Purpose

This document describe how to run a traceroute from the HIAB console to learn if a specific TCP port is open or closed on a target system.

Introduction

After using HIAB to perform a Discovery/Scan against a target the results might appear to be inaccurate with regards to what ports are expected to be open or closed on a target system.

HIAB allows you to check the status of a port on a target system from within the HIAB Console itself using the Traceroute to a host provided in Tools.

Solution

The following can be used to learn if a specific TCP port is open or closed on a target system.

  1. Open the Main menu in the HIAB console.
    HIAB Console Main Menu
  2. From the HIAB Console, select the “(T) Tools” option from the main menu.
    HIAB Console Tools Menu

  3. Next, select the “(t) Traceroute to a host” option.
  4. For the “Host:” value, type in the IP address of the target system to be tested and press Enter.
  5. For the “Enter port (none for normal traceroute):” value, type in the port number to be tested on the target system and press Enter.
    HIAB Console Traceroute

There are three potential outcomes:

  1. If the target is live and if the TCP port is open, the results of the test will be displayed almost immediately (often under two seconds) and the response times will be often under one or two milliseconds.
    Provided below is the result of testing the target IP address 10.0.0.11 of which TCP port 445 is confirmed open with the response times under one millisecond.
    HIAB Console Tracerout Live and Open

  2. If the target is live, but the TCP port is closed, the results will not be displayed for approximately 30-60 seconds after traversing all thirty hops.
    Provided below is the result of testing the target IP address 10.0.0.11 of which TCP port 22 is confirmed *not* open.
    HIAB Console Traceroute Live Closed

  3. astly, if the target system is not live, the results will be displayed within 2-5 seconds, but the response times will be above 1000 milliseconds and “!H” will be reflected in its response.
    Provided below is the result output of testing target system IP 10.0.0.200 to learn if TCP port 445 is open. In the results displayed the response times are all above 3,000 milliseconds and “!H” is reflected, which indicates the target system with IP 10.0.0.200 is *not* live.
    HIAB Console Tracerout Not Live Open

    After the trip time, some additional annotation can be printed:
    !H -host unreachable
    !N -network unreachable
    !P -protocol unreachable
    !S -source route failed
    !F -fragmentation needed
    !X -communication administratively prohibited
    !V -host precedence violation
    !C -precedence cutoff in effect
    !<num> -ICMP unreachable code <num>

    If almost all the probes result in some kind of unreachable, traceroute will give up and exit.

    Traceroute is described in more details in http://www.tin.org/bin/man.cgi?section=8&topic=tcptraceroute


    Optionally returning to the Tools menu, selecting the “(p) Ping a host” option and attempting to use Ping to test the same target also reflects its failure to respond to ICMP requests.





Copyright

© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.