Saturday, July 9, 2022

TCP Connectivity testing tools

Here we gonna discuss several tools to test the TCP Connection, their pros and cons.
Many of you might thing OK telnet, curl and nc, what you wanna discuss.
Well you are not always granted rights to install and some tools migth not be installed.
In other cases you want to be able to run in loop which with telnet would be problematic.
All the knowledge described below are used in my test_tcp script you can find here: test_tcp

So let's see:

telnet

Starting with telnet. This is most used and example bellow clearly shows the usage.
However, telnet is not installed in most modern linux systems.

root@judo:/media/nas# telnet 10.0.0.101 21
Trying 10.0.0.101...
telnet: Unable to connect to remote host: No route to host
root@judo:/media/nas# telnet 10.0.0.33 23
Trying 10.0.0.33...
telnet: Unable to connect to remote host: Connection refused
root@judo:/media/nas# telnet 10.0.0.33 22
Trying 10.0.0.33...
Connected to 10.0.0.33.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.0
^C

Howevet even it's not trivial it can be used in scripts.

g33k@judo:~$ echo -n '\035\nquit' | timeout 5 telnet 10.0.0.33 22
Trying 10.0.0.33...
Connected to 10.0.0.33.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.0
Connection closed by foreign host.
g33k@judo:~$ echo -n '\035\nquit' | timeout 5 telnet 10.0.0.33 23
Trying 10.0.0.33...
telnet: Unable to connect to remote host: Connection refused

curl

cURL is designed as command line network swiss knife. Support lots of protocols and let you download upload files via or work with APIs.
It also supports telnet protocol se we can use it to test connectivity.
It's also installed in most modern linux systems so the only problem is again that it's problematic to use it non-interactivelly in script (mainly to figure success).

root@judo:/media/nas# curl telnet://10.0.0.101:21
curl: (7) Failed to connect to 10.0.0.101 port 21: No route to host
root@judo:/media/nas# curl telnet://10.0.0.33:23
curl: (7) Failed to connect to 10.0.0.33 port 23: Connection refused
root@judo:/media/nas# curl telnet://10.0.0.33:22
SSH-2.0-OpenSSH_8.0
^C

nc(netcat)

Netcat is also known as hackers network swiss knife. But it's not installed by default in most systems and because of it usage as part of the reverse shalls and backdoors is not allowed to be installed by security teams. So even if you can install it might disapear from system sooner or later.
However it's perfect for use in scripts, It's easy non interactive an give you nice error message.

root@judo:/media/nas# nc -z -v -n 10.0.0.33 23
(UNKNOWN) [10.0.0.33] 23 (telnet) : Connection refused
root@judo:/media/nas# nc -z -v -n 10.0.0.101 23
(UNKNOWN) [10.0.0.101] 23 (telnet) : No route to host
root@judo:/media/nas# nc -z -v -n 10.0.0.101 22
(UNKNOWN) [10.0.0.101] 22 (ssh) open

bash

Newer versions of bash have this in-build feature which you can be used to test TCP connectivity, it's also cool because it's non interactive and perfect for scripts.
So what is the problem, well bash is consider non POSIX and hence some poorist remove it from the system, such example might be some debian distros, or debian based embedded systems and appliances.

timeout $TIMEOUT_SECONDS bash -c "cat < /dev/null > /dev/tcp/${TEST_HOST}/${PORT}" &> /dev/null
echo $?
root@judo:/media/nas#  timeout 5 bash -c "cat < /dev/null > /dev/tcp/10.0.0.33/23" &> /dev/null
root@judo:/media/nas# echo $?
1
root@judo:/media/nas#  timeout 5 bash -c "cat < /dev/null > /dev/tcp/10.0.0.33/22" &> /dev/null
root@judo:/media/nas# echo $?
0

openssl

What? Yes we can use openssl client to check connectivity. Because if you are checking ssl well first you need to connect.
And even though there is no SSL at destination port, well it tells you CONNECTED or give error as you can see in examples below.
Also you find it installed in most of the systems.
So with bit of redirections and grep you have noninteractive TCP tester which can be used in scripts.

