netstr: fast port scanner, tcp dumper

p2p_network_compnetstr took off as a fast port scanner and accumulated features like tcpdump, arp traffic sniffing and passive scanning capabilities over time. If you need a quick tool for network analysis, netstr can be the one.

Features

  • IPv4 port scans with variable timers, speed hacks, a common ports list or input a range, and an isup check (bail after first successful connect).
  • Simple, but working, single port/single host ipv6 port check.
  • Fuzzy passive scanner that can counter-check inbound port connection attempts from other systems.
  • Simple tcpdump program which can also decode raw packets and accepts pcap-expressions.
  • Simple arpsniff program which can also decode raw packets and accepts pcap-expressions.

Installation

You’ll need to compile netstr from source to use it. Run the following commands on Ubuntu:

$ sudo apt-get install libpcap0.8-dev
$ git clone https://github.com/jayrfink/netstr
$ cd netstr
$ make linux
$ sudo make install

Usage

To view all the options, run:

$ netstr

Dump wlan0 traffic on port 54446:

$ sudo netstr tcpdump --if wlan0 --polls 2 port 54446
Starting capturing engine on wlan0...
Wed Mar  9 20:29:49 2016 : 192.168.1.6:54446 > 192.30.252.92:443 tcp len 52 off 16384 ttl 64 cksum 63981 seq 1572334199 ack 1143135819 win 15873
Wed Mar  9 20:29:49 2016 : 192.30.252.92:443 > 192.168.1.6:54446 tcp len 52 off 16384 ttl 52 cksum 61472 seq 1143135819 ack 1589111415 win 4352

Dump the data with decoding enabled:

$ sudo ./netstr tcpdump --decode --if wlan0 --polls 2 port 54446
Starting capturing engine on wlan0...
Wed Mar  9 20:32:50 2016 : 192.168.1.6:54446 > 192.30.252.92:443 tcp len 52 off 16384 ttl 64 cksum 62445 seq 3333941879 ack 2703416907 win 15873
Packet RECV Size: 66 Payload:
. . . . . h . . . . . . . . E . . 
4 . . @ . @ . . . . . . . . . . 
\ . . . . w . . . K . " . . . . 
> . . . . . . . . . . . 0 5 . < 
. 
Wed Mar  9 20:32:50 2016 : 192.30.252.92:443 > 192.168.1.6:54446 tcp len 52 off 16384 ttl 52 cksum 59168 seq 2703416907 ack 3350719095 win 4352
Packet RECV Size: 66 Payload:
. . . . . . . . . . . h . . E . . 
4 . . @ . 4 .   . . . . \ . . . 
. . . . . K . " . w . . . . . . 
. . . . . . . . . 5 . i 7 . . . 
.

Passive scanning (might get you blocked):

$ sudo netstr passive --if wlan0 --polls 64 --threshold 4 --extra port 22

Passive scanning with ignored address:

sudo netstr passive --if eth0 --polls 64 --threshold 4 --extra port 22 and not host 192.168.1.2

Check if a host is up:

$ netstr scan --isup 192.168.1.9

Scan a range of IPv4 addresses:

$ netstr scan --port 22-112 192.168.1.9

Rating

Features: 4/5
Usability: 4/5

On GitHub: netstr

Leave a Reply

Your email address will not be published. Required fields are marked *