A Host Scanner for STCP

Blue Bar separator

There are any number of scanners for finding all the hosts in a subnet that run under the Windows and Linux operating systems but nothing for VOS/STCP. The following command macro seeks to remedy that. It is a simple command macro that will ping all hosts that are specified by the range of its two arguments. However, it does not rely on a ping response to determine if the host is there or not. Instead, it looks in the ARP table for an entry that corresponds to the just pinged IP address. Even if a host does not respond to pings it will respond to the ARP request that preceeds the ping, so there is no way for the host to hide from this scan. On the other hand since the ARP table is only used for hosts on the same subnet as the module it can not be used to scan remote subnets.

The macro is single threaded and uses a two second timeout for the ping command; so the more hosts that are not on the subnet the slower the macro will execute. To scan a class C subnet (254 hosts) none of which respond to a ping will take about 12 minutes.

The results of the scan are displayed as output from the command and written to a file named scan_results.(date).(time) in the current directory.

Usage

 ------------------------------------- scan -----------------------------------
 starting_ip_address:                                                           
 ending_ip_address:
starting_ip_address
The first IP address to be scanned

ending_ip_address
The last IP address to be scanned

Notes

The macro uses attach_default_output to capture the results of the ping and arp commands so interrupting the execution of the macro may result in your terminal not displaying anything.

If the ping fails to get a response or there is no entry in the arp table the "error" results will be written to the terminal screen. This will force you to monitor the screen and press return at the pause prompts or set the terminal to no pause.

Based on the above two notes I recommend that you run the macro as a started process, i.e.

Example

start_process 'scan 172.16.1.1 172.16.1.254'


d scan.out

%phx_vos#m15_mas>SysAdmin>Noah_Davids>scan.out  09-02-24 07:33:51 mst

Noah_Davids.CAC logged in on %phx_vos#m15 at 09-02-24 06:57:25 mst.
scan 172.16.1.1 172.16.1.254
set_ready -format off
scan 172.16.1.1 172.16.1.254
ping: No reply. Time Out !!
arp: no mapping for 0xAC100101
ping: No reply. Time Out !!
arp: no mapping for 0xAC100102
ping: No reply. Time Out !!
arp: no mapping for 0xAC100103
. . .
ping: No reply. Time Out !!
arp: no mapping for 0xAC1001FC
ping: No reply. Time Out !!
arp: no mapping for 0xAC1001FD

%phx_vos#m15_mas>SysAdmin>Noah_Davids>scan_results.09-02-24.06:57:25  09-02-24 0
+7:07:37 mst

Scanning 172.16.1.1 - 172.16.1.254 on 09-02-24.06:57:25


172.16.1.44          00-16-97-C4-01-AB   temp    10 mins
172.16.1.57          00-04-FC-01-7B-0A   temp    10 mins
172.16.1.72          00-00-A8-81-51-09   temp    10 mins
172.16.1.100         00-03-47-DE-58-E1   temp    10 mins
172.16.1.101         00-03-47-0C-22-4E   temp    10 mins
172.16.1.110         00-90-27-D0-C0-03   temp    10 mins
172.16.1.111         00-04-FC-01-0C-DD   temp    10 mins
172.16.1.116         00-00-A8-42-52-22   temp    10 mins
172.16.1.120         00-04-FC-01-28-2B   temp    10 mins
172.16.1.140         00-04-FC-01-30-DE   temp    10 mins
172.16.1.203         00-00-A8-C2-86-A1   temp    10 mins
172.16.1.222         00-0C-CE-68-AE-80   temp    10 mins
172.16.1.223         00-15-C5-DA-53-27   temp    10 mins
172.16.1.224         00-1E-4A-0B-79-C0   temp    10 mins
172.16.1.232         00-E0-86-06-05-53   temp    10 mins
172.16.1.233         00-E0-86-06-05-51   temp    10 mins
172.16.1.234         00-03-47-23-35-1D   temp    10 mins
172.16.1.236         00-E0-86-06-05-53   temp    10 mins
172.16.1.240         00-50-04-D6-68-53   temp    10 mins
172.16.1.251         00-60-CF-49-1C-00   temp     7 mins
172.16.1.254         00-00-EF-04-D0-10   temp    10 mins

Process finished.

More Notes

The ARP cache timeout under STCP is 10 minutes. If the timer is less than 10 minutes you know that the host has communicated with the module prior to the scan.

