Community discussions

MikroTik App
 
Whitehawk29FR
just joined
Topic Author
Posts: 18
Joined: Thu Oct 06, 2022 12:14 pm

Missing basic features on routerOS : netstat and nmap/nc

Thu Dec 29, 2022 5:36 pm

Hello,

RouterOS is great but really missing those basic tools :
- netstat to show open ports on the routerOS itself.
- nmap or netcat to scan network/open ports from routerOS.

Please @Mikrotik team, could you add this ?

Thank you !
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3258
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Missing basic features on routerOS : netstat and nmap/nc

Thu Dec 29, 2022 7:48 pm

The issue is they don't really expose Linux userland tools. Instead the CLI model is closer to the kernel's view of networking.

I'd like say nearly all of what those Linux tools do is spread throughout various RouterOS commands.
Off the top of my head, some RouterOS indirect analog that get similar data to netstat/etc/etc:
/ip/firewall/connections
/tool/torch
/tool/traffic-generator
/tool/traffic-monitor
/interface/monitor-traffic 
# ...

Can't argue it is NOT a one-to-one map, pro/cons in their approach to Linux networking, just philosophy. ;)

IMO, it's actually the non-networking Linux tools where there aren't good options. Stuff like date, sed, awk, etc is where the lack of userland tools goes south for me – more than the lack of "lsof".
 
Whitehawk29FR
just joined
Topic Author
Posts: 18
Joined: Thu Oct 06, 2022 12:14 pm

Re: Missing basic features on routerOS : netstat and nmap/nc

Mon Jan 02, 2023 6:09 pm

Hello,

Firewall connections do not show you open ports if there is no connection ..
Traffic Generator looks complicated compared to simple nmap ..

:/
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3258
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Missing basic features on routerOS : netstat and nmap/nc

Mon Jan 02, 2023 7:29 pm

It's just different. And pointing out there is a long list of "missing commands" with slow progress from 2018: viewtopic.php?t=131692

Now if your trying to scan other hosts, you can use a container on ARM-based Mikrotik with "nmap", "nc" or whatever, that might help some here.

"netstat" is tricker... Certainly no "netstat -l" – since you're right someone does have to connect to see if it's open connection... Now I guess "nmap" from a container could find all the open ports on the Mikrotik ;).
 
pe1chl
Forum Guru
Forum Guru
Posts: 10196
Joined: Mon Jun 08, 2015 12:09 pm

Re: Missing basic features on routerOS : netstat and nmap/nc

Mon Jan 02, 2023 7:29 pm

Many MikroTik routers have only 16MB of flash. "simple nmap" takes about 1.8MB of space. Choices have to be made.
(of course it would be nice when some niche packages are made available as optional packages by MikroTik, but probably they have other things to do)
 
r00t
Long time Member
Long time Member
Posts: 672
Joined: Tue Nov 28, 2017 2:14 am

Re: Missing basic features on routerOS : netstat and nmap/nc

Mon Jan 02, 2023 8:31 pm

Not having full nmap due to size constrains is understandable.
But simple port scanner is such a basic troubleshooting tool it really should be included in basic ROS. Nothing fancy, just regular SYN scan of list or port ranges.
Port scanner tool have been requested over and over again, just see the older topic: viewtopic.php?t=132110
As for netcat, there is /system telnet client that can be somewhat useful for checking open ports, but it's not replacement for port scanner.
 
Whitehawk29FR
just joined
Topic Author
Posts: 18
Joined: Thu Oct 06, 2022 12:14 pm

Re: Missing basic features on routerOS : netstat and nmap/nc

Mon Jan 09, 2023 12:49 pm

/system telnet can only show tcp port and not udp ..
 
Marcinp2
just joined
Posts: 1
Joined: Sat Dec 16, 2023 11:37 pm

Re: Missing basic features on routerOS : netstat and nmap/nc

Sat Dec 16, 2023 11:56 pm

Hello

I would like to send UDP packet to the device and of course get a response. All through scripts.
Natively this can be done with netcat, for e.g.:

echo -e "\xF1\x2F\x3F\x4F" | nc -4u -w1 127.0.0.1 18000

Netcat will not be supported but maybe this feature could be added to /tool fetch?

@Mikrotik team, I'd like to add this to wish list.
Last edited by Marcinp2 on Sun Dec 17, 2023 12:00 am, edited 1 time in total.
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Missing basic features on routerOS : netstat and nmap/nc

Sun Dec 17, 2023 1:24 pm

@Marcinp2 There is a Traffic Generator tool from which you can send packets by loading PCAP file which can be used for this or create packet stream in that tool with packet template for each byte.

Who is online

Users browsing this forum: Ahrefs [Bot], akakua, Google [Bot], sebus46, sindy, VinceKalloe and 96 guests