All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Port 443 not returned ?

D2SI
Communicator
‎05-16-2019 02:23 AM

Hello there,

Thanks so much for the new version of the App as it now takes into account multiple ports ! (and thanks also for your other Apps and blog posts by the way!)

There is just one little thing that does not work for me (or that I do not understand correctly).

It seems that I can get port 443 listed as result for any tested IP that has 443 open.

For instance,

If I query IP 151.80.25.159 on Shodan website, I would get ports 22, 80 & 443:

alt text

But when querying the same IP from Splunk I only got ports 22 & 80, not 443.

alt text

Any hint ?

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

vikramyadav
Contributor
‎05-17-2019 10:50 AM

Hi @D2SI, Just make sure you had opened port 443 in your system...
For windows https://www.tomshardware.com/news/how-to-open-firewall-ports-in-windows-10,36451.html
For Linus https://www.cyberciti.biz/faq/howto-rhel-linux-open-port-using-iptables/
restart your splunk and then try again..if you still face same issue then go for paid API.

0 Karma
Reply

hurricanelabs
Path Finder
‎05-17-2019 09:21 AM

Hi @D2SI, do you happen to be using a free Shodan API key? It appears when testing this using a free API key no 443 ports show, but when using a paid API key 443 does show up.

0 Karma
Reply

D2SI
Communicator
‎05-17-2019 05:31 PM

Yes exact, free Shodan API Key for now unfortunately.

Yes, I have edited the post with screenshots to illustrate that!

That would be great, yes!

0 Karma
Reply

hurricanelabs
Path Finder
‎05-17-2019 10:33 AM

Additionally, Shodan actually says "the free API key doesn’t have access to HTTPS or Telnet results. I believe that if you do a direct IP lookup (instead of a search request) then you will be able to see the HTTPS/ Telnet information even with a free API key.", but the custom command in the app does not support this. This is definitely something that we can look into adding into the app.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...