What are the alternatives for checking open ports, besides telnet?
We can use the following in order to test telnet VIA port; in the following example we test port 6667:
[root@kafka03 ~]# telnet kafka02 6667 Trying 103.64.35.86. Connected to kafka02. Escape character is '^]'. ^CConnection closed by foreign host
Since on some machines we can’t use telnet (for internal reasons) what are the alternatives to check ports, as telnet?
Those «internal reasons» might bar you from using other port-scanning software. I knew a guy that worked at a bank and had his contract terminated because he had a copy of nmap on his PC. He was using it for work-related purposes, but it was on the proscribed list, so he was escorted out of the building.
Note that telnet is a sophisticated protocol. The telnet utility turns off the protocol behaviour if a port is given at command line. Then it behaves much like netcat , just with line ending detection.
A more operating-system agnostic question, that does not even hint at port scanning, is unix.stackexchange.com/questions/499694 .
9 Answers 9
- -z = sets nc to simply scan for listening daemons, without actually sending any data to them
- -v = enables verbose mode
nc -v -w 3 kafka01 6667 Ncat: Version 6.40 ( nmap.org/ncat ) Ncat: Connected to 10.164.235.85:6667. ( this still hang )
If using Bash Shell, then you can use its feature to check if a port is open or closed:
(timeout 1 bash -c '/dev/null PORT OPEN (timeout 1 bash -c '/dev/null PORT CLOSED
Note that if the server does not respond after 1 second the timeout is reached, the commands between ‘ interrupted, and thus nothing is printed.
Perhaps you should use the hostname from the question (kafka02) instead of 127.0.0.1 , which makes it look like it only works with the loopback.
(timeout 1 bash -c ‘/dev/null prints nothing for me. (timeout 1 bash -c ‘/dev/null worked as expected (prints PORT CLOSED). Note the location of the ‘ .
IIRC this bash feature used to be disabled in Debian some time ago. It’s a neat trick but doesn’t always work.
‘curl’ can make life easier. No root require ; curl is readily available on all the linux systems
1) If port is not open will show below output
[niti@SourceServerName ~]$ curl -vv telnet://DestinationServerName:80 * About to connect() to DestinationServerName port 80 (#0) * Trying 192.168.0.100.
2) If port is open will show below output
[niti@SourceServerName ~]$ curl -vv telnet://DestinationServerName:443 * About to connect() to DestinationServerName port 443 (#0) * Trying 192.168.0.100. * Connected to DestinationServerName (192.168.0.100) port 443 (#0)
Why the extra v in «-vv»? I have not found any documentation that it does anything. Also, curl shows messages like «Connection refused» and «Could not resolve host» in regular (non-verbose) mode.
this was the easiest and simplest for me. In my experience, for VMs behind k8s clusters it is not possible to install missing tools eg., telnet, nc etc., so curl came in quite handy. thank you!
The gold standard is undoubtedly nmap (nmap.org), but it typically requires root for “best results”. However, standalone binaries are available and it is possible to run it as an unprivileged user, just with degraded capabilities. For example, instead of a stealth syn scan ( -sS ), it falls back to a standard TCP connect scan ( -sT ). This is functionally equivalent to netcat, but with the nice multi-host, sped-up capabilities that it has.
not-root$ nmap -sT google.com Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-04 21:01 GMT Nmap scan report for google.com (172.217.23.14) Host is up (0.12s latency). rDNS record for 172.217.23.14: lhr35s01-in-f14.1e100.net Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https
Установка Putty под Astra Linux
Сегодня мы рассмотрим установку популярного консольного клиента для работы по протоколам SSH, Telnet и через COM-порты (Serial) — Putty. В Astra Linux и есть Remmina, но для подключения по протоколу Telnet и через Com-порт (Serial) вам понадобится другой клиент. Вот тут на помощь и придет Putty.
Установка Putty
К сожалению Putty нет в репозитории Astra Linux, поэтому нам придется ставить его вручную. Скачаем необходимые пакеты:
wget http://ftp.ru.debian.org/debian/pool/main/p/putty/putty_0.67-3+deb9u1_amd64.deb wget http://ftp.ru.debian.org/debian/pool/main/p/putty/putty-tools_0.67-3+deb9u1_amd64.deb
dpkg -i putty-tools_0.67-3+deb9u1_amd64.deb putty_0.67-3+deb9u1_amd64.deb
Или через меню Пуск –> Сеть -> Putty SSH Client Запустим Попробуем соединится с локальным хостом:
Изменяем шрифт
Возможно вас не устроит используемый Putty шрифт. Давайте поменяем шрифт на более приятный, например terminus-14 . Запустим Putty и выберем Default Settings Нажмем Load Откроем раздел Fonts и нажмем на указанную кнопку Выберите шрифт terminus-14 или любой другой, который вы найдете приятным, на скриншоте я привел несколько шрифтов, уже установленных в системе, в сравнении со стандартным шрифтом, используемым в Windows 10. На забудьте вернуться в раздел Sessions и выбрав Default Settings, нажать Save!
Заключение
Сегодня мы рассмотрели установку Putty в Astra Linux. Скачали и установили необходимые пакеты. Запустили и соединились по SSH с нашим ПК Узнали как поменять шрифт, используемый в консоли.
6 Linux Utility to Test Network Connectivity
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.
Wondering how to check connectivity between two network endpoints?
One of the common tasks for sysadmin is to check the connectivity to troubleshoot networking issues. It could be anything like application can’t connect to backend service, unable to fetch data from external URL, verify if the flow is opened, etc.
