Solved

Listener freeware that listens on multiple / a range of ports

Posted on 2013-12-07
12
440 Views
Last Modified: 2013-12-12
I have plenty of firewall rules to test.

I'm currently using WinSSHD & Udp Test tool to listen on
destination Win 2012 servers & from the source servers,
used MS Portquery to test.

Portquery is fine in that it allows me to specify a range
of Tcp+Udp ports.

However, at destination end, WinSSHD & Udp Test tool
can only bind or listen to one port at a time so this is not
productive if I have thousands of ports to test.

Q1:
Is there a tool that could verify that firewall rules have been
permitted correctly without the need to set up a listener at
the destination (as currently the Apps team haven't got the
time to install their actual apps yet) & I need to test in
advance.

Q2:
Alternatively, suggest a couple of freeware that could be set
to listen on a range of ports (or  can be selected number of
ports separated by say, commas) for Windows 2008/2012
0
Comment
Question by:sunhux
  • 7
  • 4
12 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 100 total points
Comment Utility
For packet sniffing (which is what you want here), Wireshark (wireshark.org) is free and it works. CommView (tamos.com) is a commercial packet sniffer and not free. I use the latter, but both will work.

.... Thinkpads_User
0
 

Author Comment

by:sunhux
Comment Utility
What's needed is something simple/easy-to-use  for testing
 the firewall rules.

Portqry & nmap are rather easy & not resource intensive.
I can't possibly install wireshark on a server that's going
to be production in 2 months' time & Wireshark is rather
not easy to use to test firewall rules.  Portqry doesn't
need installation & it could just run directly from disk
(without altering registry).  So can nmap but these are
tools that I'll run from the Source IP.  What I need are
tools that run on the Destination IP that listen on the
required ports : Udptest tool & WinSshd (which allows
me to specify the port to listen on) helps in my case
if it's just a small handful of ports but if there's a big
range of ports, then Udptest & WinSshd becomes
inefficient
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 400 total points
Comment Utility
You need netCat.
It is a unix took but people have ported it to work under windows.
http://nmap.org/ncat/

It listens on port(s) and dumps what it receives to the screen or a file.
0
 

Author Comment

by:sunhux
Comment Utility
Does netCat has a version that runs on the 64bit Win2012?
0
 

Author Comment

by:sunhux
Comment Utility
0
 

Author Comment

by:sunhux
Comment Utility
Unfortunately one of them only listen on Tcp port (& one
port at a time) while the other does not run on Win2008
or Win2012
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 400 total points
Comment Utility
Netcat just needs to be compiled to run on whatever platform you want.
There are a few people who have done it in 64Bit code compilers :
https://www.google.com/search?q=netcat+64+bit+windows

It has not seen much testing in the platform - but it is very stable tested platform so it shouldn't cause much of an issue.
I wouldn't run it on a live production server.... not one taking production traffic anyway.
Take a server offline and test it on that.
0
 

Author Comment

by:sunhux
Comment Utility
Ok I've seen a copy of nc64.exe that works in the zip.

Lastly, this netcat only listen on one port at a time only.
Can I run it multiple times to listen on multiple ports?
(I guess if I have hundreds of ports, I'll need to write
 a script to do this?)
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 400 total points
Comment Utility
I use the linux version - so you'll have to look it up to see if the windows one is the same (but it probably is, as they are built off the same code base)

ed:$ nc /?

This is nc from the netcat-openbsd package. An alternative nc is available
in the netcat-traditional package.
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-P proxy_username] [-p source_port]
        [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]
        [-x proxy_address[:port]] [hostname] [port[s]]

[....snip.....]

     port[s] can be single integers or ranges.  Ranges are in the form nn-mm.
     In general, a destination port must be specified, unless the -U option is
     given (in which case a socket must be specified).
0
 

Author Comment

by:sunhux
Comment Utility
Can't quite get the syntax to listen/bind on multiple ports to
work on Windows version:

D:\ncatWin7\netcat-1.11>nc -l -p 333-335 -e cmd.exe
^C
D:\ncatWin7\netcat-1.11>nc -l -p 333,335 -e cmd.exe

while netstat below only shows it listens on 1 port ie Tcp333:
D:\>netstat -an | find ":33"
  TCP    0.0.0.0:333            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING

D:\>netstat -an | find ":33"
  TCP    0.0.0.0:333            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
0
 

Author Comment

by:sunhux
Comment Utility
It appears that it's only in client mode that nc can be
made to specify a range of source ports;  in server/
listening mode, it doesn't appear to let me specify
a range of ports to listen on.

Can you verify if this is also the case for the Linux/UNIX
version of nc?
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 400 total points
Comment Utility
Ok looks like I was wrong on that (sorry).  Here is another snip from the help page :

-l      Used to specify that nc should listen for an incoming connection
             rather than initiate a connection to a remote host.  It is an
             error to use this option in conjunction with the -p, -s, or -z
             options.  Additionally, any timeouts specified with the -w option
             are ignored.

So you cannot listen on multiple ports with a single instance.
The only thing you could do would be to spawn off a different one for each port and dump the output into a separate file for each
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now