strobe approximates a parallel finite state machine internally. In non-linear multi-host mode it attempts to apportion bandwidth and sockets among the hosts very efficiently. This can reap appreciable gains in speed for multiple distinct hosts/routes.

On a machine with a reasonable number of sockets, strobe is fast enough to port scan entire Internet sub domains. It is even possible to survey an entire small country in a reasonable time from a fast machine on the network backbone, provided the machine in question uses dynamic socket allocation or has had its static socket allocation increased very appreciably (check your kernel options). In this very limited application strobe is said to be faster than ISS2.1 (a high quality commercial security scanner by cklaus@iss.net and friends) or PingWare (also commercial).

-v

Verbose output.

-V

Verbose statistical output.

-m

Minimise output. Only print hostname, port tuples. Implies -d. Useful for automated output parsing.

-d

Delete duplicate entries for port descriptions. i.e use only the first definition.

-g

Disable usage of (2). On solaris 2.3 machines this causes a core dump, for reasons unknown. This behaviour is fixed with solaris 2.4. Under Linux, HP and perhaps other unix implementations, false tcp connection positives may occur when this option is activated.

-s

Statistical information describing the average of all hosts surveyed is sent to stderr on completion.

-q

Quiet mode. Don't print non-fatal errors or the (c) message.

-d

Display only the first description in the port services entry file (Cf. -B).

-o file

Direct output (but not any messages which can be affected by -q) to file.

-b number

Beginning (starting) port number.

-e number

Ending port number.

-p number

Port number if you intend to scan a single port.

-P number

Local port to bind outgoing connection requests to. (you will normally need super-user privileges to bind ports smaller than 1024)

-A address

Interface address to send outgoing connection requests from for multi-homed machines.

-t number

Time after which a connection attempt to a completely unresponsive host/port is aborted.

-n number

Use this number of sockets in parallel (defaults to 64). strobe attempts to figure out if number is greater than the quantity of available sockets at any point in time -- and if so, only use the amount found. On some UNIX implementations such as Solaris, this appears not to work correctly and you may find yourself with unusual errors such as NO ROUTE TO HOST when you hit the socket ceiling. Remember that strobe probably isn't the only process on the system desiring a socket or two. Having strobe pilfer all the spare sockets away from inetd(8) and other daemons and clients isn't such a crash hot idea, unless you want to stop all new incoming and outgoing connections.

-S file

Change the default port services description file to file. Note that if -S is not specified port services are loaded from one of strobe.services, /usr/local/lib/strobe.services, or /etc/services.

-i file

Obtain hostnames to strobe from file rather than from the command line. Note that only the first white-space separated word in each line of file is used, so one can feed in files such as /etc/hosts. If filename is '-' , stdin will be used.

-l

Probe hosts linearly (sequentially) rather than in parallel. The actual ports on each host are still checked in a parallel manner (with a parallelism of -n (defaults to 64)).

-f

Fast mode, probe only the tcp ports detailed in the port services file (see -S).

-a number

Abort and skip to the next host after ports upto to number have been probed and still no connections have occurred. Due to the parallel nature of the probing, reply packets for n+m may return before those relating to n. What this means is that ports > number may be probed. If strobe see's a connection on any one of these higher ports before its negated all possibility of a service listening on ports <= number then despite the fact that all ports up to and including number may turn out to be connectionless, strobe will `abort the abort'. This is considered optimal, if unusual behaviour.

-M

Mail a bug report, or tcp/udp port description to the current source maintainer.

strobe -n 120 -a 80 -i /etc/hosts -s -f -V -S services -o out

strobe all entries in /etc/hosts (identical ip addresses are skipped automagically) using 120 sockets in parallel, but only check the individual tcp ports mentioned in services. If we have probed up to port 80 on a host and have still not yet evidenced a connection, then skip that host. Display speed/time statistics for each host and for the totality of hosts to stderr. Place the regular output in out.

ypcat hosts | strobe -p 80 -t 2 -A 203.4.184.1 -P 53

strobe all hosts in your hosts YP/NIS-table for WWW-servers. Use a timeout of two seconds. Set the source address to the 203.4.184.1 interface. Make all connection requests appear to come from port 53 (DNS).

Julian Assange