Develop Reference

Unable to reach Google Compute over port 9000

I have a google compute running CentOS 7, and I wrote up a quick test to try and communicate with it over port 9000 (from my home PC) - but I'm unexpectedly getting network errors.
This happens both with my test script (which attempts to send a payload) and even with plink.exe (which I'm just using to check the port availability).
>plink.exe -v -raw -P 9000 <external_IP>
Connecting to <external_IP> port 9000
Failed to connect to <external_IP>: Network error: Connection refused
Network error: Connection refused
FATAL ERROR: Network error: Connection refused
I've added my external IP to googles firewall (https://console.cloud.google.com/networking/firewalls) and set to allow ingress traffic over port 9000 (it's the lowest priority, at 1000)
I also updated firewalld in CentOS to allow TCP traffic over the port:
Redirecting to /bin/systemctl start firewalld.service
[foo#bar ~]$ sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent
success
[foo#bar ~]$ sudo firewall-cmd --reload
success
I've confirmed my listener is running on port 9000
[foo#bar ~]$ netstat -npae | grep 9000
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1000 18381 1201/python3
By default, CentOS 7 doesn't use iptables (just to be sure, I confirmed it wasn't running)
Am I missing something?
NOTE: Actual external IP replaced with <external_IP> placeholder
Update:
If I nmap my listener over port 9000 from the CentOS 7 compute instance over a local IP, like 127.0.0.1 I get some results. Interestingly, if I make the same nmap call over the servers external IP -- nadda. So this has to be a firewall, right?
external call
[foo#bar~]$ nmap <external_IP> -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 00:33 UTC
Nmap scan report for <external_IP>.bc.googleusercontent.com (<external_IP>)
Host is up (0.00043s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 4.87 seconds
Internal Call
[foo#bar~]$ nmap 127.0.0.1 -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 04:36 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
9000/tcp open cslistener
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

In this case software running on the backend VM must be listening any IP (0.0.0.0 or ::), your's is listening to "127.0.0.1:9000" and it should be "0.0.0.0:9000".
The way to fix that it's to change the service config to listen to 0.0.0.0 instead of 127.0.0.1 .
Cheers.

nmap finding supported SSL/TLS versions when port is open but filtered

So I have a range of IPs, which I want to find out the supported TLS version on port 443.
These IPs all have port 443 open. Most of them reported the supported TLS versions simply by using the nmap --ssl-enum-script script.
Yet now I have a couple of IPs that reported the port as status "filtered".
I found out, that this is caused by a firewall blocking the scan.
So then I tried to scan it with the --script firewall-bypass script:
nmap --script firewall-bypass --script-args firewall-bypass.helper="http" <ip> -p 443 --script ssl-enum-ciphers
To get the state of the port, this works, but I still don't know which TLS versions are supported:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-02 16:07 W. Europe Daylight Time
Nmap scan report for <host> (<ip>)
Host is up (0.032s latency).
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 2.16 seconds
Having both of the scripts running at once should not be a problem. I have tested this with different ports, and it works on them -> they display the supported TLS versions.
How can I find out the supported TLS versions of these hosts?
Is there an option with nmap, or can i do it with a different programm (like powershell or something)?
Thanks for your help