scan.cm

& scan starts here
&
& Version 0.00 09-02-24
& Version 0.10 10-11-26  Added disclaimer
& noah.davids@stratus.com
&
& The latest version of this macro and documentation can be found at
&    http://noahdavids.org/self_published/host_scanner_for_STCP.html                     
&
& This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY
& SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES
& OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE.  This disclaimer
& applies, despite any verbal representations of any kind provided by the
& author or anyone else.
&
&
&begin_parameters
START_IP starting_ip_address:string,req
END_IP ending_ip_address:string,req
&end_parameters
&
&
& make sure extraneous stuff isn't echoed into the results file
&if (process_type) = 'batch' &then &do
set_ready -format off
&echo no_command_lines
&end
&        
&
& because I always redisplay the arguments
display_line scan &START_IP& &END_IP&
&
&
& parse the dotted decimal IP address into an integer
&set_string X &START_IP&
&set L (index &X& '.')
&set_string X1 (substr &X& 1 (calc &L& - 1))
&if (length A&X1&) = 1 &then &goto MISSING_OCTET
&if &X1& > 255 &then &goto OCTET_ERROR
&set START &X1&
&set_string X (substr &X& (calc &L& + 1))
&if (length A&X&) = 1 &then &goto MISSING_OCTET
&set L (index &X& '.')
&set_string X1 (substr &X& 1 (calc &L& - 1))
&if (length A&X1&) = 1 &then &goto MISSING_OCTET
&if &X1& > 255 &then &goto OCTET_ERROR
&set START (calc (calc &START& * 256) + &X1&)
&set_string X (substr &X& (calc &L& + 1))
&if (length A&X&) = 1 &then &goto MISSING_OCTET
&set L (index &X& '.')
&set_string X1 (substr &X& 1 (calc &L& - 1))
&if (length A&X1&) = 1 &then &goto MISSING_OCTET
&if &X1& > 255 &then &goto OCTET_ERROR
&set START (calc (calc &START& * 256) + &X1&)
&set_string X1 (substr &X& (calc &L& + 1))
&if (length A&X1&) = 1 &then &goto MISSING_OCTET
&if &X1& > 255 &then &goto OCTET_ERROR
&set START (calc (calc &START& * 256) + &X1&)
&
&set_string X &END_IP&
&set L (index &X& '.')
&set_string X1 (substr &X& 1 (calc &L& - 1))
&if (length A&X1&) = 1 &then &goto MISSING_OCTET
&if &X1& > 255 &then &goto OCTET_ERROR
&set END &X1&
&set_string X (substr &X& (calc &L& + 1))
&if (length A&X&) = 1 &then &goto MISSING_OCTET
&set L (index &X& '.')
&set_string X1 (substr &X& 1 (calc &L& - 1))
&if (length A&X1&) = 1 &then &goto MISSING_OCTET
&if &X1& > 255 &then &goto OCTET_ERROR
&set END (calc (calc &END& * 256) + &X1&)
&set_string X (substr &X& (calc &L& + 1))
&if (length A&X&) = 1 &then &goto MISSING_OCTET
&set L (index &X& '.')
&set_string X1 (substr &X& 1 (calc &L& - 1))
&if (length A&X1&) = 1 &then &goto MISSING_OCTET
&if &X1& > 255 &then &goto OCTET_ERROR
&set END (calc (calc &END& * 256) + &X1&)
&set_string X1 (substr &X& (calc &L& + 1))
&if (length A&X1&) = 1 &then &goto MISSING_OCTET
&if &X1& > 255 &then &goto OCTET_ERROR
&set END (calc (calc &END& * 256) + &X1&)
&
&
& set up the output file
&set_string DATE_TIME_STAMP (date).(time)
attach_default_output (process_dir)>scan_results
display_line Scanning &START_IP& - &END_IP& on &DATE_TIME_STAMP&
display_line
display_line
detach_default_output
&
&
& loop through the IP addresses
&set X &START&
&while &X& <= &END&
&
& The commands will not an decimal integer value but they will take a
& hexadecimal value.
&set_string H (hexadecimal &X&)
&
& If the decimal value is too large the hexadecimal command function will
& place a leading 0 in the string so there are 9 hexits instead of 8. There
& is also a trailing "x" so a large value will end up as a 10 character
& string instead of 9. The leading 0 must be removed so that subsequent
& processing can deal with 2 hexits at a time.
&if (length &H&) = 10 &then &set_string H (substr &H& 2)
&
& If the decimal value is too small the hexadecimal command function will
& not place a leading 0 in string so there are only 7 hexits instead of 8. The
& trailing "x" makes the string 8 characters instead of 9. A leading 0 needs
& to be added.
&if (length &H&) = 8 &then &set_string H 0&H&
&
& remove the training "x"
&set_string H (rtrim &H& 'x')
&
& ping the IP address, not that the ping command adds "0x" to the hex string
attach_default_output (process_dir)>foo
ping 0x&H& -count 1 -timeout 2
detach_default_output
&
& We don't care what the result of the ping command was so we can reuse the
& output file for the arp command output. Note again the added "0x"
attach_default_output (process_dir)>foo
arp 0x&H&
detach_default_output
&
&
& convert the hex string back to dotted decimal notation. This is why I
& wanted the hex string to be 8 hexits long.
&set_string IP1 (substr &H& 1 2)
&set_string IP2 (substr &H& 3 2)
&set_string IP3 (substr &H& 5 2)
&set_string IP4 (substr &H& 7 2)
&set_string CURRENT (calc 0&IP1&x).(calc 0&IP2&x).(calc 0&IP3&x).(calc 0&IP4&x)
&
&
& Build the output file but looking for the dotted decimal IP address in the
& ARP table output
attach_default_output (process_dir)>scan_results -append
display (process_dir)>foo -match &CURRENT& -no_header
detach_default_output
&
&
& Add 1 to the decimal interger to process the next IP address
&set X (calc &X& + 1)
&end
&
&
& End of the loop, copy the output file from the process dir to the current
& dir and give it the correct name. Also display it.
copy_file (process_dir)>scan_results scan_results.&DATE_TIME_STAMP&
display scan_results.&DATE_TIME_STAMP&
&
&
& Done with the macro
&return
&
&
& Go here if one of the octets specified in the initial arguments was not
& valid.
&label OCTET_ERROR
display_line &X1& is not a valid IP octet
&return  
&
&
&label MISSING_OCTET
display_line One of the IP addresses &START_IP& or &END_IP&
display_line does not contain all 4 octets
&
&
& scan stops here



Blue Bar separator
This page was last modified on 10-11-26
mailbox Send comments and suggestions
to noad.davids@stratus.com