batch script required to check for firewall issues

rutgermons
rutgermons used Ask the Experts™
on
Folks

How can I build a script/batch that logs onto multiple servers and run's a telnet test for 5 different IP's?

I would like to test for firewall issues

i.e.

log onto server 1
TELNET 149.129.111.83
TELNET 149.129.111.84
TELNET 149.129.111.85
TELNET 149.129.111.86
TELNET 149.129.111.87

log onto server 2
TELNET 149.129.111.83
TELNET 149.129.111.84
TELNET 149.129.111.85
TELNET 149.129.111.86
TELNET 149.129.111.87

i would like to see the results in a log file if either successful or fail

all
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014

Commented:
#!/bin/bash


ssh user@server1 netcat -z 149.129.111.83 && echo S1 .83 telnet port OK || echo S1 .83 telnet port ERROR > out.log
ssh user@server1 netcat -z 149.129.111.84 && echo S1 .84 telnet port OK || echo S1 .84 telnet port ERROR >> out.log
ssh user@server1 netcat -z 149.129.111.85 && echo S1 .85 telnet port OK || echo S1 .85 telnet port ERROR >> out.log
ssh user@server1 netcat -z 149.129.111.86 && echo S1 .86 telnet port OK || echo S1 .86 telnet port ERROR >> out.log

ssh user@server2 netcat -z 149.129.111.83 &&  echo S2 .83 telnet port OK || echo S2 .83 telnet port ERROR >> out.log
...

Open in new window


Assumptions:

1. ssh needts to be running on server 1 and 2 and accept password less logins via kerberos or keys.
2. the tool netcat needs to be installes on both servers

Author

Commented:
thanks Andreas, will this work on windows servers?

is netcat included in the OS aready?
Top Expert 2014

Commented:
nope will not run on windows. when I hear server i assume a unixoid OS, you might get it to run with installation of cygwin on all machines, but be aware that you also need to install an ssh service which also can be a security problem if it is not cared properly with. And the cygwin things wont be automatically patched over windows update.

How to realize this on windows Ive no idea.

BTW i hope the mentioned IPs are not accessible via TELNET over the internet. Its a very bad idea.

I overlooked the category the post was filed in, as its only shown very small in the EE pages...
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
Netcat has several Windows ports, e.g. at https://eternallybored.org/misc/netcat/, so it can be used and that is my recommendation anyway.
For starting it on remote PCs PsExec from www.sysinternals.com is a good tool. The corresponding batch file looks very similar to the suggested bash script.

Best to have the server names or IPs in a text file servers.txt. Also we will use a batch file performing the test, called testtelnet.cmd. All files should be on a network share \\server\share.
@echo off
REM testtelnet.cmd - test telnet connection to 5 fixed IP addresses
pushd %~dp0
(for /L %%i in (83,1,87) do netcat -z 149.129.111.%%i >nul && echo %computername%: %%i ok || echo %computername%: %%i failed) >> result.log
popd
exit /b

Open in new window

@echo off
REM Run tests
pushd \\server\share
psexec @servers.txt -u MyUser -p MyPassword cmd /c \\server\share\testtelnet.cmd
popd

Open in new window

Note that you need to provide credentials here, otherwise psexec will not be able to access network shares.

Author

Commented:
qlermo

thanks for this, i realize I missed the ports, how do I add this to this script?

cheers
Top Expert 2014

Commented:
just add port number 23 after the IP in the netcat woild look like that:

... do netcat -z 149.129.111.%%i 23 >nul ....

rest of script remains the same. same applies to the bash script i also forgot the port numbers there.

Author

Commented:
andreas

I am getting an error:



PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

\\myhostname

'netcat' is not recognized as an internal or external command,
operable program or batch file.
'netcat' is not recognized as an internal or external command,
operable program or batch file.
cmd exited on myhostname with error code 0.
Press any key to continue . . .

how exactly do I correctly call up Netcat to run the telnet?
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
The script expects netcat to be on the same location as the batch file.
Top Expert 2014

Commented:
Netcat is not a standard windows program. You need to install it first on the machines that need to use it.

You can find it here  http://www.securityfocus.com/tools/139

Author

Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for rutgermons's comment #a40460386

for the following reason:

good
Top Expert 2014

Commented:
you should distribute the points when closing the topic to the participants according to the usefulness regarding solving your problem.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
I'm objecting,  as you selected your own comment as answer. Please make sure to use the action buttons above the comment to accept.

Author

Commented:
good

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial