netstr took off as a fast port scanner and accumulated features like tcpdump, arp traffic sniffing and passive scanning capabilities over time. If you need a quick tool for network analysis, netstr can be the one.
Features
- IPv4 port scans with variable timers, speed hacks, a common ports list or input a range, and an isup check (bail after first successful connect).
- Simple, but working, single port/single host ipv6 port check.
- Fuzzy passive scanner that can counter-check inbound port connection attempts from other systems.
- Simple tcpdump program which can also decode raw packets and accepts pcap-expressions.
- Simple arpsniff program which can also decode raw packets and accepts pcap-expressions.
Installation
You’ll need to compile netstr from source to use it. Run the following commands on Ubuntu:
$ sudo apt-get install libpcap0.8-dev $ git clone https://github.com/jayrfink/netstr $ cd netstr $ make linux $ sudo make install
Usage
To view all the options, run:
$ netstr
Dump wlan0 traffic on port 54446:
$ sudo netstr tcpdump --if wlan0 --polls 2 port 54446 Starting capturing engine on wlan0... Wed Mar 9 20:29:49 2016 : 192.168.1.6:54446 > 192.30.252.92:443 tcp len 52 off 16384 ttl 64 cksum 63981 seq 1572334199 ack 1143135819 win 15873 Wed Mar 9 20:29:49 2016 : 192.30.252.92:443 > 192.168.1.6:54446 tcp len 52 off 16384 ttl 52 cksum 61472 seq 1143135819 ack 1589111415 win 4352
Dump the data with decoding enabled:
$ sudo ./netstr tcpdump --decode --if wlan0 --polls 2 port 54446 Starting capturing engine on wlan0... Wed Mar 9 20:32:50 2016 : 192.168.1.6:54446 > 192.30.252.92:443 tcp len 52 off 16384 ttl 64 cksum 62445 seq 3333941879 ack 2703416907 win 15873 Packet RECV Size: 66 Payload: . . . . . h . . . . . . . . E . . 4 . . @ . @ . . . . . . . . . . \ . . . . w . . . K . " . . . . > . . . . . . . . . . . 0 5 . < . Wed Mar 9 20:32:50 2016 : 192.30.252.92:443 > 192.168.1.6:54446 tcp len 52 off 16384 ttl 52 cksum 59168 seq 2703416907 ack 3350719095 win 4352 Packet RECV Size: 66 Payload: . . . . . . . . . . . h . . E . . 4 . . @ . 4 . . . . . \ . . . . . . . . K . " . w . . . . . . . . . . . . . . . 5 . i 7 . . . .
Passive scanning (might get you blocked):
$ sudo netstr passive --if wlan0 --polls 64 --threshold 4 --extra port 22
Passive scanning with ignored address:
sudo netstr passive --if eth0 --polls 64 --threshold 4 --extra port 22 and not host 192.168.1.2
Check if a host is up:
$ netstr scan --isup 192.168.1.9
Scan a range of IPv4 addresses:
$ netstr scan --port 22-112 192.168.1.9
Rating
Features: 4/5
Usability: 4/5
On GitHub: netstr