Knock on a port to get service and version

0

I'm having difficulty remmebering a certain command I would use in bash that would give information about a port it would 'knock' on.

I've used ssh backdoors before so that I can access my home computer when I'm away. This worked out nicely as an alternative versus using a dns solution in response to my ISP changing my computer's IP unpredictably.

I can set up an ssh tunnel with no problems doing the following

me@home$ ssh -X -R 2222:localhost:22 me@my_server

And then using these commands to follow the tunnel back home

me@somewhere_remote$ ssh me@my_server
me@myserver password: 
me@mys_erver$ ssh -p 2222 me@localhost
me@localhost's password: 
me@home$

That all works fine and I have no issue with that whatsoever. Just illustrating my use case.

My problem, or more of an annoyance, is that I remember I used to know and use a command that would allow me to knock on a port and it would print out a single line saying what service was running on the port.

So if I was currently logged in as me@my_server I could do something like this

 me@my_server$ knock localhost:2222
 me@my_server$ OpenSSH_5.8p1

Where some command in place of 'knock' would print out the ssh version being port-forwarded to my_server.

Some commands that come to mind as possibilities include netcat, netstat, and nmap, but I can't remember which I used to get this functionality. My best guess is that it looked like

nc -p localhost:2222

But that doesn't really do anything so I must have some parameter wrong.

I've reviewed the man pages for each command thoroughly but I can't seem to find how to do this. I've grep'd through my history and can't find it since it has been too long since last using it! (I used to just do ctrl+R n___ and it would come up).

This was a very useful command, as one could check what port they were connecting to and what service was listening. I can certainly get on without it, but I have a constant nagging in my head now trying to remember what it was!

Does anyone know of such a command? I may have some of the finer details mixed up, but I remember that it did something roughly as I have explained.

Thanks for any suggestions and help!

mrchampe

Posted 2012-10-18T08:20:18.977

Reputation: 936

Answers

1

It was probably nmap.

$ nmap -sT -sV -p 80,443 www.google.com

Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-18 01:36 PDT
Nmap scan report for www.google.com (74.125.224.242)
Host is up (0.015s latency).
Other addresses for www.google.com (not scanned): 74.125.224.244 74.125.224.240 74.125.224.241 74.125.224.243
rDNS record for 74.125.224.242: lax04s08-in-f18.1e100.net
Not shown: 98 filtered ports
PORT    STATE SERVICE  VERSION
80/tcp  open  http     Google httpd 2.0 (GFE)
443/tcp open  ssl/http Google httpd 2.0 (GFE)
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.23 seconds
  • -sT is TCP scan
  • -sV is service versioning scan
  • -p is a list of ports to scan. Use -F instead to only scan common ports or neither to scan many (but not all) ports.

As always, read the manual for more.

bahamat

Posted 2012-10-18T08:20:18.977

Reputation: 5 130

I'm familiar with nmap and have used it often - but it doesn't do what I thought this utility did. However, the -sV flag for service versioning does essentially the same thing, which is nice. – mrchampe – 2012-10-21T00:20:33.573

Asked: 2012-10-18T08:20:18.977

Viewed: 186 times

Active: 2012-10-18T08:43:40.057