digip Posted January 10, 2017 Posted January 10, 2017 (edited) So I was playing with one of my ASUS routers and scanning my home LAN with nmap from my windows box, when I realized I could scan my WAN subnet, but not see the MAC addresses of connected devices. I then logged into my router and was able to issue an arp and see what nmap had triggered in the arp table. In doing so it dawned on me, would be nice to have a port scanner built into the router, but with stock firmware and file space, OS, etc, I wasn't going to be putting nmap on there any time soon. However, ASUS has a nice little tcp utility called "tcpcheck" which takes 3 arguments. A timeout, IP address/domain name, and a port. The following is a little script I put together. It's slow, and takes a really long time if you want to scan the entire 65535 port range, but works a treat. One thing to note, if your port range you set returns nothing, check the arp at the end. If you see the IP and MAC address of the IP you scanned, this device is up, just no ports responded. Quick way to tell if an nmap scan from another host triggers an ARP in the Router's table and can confirm the node is up. #!/bin/sh ### scan.sh - an ASUS RT-AC66U Port Scanner shell script by DigiP ### This script can be used to scan internal and external addresses - Check arp afterwards too for WAN devices on same subnet ;) ### invoke with > admin@RT-AC66U:/tmp/home/root# /bin/sh ./scan.sh echo "Enter address to scan:" ### local IP address or domains. ex: 192.168.100.1 or google.com read addr port=20 ### starting port number while : do port=`expr $port + 1` tcpcheck 1 $addr:$port | grep alive if [ $port -eq 1024 ] ##change to max port to scan up to, ex: 65535 then arp | grep ether break fi done I've thrown this up on Git as well: https://github.com/digip/scan.sh but don't really plan on making any changes at the moment. There is no /dev/tcp so no way to script a faster scanner that I could find, but figured might come in handy for anyone with an ASUS router and similar utils and limited shell(no /bin/bash, only /bin/sh). Edited January 10, 2017 by digip Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.