root@judo:/media/nas# openssl s_client -verify_return_error -connect 10.0.0.101:9997 &> >(grep -E "connect:errno|CONNECTED")
CONNECTED(00000003)
root@judo:/media/nas# openssl s_client -verify_return_error -connect 10.0.0.101:21 &> >(grep -E "connect:errno|CONNECTED")
connect:errno=113
root@judo:/media/nas# openssl s_client -verify_return_error -connect 10.0.0.33:23 &> >(grep -E "connect:errno|CONNECTED")
connect:errno=111

Examples:

root@judo:/media/nas# openssl s_client -verify_return_error -connect 10.0.0.101:9997
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
root@judo:/media/nas# openssl s_client -verify_return_error -connect 10.0.0.33:23
140043327092032:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:110:
140043327092032:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=111
root@judo:/media/nas# openssl s_client -verify_return_error -connect 10.0.0.101:21
140261272417600:error:02002071:system library:connect:No route to host:../crypto/bio/b_sock2.c:110:
140261272417600:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=113

wget

Oh so if I can use openssl to test tcp connectivity then I can use basically any program which is using tcp protocol and havecan run without need of user intervention, right?
Yes sure, wget will tell you it can connect but have not index.html when you test connectivity, but you know TCP connectivity to port 22 is fine.

root@judo:/media/nas# wget -t 1 http://10.0.0.33:22
--2022-07-09 10:48:42--  http://10.0.0.33:22/
Connecting to 10.0.0.33:22... connected.
HTTP request sent, awaiting response... 200 No headers, assuming HTTP/0.9
Length: unspecified
Saving to: ‘index.html.2’

index.html.2                                             [ <=>                                                                                                                ]      57  --.-KB/s    in 0s

2022-07-09 10:48:42 (2.13 MB/s) - Read error at byte 57 (Connection reset by peer).Giving up.

root@judo:/media/nas# wget -t 1 http://10.0.0.33:23
--2022-07-09 10:49:16--  http://10.0.0.33:23/
Connecting to 10.0.0.33:23... failed: Connection refused.
root@judo:/media/nas# wget -t 1 http://10.0.0.101:21
--2022-07-09 10:49:22--  http://10.0.0.101:21/
Connecting to 10.0.0.101:21... failed: No route to host.
root@judo:/media/nas#

Saturday, December 14, 2019

Excel Add-ins with User defined functions

Excel Add-ins with User defined functions


Excel allows to create User defined function which work same way as those in-build functions/formulas. For example if you want to get just hostname from FQDN it's easy you can do this:
=Left(A1, InStr(A1, ".") - 1)
The problem is when you need to do it more often it's easier to create function like below and just used =Hostname(A1)

Function Hostname(FQDN As Variant) As Variant
    Hostname = Left(FQDN, InStr(FQDN, ".") - 1)
End Function

Even better example happend to me recently. I've got the IP in log but it was in reverse order so I need to reverse it back (140.255.15.10 to 10.15.255.140) and compare to list to figure which devices are logging and which not. It's easy you split data, delimited by dot, and do =concat(D1,".",C1,".",B1,".",A1) when I done this for 3rd time I decide it's case for UDF. And as I was creaitng reverseIP(IP) function I decide I can create whole set of network related functions.
Here you have it, I hope you will like it. https://github.com/kindljiri/Excel-Add-Ins-and-Macros
You'll find two files there xlam which is excel add-in and bas which is VBA code for the same in case you don't trust my xlam.
Below is how you can create your Add-in, you can copy my code and paste it in.

Creating Add-in


Open New Excel
Go To developers Tab
Open Visual Basic

Write you functions.
the variable with same name as function have to be assigned some value. That will be then displayed as result. For example:
Function ReverseIP(text As Variant) As Variant
  Octets = Split(text, ".")
  ReverseOctets = Array(Octets(3), Octets(2), Octets(1), Octets(0))
  ReverseIP = Join(ReverseOctets,".")
End Function

You can use then this function as any other excel function/formula
=reverseIP(A1)

Save Add-in


To save Add-in go in
Excel to Save As (pick any folder)
As format choose Excel Add-in (*.xlam) it will change the folder to default folder from which Excel is loading Add-ins
Remember to activate the plugin to be able to use functions inside.


Activate Add-in


Go to Developer tab and Click on Excel Add-ins check the Add-in which you wanna activate.


Install Add-In


Just copy the Add-in file *.xlam into C:\Users\G33k\AppData\Roaming\Microsoft\AddIns
And Activate it.