Implement a port scanner using `/dev/tcp` and timeout handling

Blog Article: Building a Simple Port Scanner Using `/dev/tcp` in Linux Bash

Introduction

Linux offers an array of powerful tools for network operations, one of which is the lesser-known pseudo-device /dev/tcp. This tool can be used directly from the Bash shell to interact with TCP sockets. In today's post, we will explore how to implement a basic port scanner using /dev/tcp and handle connection timeouts to make the script more efficient and user-friendly.

Q&A on Implementing a Port Scanner with `/dev/tcp` and Timeout Handling

Q1: What is /dev/tcp and how does it work? A1: /dev/tcp is a pseudo-device in Linux, which is part of the Bash shell's built-in mechanisms. It allows you to open a connection to a specific TCP port on a host. You can use it to check if the port is open by redirecting output or input to this device. If the connection is established, the port is open; if not, the port is closed or blocked.

Q2: Why use /dev/tcp for a port scanner? A2: Using /dev/tcp for building a port scanner is beneficial because it does not require any external tools or libraries, making it a bash-native method especially useful in restricted environments where installing additional software might not be possible.

Q3: How can we handle timeouts when using /dev/tcp? A3: Bash does not natively support timeouts directly within redirection. However, you can handle timeouts using the timeout command which is part of core utilities in most Linux distributions. This command allows you to run a script or a command with a specified time limit.

Simple Examples and Explanations

Before diving into building our port scanner, let’s understand some basics with /dev/tcp:

Example: Check if a Port is Open

exec 3<>/dev/tcp/www.example.com/80
if [ $? -eq 0 ]; then
    echo "Port is open."
    exec 3<&-
else
    echo "Port is closed or blocked."
fi

In this example, we try to open a file descriptor (fd 3) to www.example.com on port 80. The script checks if the command was successful using $? (exit status of the last command).

The Port Scanner Script

Now, let's combine our knowledge to create a simple port scanner:

#!/bin/bash
host=$1
start_port=$2
end_port=$3

echo "Scanning ports from $start_port to $end_port on $host"

for ((port=$start_port; port<=$end_port; port++))
do
    timeout 1 bash -c "echo > /dev/tcp/$host/$port" 2>/dev/null
    if [ $? -eq 0 ]; then
        echo "Port $port is open"
    fi
done

Usage: Run the script by passing the host and port range as arguments:

./port_scanner.sh example.com 1 100

Conclusion

The script provided demonstrates how to employ /dev/tcp in Bash to create a straightforward port scanner with timeout handling. This tool can be invaluable for sysadmins and security professionals looking to perform quick checks on open ports without the need for specialized software. While this script is a basic example, it can be expanded with additional features such as more detailed output formatting, scanning multiple hosts, or integrating with other security tools. Keep in mind, this script should be used responsibly and ethically in networks you are authorized to analyze.

Blog Article: Building a Simple Port Scanner Using /dev/tcp in Linux Bash