These tools are nothing new as they were available in Snow Leopard (and I believe Leopard, just can’t check), but they are fun little tools just in case you don’t have Apple’s Xcode installed or MacPorts available on your computer.
Port Scanning with stroke
So you want to perform a port scan, but you are missing the more powerful nmap command that can be installed via MacPorts or compiled from insecure.org. In order to use the command, open Terminal and cd to the /Applications/Utilities/Network Utility.app/Contents/Resources/ directory, then type ./stoke
The help information for stoke is very short, mostly because this is a one trick pony. You can enter your address (IP or FQDN), a starting port number, and end port number, then off you go! A good port to start with is 20 and end somewhere around 10000. Yes you can go higher to 65535, but it will just take longer. So for example:
Things you can’t do for people who use nmap include fingerprinting, service information, comma separated for a select ports to scan vs. the whole spectrum. If you find a port number and are not sure what it’s used for, check the Apple kbase article Well known TCP and UDP ports used by Apple software products.
Wireless discovery with airport
The airport command is more powerful than stroke as you are able to use this for preferences setting, network scanning, or packet capturing! First let’s find the command by cd to the /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/ directory, then type
If you just typed that out… you’ll notice a long list of options for this command. More than I want to copy and paste for this post, and much more than stroke!
If you need to capture the available wireless networks that are at your current location, we’ll use the “-s” flag for scanning available Wi-Fi networks.
From my Hilton hotel, you can see there are 7 Access Points (AP) that are near my room, all with the SSID of “hhonors”. We can also see that there is one bad AP that is running on channel 4. If you were not aware, enjoy this 802.11 101 lesson only use channels 1, 6, and 11 for “g” service (“n” has more channels and are higher numbers, but that discussion is for another post. So if I connect to the “hhonors” network, how do I know which AP I really connected to. My guess would be the one with RSSI value of -50 because that is the strongs single. Think of RSSI as golf; the lower the better.
If you need to see information about your current wireless network, you can use the “-I” flag.
Once connected to “hhonors”, the “-I” flag gave me the BSSID of “0:1a:a2:82:30:10″ which matches the previous command results using the “-s” flag who’s RSSI of -50.
What else can you do with the airport command? How about this awesome list:
- Automatic Joining
- Remembering Recent Networks
- Requiring an Admin account to make changes
These options should look somewhat familiar as if you check out the System Preferences => Network => Wi-Fi you would see the same checkboxes. This gives you the option of changing your settings by SSH or a script later in time.
Wi-Fi Network Settings
Wi-Fi Network Options
Comments are closed. If you have a question concerning the content of this page, please feel free to contact me.
Oh - I had a MacTech article on exactly this a few years ago, and how to find these hidden gems:
Excellent link, thanks!