There are any number of scanners for finding all the hosts in a subnet that run under the Windows and Linux operating systems but nothing for VOS/STCP. The following command macro seeks to remedy that. It is a simple command macro that will ping all hosts that are specified by the range of its two arguments. However, it does not rely on a ping response to determine if the host is there or not. Instead, it looks in the ARP table for an entry that corresponds to the just pinged IP address. Even if a host does not respond to pings it will respond to the ARP request that preceeds the ping, so there is no way for the host to hide from this scan. On the other hand since the ARP table is only used for hosts on the same subnet as the module it can not be used to scan remote subnets.
The macro is single threaded and uses a two second timeout for the ping command; so the more hosts that are not on the subnet the slower the macro will execute. To scan a class C subnet (254 hosts) none of which respond to a ping will take about 12 minutes.
The results of the scan are displayed as output from the command and written to a file named scan_results.(date).(time) in the current directory.
Usage
------------------------------------- scan ----------------------------------- starting_ip_address: ending_ip_address:starting_ip_address
Notes
The macro uses attach_default_output to capture the results of the ping and arp commands so interrupting the execution of the macro may result in your terminal not displaying anything.
If the ping fails to get a response or there is no entry in the arp table the "error" results will be written to the terminal screen. This will force you to monitor the screen and press return at the pause prompts or set the terminal to no pause.
Based on the above two notes I recommend that you run the macro as a started process, i.e.
Example
start_process 'scan 172.16.1.1 172.16.1.254' d scan.out %phx_vos#m15_mas>SysAdmin>Noah_Davids>scan.out 09-02-24 07:33:51 mst Noah_Davids.CAC logged in on %phx_vos#m15 at 09-02-24 06:57:25 mst. scan 172.16.1.1 172.16.1.254 set_ready -format off scan 172.16.1.1 172.16.1.254 ping: No reply. Time Out !! arp: no mapping for 0xAC100101 ping: No reply. Time Out !! arp: no mapping for 0xAC100102 ping: No reply. Time Out !! arp: no mapping for 0xAC100103 . . . ping: No reply. Time Out !! arp: no mapping for 0xAC1001FC ping: No reply. Time Out !! arp: no mapping for 0xAC1001FD %phx_vos#m15_mas>SysAdmin>Noah_Davids>scan_results.09-02-24.06:57:25 09-02-24 0 +7:07:37 mst Scanning 172.16.1.1 - 172.16.1.254 on 09-02-24.06:57:25 172.16.1.44 00-16-97-C4-01-AB temp 10 mins 172.16.1.57 00-04-FC-01-7B-0A temp 10 mins 172.16.1.72 00-00-A8-81-51-09 temp 10 mins 172.16.1.100 00-03-47-DE-58-E1 temp 10 mins 172.16.1.101 00-03-47-0C-22-4E temp 10 mins 172.16.1.110 00-90-27-D0-C0-03 temp 10 mins 172.16.1.111 00-04-FC-01-0C-DD temp 10 mins 172.16.1.116 00-00-A8-42-52-22 temp 10 mins 172.16.1.120 00-04-FC-01-28-2B temp 10 mins 172.16.1.140 00-04-FC-01-30-DE temp 10 mins 172.16.1.203 00-00-A8-C2-86-A1 temp 10 mins 172.16.1.222 00-0C-CE-68-AE-80 temp 10 mins 172.16.1.223 00-15-C5-DA-53-27 temp 10 mins 172.16.1.224 00-1E-4A-0B-79-C0 temp 10 mins 172.16.1.232 00-E0-86-06-05-53 temp 10 mins 172.16.1.233 00-E0-86-06-05-51 temp 10 mins 172.16.1.234 00-03-47-23-35-1D temp 10 mins 172.16.1.236 00-E0-86-06-05-53 temp 10 mins 172.16.1.240 00-50-04-D6-68-53 temp 10 mins 172.16.1.251 00-60-CF-49-1C-00 temp 7 mins 172.16.1.254 00-00-EF-04-D0-10 temp 10 mins Process finished.
More Notes
The ARP cache timeout under STCP is 10 minutes. If the timer is less than 10 minutes you know that the host has communicated with the module prior to the scan.