Whatever it might be, the following utility/commands would help you. They are tested on CentOS, and I don’t see any reason not to work on another Linux distro.
telnet
One of the widely used commands to test essential connectivity between servers, server to another network device’s IP. The syntax for the command is easy.
telnet $destinationIP $PORT
Let’s say you want to test if you can connect to port 8080 on 10.0.0.1 IP address; then the command would be.
If there is no issue in connecting, then you should see the connected message.
Trying 10.0.0.1. Connected to 10.0.0.1. Escape character is '^]'.
Note: if you get a command not found while executing telnet then you need to install telnet as I explained here.
In most of the scenarios, telnet should help. However, if you need some other option then here are some telnet alternatives.
ncat or nc
Ncat (a.k.a. nc) is a powerful network utility with many features like bind and accept a connection, execute commands remotely, write and read data, etc. It works on IPv4 and IPv6, both.
To do a simple test to check if the port is opened or not, you will execute the following.
Let’s take an example of testing 443 port on geekflare.com.
[root@geekflare-lab ~]# nc -vz geekflare.com 443 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 104.25.133.107:443. Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds. [root@geekflare-lab ~]#
As mentioned, you can also use nc to bind the connection to listen on a particular port. This can be handy when you don’t have actual services running but want to ensure connectivity exists.
To start listening on a port:
It will bind the port to a given number.
If ncat is not installed, then you can get it done with yum install nc on CentOS/RHEL servers.
wget
wget is a useful command to download/test HTTP, HTTPS, and FTP. If you are working as a web engineer or often dealing with web-related issues then wget is your friend. Testing using wget is straightforward.
Here is an example of testing tools.geekflare.com
[root@geekflare-lab ~]# wget tools.geekflare.com --2019-05-09 20:40:01-- http://tools.geekflare.com/ Resolving tools.geekflare.com (tools.geekflare.com). 104.25.134.107, 104.25.133.107, 2606:4700:20::6819:866b, . Connecting to tools.geekflare.com (tools.geekflare.com)|104.25.134.107|:80. connected. HTTP request sent, awaiting response. 301 Moved Permanently Location: https://tools.geekflare.com/ [following] --2019-05-09 20:40:01-- https://tools.geekflare.com/ Connecting to tools.geekflare.com (tools.geekflare.com)|104.25.134.107|:443. connected. HTTP request sent, awaiting response. 200 OK Length: unspecified [text/html] Saving to: 'index.html.2' [ ] 15,139 --.-K/s in 0.001s 2019-05-09 20:40:02 (12.8 MB/s) - 'index.html.2' saved [15139] [root@geekflare-lab ~]#
If it shows connected means there is no connectivity issue.
Check out this to see some of the frequently used wget command examples.
curl
A curl is a multipurpose tool.
Do you know you can telnet to a port using curl?
The following is a working example.
[root@geekflare-lab ~]# curl -v telnet://chandan.io:443 * About to connect() to chandan.io port 443 (#0) * Trying 104.31.68.106. * Connected to chandan.io (104.31.68.106) port 443 (#0)
And, when there is no listening port or firewall issue, then you will see trying…
[root@geekflare-lab ~]# curl -v telnet://chandan.io:4434 * About to connect() to chandan.io port 4434 (#0) * Trying 104.31.68.106.
You can also use curl to download the data. It supports multiple protocols – HTTP, HTTPS, FTP, IMAP, LDAP, POP3, SCP, SFTP, GOPHER, etc.
nmap
A popular tool with hundreds of features. Often this is considered as a security tool, nmap lets you test a single IP/port or in the range.
An example of testing port 443 on siterelic.com
[root@geekflare-lab ~]# nmap -p 443 siterelic.com Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-10 06:55 UTC Nmap scan report for siterelic.com (104.27.174.50) Host is up (0.0079s latency). Other addresses for siterelic.com (not scanned): 104.27.175.50 2606:4700:30::681b:ae32 2606:4700:30::681b:af32 PORT STATE SERVICE 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds [root@geekflare-lab ~]#
Look at the state column. If you see open means connection is ok. And, if the state is filtered that means connectivity doesn’t exist.
Ping
One of the widely used commands is to check if a remote host is responding to ICMP ECHO_REQUEST or not. Keep in mind, this may not give you accurate results when ICMP is blocked at the remote network’s firewall. Assuming that’s not the case, you can ping to IPv4 or IPv4 network endpoint as below.
For example, success result of geekflare.com
chandan@192 ~ % ping geekflare.com PING geekflare.com (104.27.119.115): 56 data bytes 64 bytes from 104.27.119.115: icmp_seq=0 ttl=53 time=7.944 ms 64 bytes from 104.27.119.115: icmp_seq=1 ttl=53 time=8.870 ms
For example, failure result of internal IP.
chandan@192 ~ % ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1
If the endpoint supports IPv6, you can use the ping6 command as below.
chandan@192 ~ % ping6 geekflare.com PING6(56=40+8+8 bytes) 2a01:4b00:88e4:8700:d8ca:bf50:159c:2a1d --> 2606:4700:20::681b:7673 16 bytes from 2606:4700:20::681b:7673, icmp_seq=0 hlim=250 time=8.650 ms 16 bytes from 2606:4700:20::681b:7673, icmp_seq=1 hlim=250 time=8.738 ms
If you need to do remote ping over the Internet, you can use the online ping tool.
Conclusion
telnet is phasing out in the latest Linux version. Thanks to the above telnet alternative.
If you are new to Linux and looking to learn then check out this Udemy course.