Summary<\/b>: Microsoft Scripting Guy, Ed Wilson, talks about creating a port scanner with Windows PowerShell.\nMicrosoft Scripting Guy, Ed Wilson, is here. The other day, I needed to access my printer. Unfortunately, after several networking changes, I did not remember the IP address of my printer. However, I did know that the printer sets up a web server. It was this web server that I needed to access so I could make some changes to the way the printer was handling default forms.\nBut dude, I did not know the IP address, and I did not want to have to rummage around in my network documentation to find the particular printer in question. So what to do? I figured it would be easier to write a port scanner. By using Windows PowerShell, this was actually a pretty simple task. I simply needed to look for a device listening on Port 80.<\/p>\nCreate a range of IP addresses<\/h2>\n
First I will admit that my solution is not the cleanest solution possible. I will also admit it is not the fastest solution possible. I think my solution might simply be useful to show something that I could do. And like I said in my introduction, it met my need at the time. Perhaps one of the cool things about Windows PowerShell is that it permits this sort of ad-hoc solution to be easily created.\nSo, I needed to create a range of IP addresses. Actually, the only range I needed to create was a range of host addresses for a class A network. Therefore, I used the range operator and created an array of numbers that go from 1 to 254. As I mentioned earlier, I am only interested in Port 80, so I assign that as a value to the variable $port<\/b>. My class A network address is 192.168.0, so I assign that as a value to the $net<\/b> variable. This is shown here:<\/p>\n
$port = 80<\/p>\n
$net = “192.168.0”<\/p>\n
$range = 1..254<\/p>\n
Note <\/b> I highly recommend using meaningful variables when you write a script—even a quick script such as this. Using the Hungarian Notation is not required, but I think that calling a port $port<\/b> certainly is. It makes the script easier to read and understand.<\/p>\nCreate the IP addresses<\/h2>\n
Now, I am going to walk through my array of numbers (1..254) and create a whole bunch of IP addresses. Of course, I will create them one at a time. After an IP address is created, I ping the address to see if it responds. If it does, I will attempt a connection to Port 80 to see if I find a web server for my printer. But first the IP address…\nTo walk through the array, I use the ForEach<\/b> command. Following the word ForEach<\/b>, I create a new variable, $r<\/b>, to hold the individual number from the array. Therefore, the first time through, $r<\/b> will be equal to 1.\nI then open a script block, and create my IP address, and store it in the variable $ip<\/b>. There are two parts to my IP address, the first part is my network address, 192.168.0, the second part is the individual number I get from my $range<\/b> of numbers. I want to put them together in order, first the $net<\/b> address followed by a period, and then the number ($r<\/b>).\nI use a format specifier to do this. “{0}.{1}”<\/b> tells Windows PowerShell to take the first value following the –F<\/b> and put it in position {0}. In this case, it is the value that is stored in the $net<\/b> variable. Next we have the “.<\/b>” And then the second thing to substitute, which goes into position {1}. This value will be the second value following the –F<\/b>, which is the value stored in the $r<\/b> variable. Here is the script that does all this:<\/p>\n
foreach ($r in $range)<\/p>\n
{<\/p>\n
$ip = “{0}.{1}” -F $net,$r<\/p>\n
After I have created my IP address, it is time to ping the remote computer. I use the Test-Connection<\/b> cmdlet to do this. I am using –Quiet<\/b> mode, and therefore it will return $true<\/b> or $false<\/b> depending on whether it receives a return. I specify a buffer size of 32, and I want to send one ping only. Then I specify the destination as the IP address stored in the $IP<\/b> variable. The command is shown here:<\/p>\n
if(Test-Connection -BufferSize 32 -Count 1 -Quiet -ComputerName $ip)<\/p>\n
{\nIf I get a return, I attempt to make a connection to Port 80. To do this, I use a .NET Framework class, TcpClient from the System.Net.Sockets assembly. The TcpClient class lets me specify a port number and an IP address. I store any returned socket in the $socket <\/b>variable. This command is shown here:<\/p>\n
{<\/p>\n
$socket = new-object System.Net.Sockets.TcpClient($ip, $port) <\/p>\n
Now I need to see if I made a connection to Port 80. To do this, I can check the Connected<\/b> <\/i>property. If I am connected to the remote socket, I print a string that the device at that IP address is listening to Port 80. I then close the connection. This script is shown here:<\/p>\n
If($socket.Connected)<\/p>\n
{<\/p>\n
“$ip listening to port $port”<\/p>\n
$socket.Close() }<\/p>\n
}<\/p>\n
}\nThat is it. I did not need to check anything else, nor do I need an ELSE<\/b> condition. I was simply looking for devices listening to Port 80. Interestingly enough, I found out that one of my switches had also set up a web server. This, I am afraid to admit, I did not know. So this also becomes a useful network security technique.\nHere is the completed script—not much to it, but it worked for me.<\/p>\n
# —————————————————————————–<\/p>\n
# Script: PoshPortScanner.ps1<\/p>\n
# Author: ed wilson, msft<\/p>\n
# Date: 02\/19\/2014 15:17:33<\/p>\n
# Keywords: Security, Networking, Tcp\/IP, Monitoring<\/p>\n
# comments: This script scans a range of IP addresses for web servers listening<\/p>\n
# to port 80. It is a useful audit tool, because there are lots of software and<\/p>\n
# devices that setup web servers for management, but that do not necessarily<\/p>\n
# inform about them.<\/p>\n
#<\/p>\n
# —————————————————————————–<\/p>\n
$port = 80<\/p>\n
$net = “192.168.0”<\/p>\n
$range = 1..254<\/p>\n
foreach ($r in $range)<\/p>\n
{<\/p>\n
$ip = “{0}.{1}” -F $net,$r<\/p>\n
if(Test-Connection -BufferSize 32 -Count 1 -Quiet -ComputerName $ip)<\/p>\n
{<\/p>\n
$socket = new-object System.Net.Sockets.TcpClient($ip, $port)<\/p>\n
If($socket.Connected)<\/p>\n
{<\/p>\n
“$ip listening to port $port”<\/p>\n
$socket.Close() }<\/p>\n
}<\/p>\n
}\nJoin me tomorrow when I will talk about more cool Windows PowerShell stuff.\nI invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\nEd Wilson, Microsoft Scripting Guy<\/b> <\/p>\n","protected":false},"excerpt":{"rendered":" Summary: Microsoft Scripting Guy, Ed Wilson, talks about creating a port scanner with Windows PowerShell. Microsoft Scripting Guy, Ed Wilson, is here. The other day, I needed to access my printer. Unfortunately, after several networking changes, I did not remember the IP address of my printer. However, I did know that the printer sets up […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[37,492,3,45],"class_list":["post-1801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-networking","tag-ports","tag-scripting-guy","tag-windows-powershell"],"acf":[],"blog_post_summary":" Summary: Microsoft Scripting Guy, Ed Wilson, talks about creating a port scanner with Windows PowerShell. Microsoft Scripting Guy, Ed Wilson, is here. The other day, I needed to access my printer. Unfortunately, after several networking changes, I did not remember the IP address of my printer. However, I did know that the printer sets up […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/1801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=1801"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/1801\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=1801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=1801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=1801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}