Nagios & NRPE plugins Connection refused

I am facing on connection problem when I run NRPE checks from Nagios Server.. "Connection refused".
Environment :
- Nagios Server
- Linux Centos 7 Client
From Client side, seems working :
[root#client nagios]# systemctl status nrpe
? nrpe.service - Nagios Remote Program Executor
Loaded: loaded (/usr/lib/systemd/system/nrpe.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-10-13 14:06:55 GMT; 26s ago
Docs: http://www.nagios.org/documentation
Process: 4024 ExecStopPost=/bin/rm -f /var/run/nrpe/nrpe.pid (code=exited, status=0/SUCCESS)
Main PID: 4027 (nrpe)
CGroup: /system.slice/nrpe.service
+-4027 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
Oct 13 14:06:55 client systemd[1]: Started Nagios Remote Program Executor.
Oct 13 14:06:55 client systemd[1]: Starting Nagios Remote Program Executor...
Oct 13 14:06:55 client nrpe[4027]: Starting up daemon
Oct 13 14:06:55 client nrpe[4027]: Server listening on 127.0.0.1 port 5666.
Oct 13 14:06:55 client nrpe[4027]: Warning: Daemon is configured to accept command arguments from clients!
Oct 13 14:06:55 client nrpe[4027]: Listening for connections on port 5666
Oct 13 14:06:55 client nrpe[4027]: Allowing connections from: 127.0.0.1,<SERVER IP>
[root#client nagios]#
[root#client nagios]# ps aux | grep nrpe
nrpe 4027 0.0 0.0 44824 2732 ? Ss 14:06 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f
root 4135 0.0 0.0 112648 948 pts/3 S+ 14:07 0:00 grep --color=auto nrpe
[root#client nagios]#
[root#client nagios]# /usr/lib64/nagios/plugins/check_nrpe -H 127.0.0.1
NRPE v3.2.1
[root#client nagios]#
[root#client nagios]# netstat -tulpn |grep 5666
tcp 0 0 127.0.0.1:5666 0.0.0.0:* LISTEN 4027/nrpe
[root#client nagios]#
From Server Side :
[root#server var]# systemctl is-active nagios
active
[root#server var]# /usr/lib64/nagios/plugins/check_nrpe -H <CLIENT IP> -p 5666
connect to address <CLIENT IP> port 5666: Connection refused
connect to host <CLIENT IP> port 5666: Connection refused[root#server var]#
[root#server var]# telnet <CLIENT IP> 5666
Trying <CLIENT IP>...
telnet: connect to address <CLIENT IP>: Connection refused
[root#server var]# tcptraceroute <CLIENT IP> 5666
traceroute to <CLIENT IP> (<CLIENT IP>), 30 hops max, 60 byte packets
1 <CLIENT IP> (<CLIENT IP>) <rst,ack> 0.247 ms 0.248 ms 0.232 ms
[root#server var]# nmap <CLIENT IP> -Pn -p 5666
Starting Nmap 6.40 ( http://nmap.org ) at 2019-10-13 16:11 CEST
Nmap scan report for <CLIENT IP>
Host is up (0.00087s latency).
PORT STATE SERVICE
5666/tcp closed nrpe
MAC Address: 50:6B:8D:2C:70:90 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
[root#server var]#
NMAP command output is strange for me, why is it closed ?
I notice that Firewalld service are stopped for troubleshooting reasons..
It is probably more networks reasons, but I need help :)
Jeremy

The log shows the following:
Oct 13 14:06:55 client nrpe[4027]: Server listening on 127.0.0.1 port
5666.
If the server is listening on the localhost IP address (127.0.0.1), it will only be able to accept connections on port 5666 which originate on the same server. If you try to connect from a different server, the connection will fail.

try to open your ports in both client side and remote server , this problem related to security groups , try to ping command in both systems and tell me the output.

nmap, missing last mac address

when I run
sudo nmap -sn xxx.xxx.x.*
I got a list of all IPs connected to my router (xxx.xxx.x.1 is gateway),
but i've noticed that the last ip connected doesn't show the MAC address.
Why? How can i fix this?
This is my output:
Starting Nmap 7.60 ( https://nmap.org ) at 2018-04-09 18:38 CEST
Nmap scan report for xxx.xxx.x.1
Host is up (0.0029s latency).
MAC Address: xx:xx:xx:xx:xx:xx (Technicolor)
Nmap scan report for xxx.xxx.x.2
Host is up (0.00014s latency).
MAC Address: xx:xx:xx:xx:xx:xx (Prime Electronics & Satellitics)
Nmap scan report for xxx.xxx.x.3
Host is up (0.16s latency).
MAC Address: xx:xx:xx:xx:xx:xx (Espressif)
Nmap scan report for xxx.xxx.x.46
Host is up (1.1s latency).
MAC Address: xx:xx:xx:xx:xx:xx (Xiaomi Communications)
Nmap scan report for xxx.xxx.x.61
Host is up (1.4s latency).
MAC Address: xx:xx:xx:xx:xx:xx (Unknown)
Nmap scan report for xxx.xxx.x.128
Host is up (8.3s latency).
MAC Address: xx:xx:xx:xx:xx:xx (Motorola Mobility, a Lenovo Company)
Nmap scan report for xxx.xxx.x.254
Host is up.
MAC Address: xx:xx:xx:xx:xx:xx (Unknown)
Nmap scan report for xxx.xxx.x.27
Host is up.
Nmap done: 256 IP addresses (8 hosts up) scanned in 27.83 seconds
As you can see, MAC address is missing from the last host (that is my pc, from which i lunch the command)

The last IP is your scanning machine. Because it is accessed over the loopback interface, it does not have an associated MAC address. The Loopback link type does not have a physical medium, so it does not need or have a "media access control" (MAC) address. It is listed last because Nmap first scanned all the targets that used Ethernet (or similar, like WiFi) links in one group, leaving only your local address in the last group.

Controling ports on localhost

i am trying to learn socket programming with PHP but quickly ran into binding errors on ports,now my attention is diverted onto solving port issues, how do i go about fully controlling ports on my machine, what commands do i use?
sudo netcat -z -vv localhost http
localhost [127.0.0.1] 80 (http): Connection refused
my problem is i get connection refused on port 80
and when i run a port scan on my iMac i only get
netcat -v -z -n -w 1 127.0.0.1 1-1023
127.0.0.1 88 (kerberos) open
127.0.0.1 548 (afpovertcp) open
127.0.0.1 631 (ipp) open
how do i add port 80 (http) open
to that list?
any help would be appreciated thanks