Windows: quickly check if all ports of your servers are open

Installation & Configuration

  1. Copy the contents of %USERPROFILE%\enLogic\IT Support - Documents\scripts_and_SW_we_build\network-health\
  2. Create a folder c:\it and paste them there
  3. Edit c:\it\config\net-status-REFERENCE.txt with the IPs and the ports you should have open. Here's an example: 
Host: 192.168.2.13      Ports: 22
Host: 192.168.2.1       Ports: 22 53 80 443
Host: 192.168.2.250     Ports: 22 80 139 443 445

Use

Just run or dot source . c:\it\bin\enl-network-health.ps1, it will highlight in RED any ports that are not open or hosts that are not responding to pings

Example output:
  • All good at first host
  • Some ports not open on 2nd host (and it responds to pings)
  • All ports closed on 3rd host and it does not respond to pings (probably disconnected or powered off)
    980342596dcb8c771f8ba32265525578.png

Linux Tool to explore a network and then use the findings to check for problems

Say you have to cut the power to a company full of servers and devices and wonder if everything will be back up after restoring power. Work like this:
  1. Save this bash file e.g. to /opt/bin/status-network
  2. Power off all non-important devices (e.g. workstations) and then use fping -g or nmap -sn to get a list of IPs that respond to pings. These should be servers, printers, access points, etc. Their IPs are expected to stay the same (that's usually true but exceptions exist -- e.g. DHCP printers).
  3. Create a reference file with these commands :
    IPS_TO_SCAN="10.2.2.1 10.2.2.2 10.2.2.3 " # <--- add all interesting IPs here*.
    PORTS_TO_SCAN="22,80,443,3389" # <--- add all interesting ports here
    nmap -T3 --disable-arp-ping -Pn --open -oG - -p $PORTS_TO_SCAN $IPS_TO_SCAN \
    | grep Ports | sed -e 's| State:.*||' -e 's|/open[^ ]*||g' -e 's| ([^)]*)||' | sort \
    > /var/log/net-status-REFERENCE.txt
  4. Run the script and it should display an all good report (no red lines)
  5. From now on every time you run this script it will print in RED any changes in pings that respond and ports that are open compared to the reference report. E.g. if a server/device stops responding to pings you'll see it. If a service that uses a TCP port stops working you'll also see it.

Notes

*: Maybe do a ping sweep to find alive hosts: 

fping -r 2 -B 2.0 -t 25 -g 192.168.0.1 192.168.1.255 2>/dev/null | grep alive | tee /tmp/alive
# and maybe remove some IPs based on this:
cat /tmp/alive | sed -e 's/ .*//' |  xargs -i nbtscan "{}" 2>/dev/null | grep '[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:'
IPS_TO_SCAN=`cat /tmp/alive | sed -e 's/ .*//'`

Also maybe use the aggressive scan of nmap to find more abou the hosts: sudo nmap -A -T4 IP.ad.DR.es

The script 

#!/bin/bash
# Check if all hosts I care about are alive
# and have expected ports open

REFERENCE_REPORT=/var/log/net-status-REFERENCE.txt

TS=$(date "+%Y-%m-%d_%H.%M.%S")
REPORT_FILE=/var/log/net-status_$TS.txt
PORTS_TO_SCAN=$(cat $REFERENCE_REPORT | sed -e 's/^.*Ports: *//' | tr ' ' \\n | sort -nu | tr \\n ',')
IPS_TO_SCAN=$(cat $REFERENCE_REPORT | sed -e 's/^[^:]*: *\([^ \t]*\).*/\1/' |sort | tr \\n ' ')

# ping all hosts to see if any of them doesn't reply
(((sleep 0.7; echo '')& ); fping $IPS_TO_SCAN 2>/dev/null && echo "" || echo "") | grep '[0-9.]* is unreachable\|$' --color

# scan used ports of all hosts to see which are open and which are not
nmap -T3 --disable-arp-ping -Pn --open -oG - -p $PORTS_TO_SCAN $IPS_TO_SCAN \
   | grep Ports | sed -e 's| State:.*||' -e 's|/open[^ ]*||g' -e 's| ([^)]*)||' | sort \
   > $REPORT_FILE

# regarding open ports compare actual results with expected results
if diff -qw $REFERENCE_REPORT $REPORT_FILE > /dev/null; then
   echo "GOOD: ports I was expecting to be open, really are! (details at $REFERENCE_REPORT)"
   rm $REPORT_FILE
else
   echo "OPEN PORTS AT SOME HOSTS ARE NOT WHAT I WAS EXPECTING"
   diff -w \
       <(sed -e 's/\t/ /g' -e 's/ */ /g' $REFERENCE_REPORT) \
       <(sed -e 's/\t/ /g' -e 's/ */ /g' $REPORT_FILE) \
       | sed -e 's/^</EXPECTED :/' \
             -e 's|>|BUT FOUND:|' \
             -e 's/^[0-9a-b].*//' \
             -e 's/^/ /' \
       | grep --color .
   echo "(if you see EXPECTED but don't see BUT FOUND it means that "
   echo "either the host is down or that there are no ports open)"
   echo ""
   echo "(see $REPORT_FILE and the reference $REFERENCE_REPORT)"
fi

Example of a REFERENCE file 

cat /var/log/net-status-REFERENCE.txt 
Host: 192.168.2.10      Ports: 135 139 445 3389
Host: 192.168.2.13      Ports: 22
Host: 192.168.2.15      Ports: 22
Host: 192.168.2.16      Ports: 80 443 9100
Host: 192.168.2.17      Ports: 22
Host: 192.168.2.18      Ports: 22
Host: 192.168.2.19      Ports: 22
Host: 192.168.2.1       Ports: 22 53 80 443
Host: 192.168.2.250     Ports: 22 80 139 443 445
Host: 192.168.2.251     Ports: 21 80 443 9100

I Attachment Action Size Date Who Comment
3b52d03c73b7ba1b10c6deedbadae8f5.pngpng 3b52d03c73b7ba1b10c6deedbadae8f5.png manage 24 K 03 Sep 2023 - 19:14 Main.NickDemou Auto-attached by ImagePlugin
980342596dcb8c771f8ba32265525578.pngpng 980342596dcb8c771f8ba32265525578.png manage 21 K 04 Sep 2023 - 06:58 Main.NickDemou Auto-attached by ImagePlugin
bc00c41f63e6205b82bcc5855a56ea38.pngpng bc00c41f63e6205b82bcc5855a56ea38.png manage 89 K 13 Jun 2022 - 10:02 Main.NickDemou Auto-attached by ImagePlugin
fd5f04cc02225303dfdc87e3d954df49.pngpng fd5f04cc02225303dfdc87e3d954df49.png manage 98 K 03 Sep 2023 - 12:40 Main.NickDemou Auto-attached by ImagePlugin
This topic: KnowledgeBase > HealthMonitoring
Topic revision: 04 Sep 2023, NickDemou
Copyright © enLogic