scan.cm
& scan starts here & & Version 0.00 09-02-24 & Version 0.10 10-11-26 Added disclaimer & noah.davids@stratus.com & & The latest version of this macro and documentation can be found at & http://noahdavids.org/self_published/host_scanner_for_STCP.html & & This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY & SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES & OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer & applies, despite any verbal representations of any kind provided by the & author or anyone else. & & &begin_parameters START_IP starting_ip_address:string,req END_IP ending_ip_address:string,req &end_parameters & & & make sure extraneous stuff isn't echoed into the results file &if (process_type) = 'batch' &then &do set_ready -format off &echo no_command_lines &end & & & because I always redisplay the arguments display_line scan &START_IP& &END_IP& & & & parse the dotted decimal IP address into an integer &set_string X &START_IP& &set L (index &X& '.') &set_string X1 (substr &X& 1 (calc &L& - 1)) &if (length A&X1&) = 1 &then &goto MISSING_OCTET &if &X1& > 255 &then &goto OCTET_ERROR &set START &X1& &set_string X (substr &X& (calc &L& + 1)) &if (length A&X&) = 1 &then &goto MISSING_OCTET &set L (index &X& '.') &set_string X1 (substr &X& 1 (calc &L& - 1)) &if (length A&X1&) = 1 &then &goto MISSING_OCTET &if &X1& > 255 &then &goto OCTET_ERROR &set START (calc (calc &START& * 256) + &X1&) &set_string X (substr &X& (calc &L& + 1)) &if (length A&X&) = 1 &then &goto MISSING_OCTET &set L (index &X& '.') &set_string X1 (substr &X& 1 (calc &L& - 1)) &if (length A&X1&) = 1 &then &goto MISSING_OCTET &if &X1& > 255 &then &goto OCTET_ERROR &set START (calc (calc &START& * 256) + &X1&) &set_string X1 (substr &X& (calc &L& + 1)) &if (length A&X1&) = 1 &then &goto MISSING_OCTET &if &X1& > 255 &then &goto OCTET_ERROR &set START (calc (calc &START& * 256) + &X1&) & &set_string X &END_IP& &set L (index &X& '.') &set_string X1 (substr &X& 1 (calc &L& - 1)) &if (length A&X1&) = 1 &then &goto MISSING_OCTET &if &X1& > 255 &then &goto OCTET_ERROR &set END &X1& &set_string X (substr &X& (calc &L& + 1)) &if (length A&X&) = 1 &then &goto MISSING_OCTET &set L (index &X& '.') &set_string X1 (substr &X& 1 (calc &L& - 1)) &if (length A&X1&) = 1 &then &goto MISSING_OCTET &if &X1& > 255 &then &goto OCTET_ERROR &set END (calc (calc &END& * 256) + &X1&) &set_string X (substr &X& (calc &L& + 1)) &if (length A&X&) = 1 &then &goto MISSING_OCTET &set L (index &X& '.') &set_string X1 (substr &X& 1 (calc &L& - 1)) &if (length A&X1&) = 1 &then &goto MISSING_OCTET &if &X1& > 255 &then &goto OCTET_ERROR &set END (calc (calc &END& * 256) + &X1&) &set_string X1 (substr &X& (calc &L& + 1)) &if (length A&X1&) = 1 &then &goto MISSING_OCTET &if &X1& > 255 &then &goto OCTET_ERROR &set END (calc (calc &END& * 256) + &X1&) & & & set up the output file &set_string DATE_TIME_STAMP (date).(time) attach_default_output (process_dir)>scan_results display_line Scanning &START_IP& - &END_IP& on &DATE_TIME_STAMP& display_line display_line detach_default_output & & & loop through the IP addresses &set X &START& &while &X& <= &END& & & The commands will not an decimal integer value but they will take a & hexadecimal value. &set_string H (hexadecimal &X&) & & If the decimal value is too large the hexadecimal command function will & place a leading 0 in the string so there are 9 hexits instead of 8. There & is also a trailing "x" so a large value will end up as a 10 character & string instead of 9. The leading 0 must be removed so that subsequent & processing can deal with 2 hexits at a time. &if (length &H&) = 10 &then &set_string H (substr &H& 2) & & If the decimal value is too small the hexadecimal command function will & not place a leading 0 in string so there are only 7 hexits instead of 8. The & trailing "x" makes the string 8 characters instead of 9. A leading 0 needs & to be added. &if (length &H&) = 8 &then &set_string H 0&H& & & remove the training "x" &set_string H (rtrim &H& 'x') & & ping the IP address, not that the ping command adds "0x" to the hex string attach_default_output (process_dir)>foo ping 0x&H& -count 1 -timeout 2 detach_default_output & & We don't care what the result of the ping command was so we can reuse the & output file for the arp command output. Note again the added "0x" attach_default_output (process_dir)>foo arp 0x&H& detach_default_output & & & convert the hex string back to dotted decimal notation. This is why I & wanted the hex string to be 8 hexits long. &set_string IP1 (substr &H& 1 2) &set_string IP2 (substr &H& 3 2) &set_string IP3 (substr &H& 5 2) &set_string IP4 (substr &H& 7 2) &set_string CURRENT (calc 0&IP1&x).(calc 0&IP2&x).(calc 0&IP3&x).(calc 0&IP4&x) & & & Build the output file but looking for the dotted decimal IP address in the & ARP table output attach_default_output (process_dir)>scan_results -append display (process_dir)>foo -match &CURRENT& -no_header detach_default_output & & & Add 1 to the decimal interger to process the next IP address &set X (calc &X& + 1) &end & & & End of the loop, copy the output file from the process dir to the current & dir and give it the correct name. Also display it. copy_file (process_dir)>scan_results scan_results.&DATE_TIME_STAMP& display scan_results.&DATE_TIME_STAMP& & & & Done with the macro &return & & & Go here if one of the octets specified in the initial arguments was not & valid. &label OCTET_ERROR display_line &X1& is not a valid IP octet &return & & &label MISSING_OCTET display_line One of the IP addresses &START_IP& or &END_IP& display_line does not contain all 4 octets & & & scan stops here |