Matchport

The MATCHPORT command inspects network traffic for activity on the specified ports. The payload will be paused until matching traffic is found.

Options

The MATCHPORT command expects several options:

  MATCHPORT [interface] [protocol] [connection type] [port] ... [portN]

Interface

MATCHPORT requires a network interface. Typically on the Packet Squirrel this is br-lan, the virtual interface which connects the Ethernet ports.

Protocol

MATCHPORT requires a protocol to match: TCP and UDP match only connections on those protocols, while ANY matches both.

Connection type

A connection type of NEW causes MATCHPORT to only find connections which have started while it has been running. A connection type of ANY will match connections already in progress.

Ports

MATCHPORT can match any number of ports.

Return values

MATCHPORT will exit when a packet is seen on the monitored ports.

MATCHPORT will print the port pairs which caused the match (source and destination of the packet).

Experimenting

You can experiment using the MATCHPORT command live, either in the Web Shell in the web UI, or via ssh!

Examples

The most basic use of the MATCHPORT command is to halt execution of a payload until traffic is seen. This demonstration payload will disconnect the Target device if it is seen to connect to a specific port.

  #!/bin/bash 

#

NETMODE BRIDGE

MATCHPORT br-lan TCP ANY 4444

NETMODE JAIL

LED R VERYFAST

Selecting And Editing Payloads

Running Payloads

Matchport

Options link

Interface link

Protocol link

Connection type link

Ports link

Return values link

Experimenting link

Examples link