: Mon Feb 18, 2019 9:36 am
by Kamaz
+++1

Re: Please add basic portScan tool ( port scanner scan )

Posted: Sat Mar 02, 2019 3:35 am
by jo2jo
@dagelf
Originally I thought you just came with miracle, but it does not really work. Firstly, it would take huge amount of time as it does not work in parallel and you have to interrupt each connection which gets established, secondly, it actually crashed my winbox and produced autosupout.rif ... Not really sure what happened in there and i was unable to replicate it.
(note; quote above is refering to a reply above, where a cleaver user suggests a script with a loop across all ports using /telnet port=i )

I could see this causing problems, as telnet in winbox def. was not made to work like this. (however we often use telnet on the cli as a rough, poor mans tool for a single port, port scan).

i would say the script/loop using telnet across all ports should not be used, as i have often seen some issues with telnet in winbox. (ie i often see a RB will show 100% cpu usage, only to find that profile shows either mgmt or telnet as the 100% reason. The cause/fix is that a disconnected telnet window was left open in winbox, once you close that telnet window, the cpu immediately goes back down). (i have seen this on RBs of all types and cpu power). not a big deal, but possibly the source of your RB crash/supout when running that 1 to 65555 telnet loop.

+1 - please add port scan to ros / winbox! thanks!

Re: Please add basic portScan tool ( port scanner scan )

Posted: Thu Mar 28, 2019 7:42 pm
by vili11
+1000

Re: Please add basic portScan tool ( port scanner scan )

Posted: Tue Apr 16, 2019 5:02 pm
by excession
yep + another 1

Re: Please add basic portScan tool ( port scanner scan )

Posted: Fri May 10, 2019 1:13 am
by jo2jo
+1 (for own post), 2x times this week different customers needed us to find a cctv DVR on their system (which is behind our mikrotik). would have been so quick via port scan x/24 for port 80 via a ROS ps tool . but instead had to setup a MT + a VPN setup on both sides and a laptop with nmap (about 20-30min, each time).

MT- we REALLY need even a single port at a time, port scanner. pls! (i say single port at a time, as there was a menton of abuse of a portscan tool, while i disagree with this concern, even a single port at a time would address that concern, and still be very useful)

thanks!

Re: Please add basic portScan tool ( port scanner scan )

Posted: Sun May 19, 2019 10:52 pm
by EvgeniyV
+1 it would be very useful

Re: Please add basic portScan tool ( port scanner scan )

Posted: Mon May 20, 2019 6:36 am
by vecernik87
... 2x times this week different customers needed us to find a cctv DVR on their system (which is behind our mikrotik). would have been so quick via port scan x/24 for port 80 via a ROS ps tool . but instead had to setup a MT + a VPN setup on both sides and a laptop with nmap (about 20-30min, each time). ...
You could just make scan in TheDude and have results in no time. If you do this more than once per year, it is definitely worth it.

Re: Please add basic portScan tool ( port scanner scan )

Posted: Tue May 21, 2019 7:32 am
by jo2jo
You could just make scan in TheDude and have results in no time. If you do this more than once per year, it is definitely worth it.
That is interesting idea, but when we often need to do this, its on random customers/routers , so using dude as a "port scan" tool, would take a fair amount of setup (and a router reboot/downtime - ie install dude pkg + configure it) just to do a portscan, one time.

tks

Re: Please add basic portScan tool ( port scanner scan )

Posted: Thu Jul 11, 2019 1:46 pm
by gotsprings
Bump.

This sounds like what I am trying to do.

I want to know if a device service is still running. Like checking a printer if 9100 is responding.

In my case I have a device that responds to pings.
Webserver works.
But a service on 51510 stops responding as confirmed by Digital Loggers autoping against a TCP Port or Domotz Eyes.

Re: Please add basic portScan tool ( port scanner scan )

Posted: Thu Jul 11, 2019 10:01 pm
by ziegenberg
Hi!
I want to know if a device service is still running. Like checking a printer if 9100 is responding.

In my case I have a device that responds to pings.
Webserver works.
But a service on 51510 stops responding as confirmed by Digital Loggers autoping against a TCP Port or Domotz Eyes.
If you know the port, use
/system telnet host port
.

Re: Please add basic portScan tool ( port scanner scan )

Posted: Thu Jul 11, 2019 10:10 pm
by ziegenberg
Hi!
while i know it is wrong to " bump" your own thread, but on a weekly basis (weekly is a bare minimum, sometimes daily basis) i need a portscan tool on ROs. It's ridiculous having to look up mac-address OIDs and/or use /sys telnet port=x as a rough port scan tool to ID devices.
... </snip>
For mac vendor look-up have a look at the scripts of eworm. He has a function called GetMacVendor in his global-functions file. I guess, you need to go through the setup of his scripts for it to work, but the are really great anyway: https://gitlab.com/eworm-de/routeros-scripts
Maybe you can come up with some new scripts for your port and network scanning. Use his repository of scripts as a source of inspiration.

Re: Please add basic portScan tool ( port scanner scan )

Posted: Sun Jul 21, 2019 9:32 pm
by JAza
+100

Basic need for networks we don't have a VPN into but need to troubleshoot/scan if a particular service is up or identify services running on the network.

It doesn't have to be nmap. Just some basic port open/closed/filtered logic in a loop.

PLEASE.

Re: Please add basic portScan tool ( port scanner scan )

Posted: Sun Nov 10, 2019 4:50 pm
by zeek01
+1

It would be a useful tool for remote network testing