I couldn't find anything existing to lookup a specific TCP/UDP port, so
I quickly created some messy bash functions. What I wanted is to have a
simple command to lookup a specific TCP/UDP Port, and also to lookup a
MAC-address -> manufacturer.
script
In order to get this thing working, put this in your .bashrc in your homedirectory / /etc directory.
``` {.lang:sh .decode:true} function plookup { grep -hE "(^|\s)+$1(/|\s)+" ~/data/lookup/tcp_* }
function mlookup { MAC=$(echo $1 | sed 's/://g' | sed 's/-//g') grep -ih -B1 -A4 "$MAC" ~/data/lookup/oui.txt }
and additionally you need some files in \~/data/lookup/. In my case I've
got the [oui.txt](http://standards.ieee.org/develop/regauth/oui/oui.txt)
for the MAC addresses, and three individuals for the TCP/UDP ports. For
the portlists I've used the data of the three links posted below (nmap,
networkuptime, wikipedia), and simply copied the relevant part into
simple textfiles.
output
======
Finally you can use it like that:
``` {.lang:default .highlight:0 .decode:true}
|| user@workstation~ || plookup 3128
ndl-aas 3128/tcp Active API Server Port
ndl-aas 3128/udp Active API Server Port
squid-http 3128/tcp 0.004516
3128 Reverse WWW Tunnel Backdoor , RingZero
3128 TCP HTTP used by Web caches and the default for the Squid cache Unofficial
3128 TCP HTTP used by Tatsoft as the default client connection Unofficial
|| user@workstation~ || mlookup 00-0c-29
00-0C-29 (hex) VMware, Inc.
000C29 (base 16) VMware, Inc.
3401 Hillview Avenue
Palo Alto CA 94304
UNITED STATES
links
Let me know if you have questions!
Cheers,
Raphi