# MATCHPORT The `MATCHPORT` command inspects network traffic for activity on the specified ports. The payload will be paused until matching traffic is found. ## Options The `MATCHPORT` command expects several options: ``` MATCHPORT [interface] [protocol] [connection type] [port] ... [portN] ``` ### Interface `MATCHPORT` requires a network interface. Typically on the Packet Squirrel this is `br-lan`, the virtual interface which connects the Ethernet ports. ### Protocol `MATCHPORT` requires a protocol to match: `TCP` and `UDP` match only connections on those protocols, while `ANY` matches both. ### Connection type A connection type of `NEW` causes `MATCHPORT` to only find connections which have started while it has been running. A connection type of `ANY` will match connections already in progress. ### Ports `MATCHPORT` can match any number of ports. ## Return values `MATCHPORT` will exit when a packet is seen on the monitored ports. `MATCHPORT` will print the port pairs which caused the match (source and destination of the packet). ## Experimenting You can experiment using the `MATCHPORT` command live, either in the Web Shell in the web UI, or via `ssh`!

## Examples The most basic use of the `MATCHPORT` command is to halt execution of a payload until traffic is seen. This demonstration payload will disconnect the Target device if it is seen to connect to a specific port. ```bash #!/bin/bash # Title: Matchport example # # Description: Disconnect the Target device if there is traffic to the meterpreter default port # Set bridge mode NETMODE BRIDGE # Wait for any connections on port 4444 MATCHPORT br-lan TCP ANY 4444 # Jail the target NETMODE JAIL # Set the LED LED R VERYFAST ```