When attempting to diagnose why a specific target cannot be scanned, we can query the database to discover the results of connection attempts for that target. It is useful to filter on connection date as well as IP address if the target has had multiple scan attempts.
First, get the results of the Port Scan (where we attempt to find open ports on the target)
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
SELECT ch.IPAddress
, o.Name as Outcome
, p.Name as Protocol
, ch.Port
, Message
, convert(date,ch.AttemptDate) as DateAttempted
FROM history.t_ConnectionHistory ch
INNER JOIN config.t_Outcome o ON o.OutcomeID = ch.OutcomeID
INNER JOIN config.t_Protocol p ON ch.ProtocolID = p.ProtocolID
WHERE
-- Protocol 14 is called "TCP" and is the port scan
p.Name = 'TCP'
AND
-- == Customize These == --
IPAddress ='192.168.5.7'
AND
CONVERT(date,ch.AttemptDate)='YYYY-MM-DD'
ORDER BY Port |
Next, get the results for other connection attempts
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
SELECT ch.IPAddress
, o.Name as Outcome
, p.Name as Protocol
, ch.Port
, Message
, convert(date,ch.AttemptDate) as DateAttempted
FROM history.t_ConnectionHistory ch
INNER JOIN config.t_Outcome o ON o.OutcomeID = ch.OutcomeID
INNER JOIN config.t_Protocol p ON ch.ProtocolID = p.ProtocolID
WHERE
-- Protocol 14 is called "TCP" and is the port scan
p.Name != 'TCP'
AND-- == Customize These == --
IPAddress ='192.168.0.1'
AND
CONVERT(date,ch.AttemptDate)='YYYY-MM-DD' |
...