Check tcp connections linux

Test if remote TCP port is open from a shell script

I’m looking for a quick and simple method for properly testing if a given TCP port is open on a remote server, from inside a Shell script. I’ve managed to do it with the telnet command, and it works fine when the port is opened, but it doesn’t seem to timeout when it’s not and just hangs there. Here’s a sample:

l_TELNET=`echo "quit" | telnet $SERVER $PORT | grep "Escape character is"` if [ "$?" -ne 0 ]; then echo "Connection to $SERVER on port $PORT failed" exit 1 else echo "Connection to $SERVER on port $PORT succeeded" exit 0 fi 

I either need a better way, or a way to force telnet to timeout if it doesn’t connect in under 8 seconds for example, and return something I can catch in Shell (return code, or string in stdout). I know of the Perl method, which uses the IO::Socket::INET module and wrote a successful script that tests a port, but would rather like to avoid using Perl if possible. Note: This is what my server is running (where I need to run this from) SunOS 5.10 Generic_139556-08 i86pc i386 i86pc

The answer lied with Expect. We wrote a simple script that sends a telnet on the port we needed, with a timeout of 8 seconds. There’s plenty of examples to pick from too. We based ours off this post: unix.com/shell-programming-scripting/…

check_tcp from github.com/monitoring-plugins/monitoring-plugins can do this, including entering strings and checking for an expected answer.

18 Answers 18

As pointed by B. Rhodes, nc ( netcat ) will do the job. A more compact way to use it:

That way nc will only check if the port is open, exiting with 0 on success, 1 on failure.

For a quick interactive check (with a 5 seconds timeout):

FWIW, I have completely overhauled my answer with an example, separately applicable to both RHEL 6 and RHEL 7.

on Mac at least, you may need to add -G# to set a connection timeout separate from/in addition to the -w# timeout, which basically functions as a read timeout.

@jolestar You can manually upgrade Ncat on Centos 7 to get the -z option. You may want to consider: unix.stackexchange.com/questions/393762/…

It’s easy enough to do with the -z and -w TIMEOUT options to nc , but not all systems have nc installed. If you have a recent enough version of bash, this will work:

# Connection successful: $ timeout 1 bash -c 'cat < /dev/null >/dev/tcp/google.com/80' $ echo $? 0 # Connection failure prior to the timeout $ timeout 1 bash -c 'cat < /dev/null >/dev/tcp/sfsfdfdff.com/80' bash: sfsfdfdff.com: Name or service not known bash: /dev/tcp/sfsfdfdff.com/80: Invalid argument $ echo $? 1 # Connection not established by the timeout $ timeout 1 bash -c 'cat < /dev/null >/dev/tcp/google.com/81' $ echo $? 124 

What’s happening here is that timeout will run the subcommand and kill it if it doesn’t exit within the specified timeout (1 second in the above example). In this case bash is the subcommand and uses its special /dev/tcp handling to try and open a connection to the server and port specified. If bash can open the connection within the timeout, cat will just close it immediately (since it’s reading from /dev/null ) and exit with a status code of 0 which will propagate through bash and then timeout . If bash gets a connection failure prior to the specified timeout, then bash will exit with an exit code of 1 which timeout will also return. And if bash isn’t able to establish a connection and the specified timeout expires, then timeout will kill bash and exit with a status of 124.

Use a different syntax for Git Bash:

Otherwise, Git Bash will return an error where none is expected:

$ timeout 1 bash -c 'cat < /dev/null >/dev/tcp/google.com/80' $ echo $? 124 

Источник

12 ss Command Examples to Monitor Network Connections

ss command is a tool that is used for displaying network socket related information on a Linux system. The tool displays more detailed information that the netstat command which is used for displaying active socket connections.

In this guide, we delve in and see how the ss command can be used to display varied socket connection information in Linux.

1. Listing all Connections

The basic ss command without any options simply lists all the connections regardless of the state they are in.

2. Listing Listening and Non-listening Ports

You can retrieve a list of both listening and non-listening ports using the -a option as shown below.

3. Listing Listening Sockets

To display listening sockets only, use the -l flag as shown.

4. List all TCP Connections

To display all TCP connection, use the -t option as shown.

5. List all Listening TCP Connections

To have a view of all the listening TCP socket connection use the -lt combination as shown.

6. List all UDP Connections

To view all the UDP socket connections use the -ua option as shown.

7. List all Listening UDP Connections

To list listening UDP connections use the -lu option.

8. Display PID (Process IDs) of Sockets

To display the Process IDs related to socket connections, use the -p flag as shown.

9. Display Summary Statistics

To list the summary statistics, use the -s option.

10. Display IPv4 and IPv6 Socket Connections

If you are curious about the IPv4 socket connections use the -4 option.

To display IPv6 connections, use the -6 option.

11. Filter Connections by Port Number

ss command also lets you filter socket port number or address number. For example, to display all socket connections with a destination or source port of ssh run the command.

$ ss -at '( dport = :22 or sport = :22 )'

Alternatively, you can run the command.

$ ss -at '( dport = :ssh or sport = :ssh )'

12. Check Man Pages for ss Command

To get more insights into the ss command usage, check the man pages using the command.

Those are some of the commonly used options that are used with ss command. The command is considered more superior to netstat command and provide detailed information about network connections.

Источник

How to Test Port [TCP/UDP] Connectivity from a Linux Server

Here is a short post to check port [TCP/UDP] connectivity from a Linux server. A TCP/IP network connection may be either blocked, dropped, open, or filtered. These actions are generally controlled by the IPtables firewall the system uses and is independent of any process or program that may be listening on a network port.

Telnet and nc are common tools used to test port connectivity from Linux server. Telnet can be used to test tcp port connections, where as nc can be used to test both tcp/udp ports connectivity. Make sure telnet and nc tools are installed on the Linux server you are trying to test connectivity.

# yum install nc # yum install telnet

Testing TCP port connectivity with telnet

Lets see how we can use telnet command to test the TCP port connectivity. The syntax to use the telnet command is as follows:

# telnet [hostname/IP address] [port number]

Example of successful connection:

# telnet 192.168.12.10 22 Trying 192.168.12.10. Connected to 192.168.12.10. Escape character is '^]'. SSH-2.0-OpenSSH_6.6.1 Protocol mismatch. Connection closed by foreign host.

Example of unsuccessful connection:

# telnet 192.168.12.10 22 Trying 192.168.12.10. telnet: connect to address 192.168.12.10: No route to host

Using nc command to test TCP port connectivity

The syntax to use nc command for testing TCP post connectivity is as follows:

# nc -z -v [hostname/IP address] [port number]

Example of successful connection:

# nc -z -v 192.168.10.12 22 Connection to 192.118.20.95 22 port [tcp/ssh] succeeded!

Example of unsuccessful connection:

# nc -z -v 192.168.10.12 22 nc: connect to 192.118.20.95 port 22 (tcp) failed: No route to host

Testing UDP port connectivity wit nc command

The syntax to test UDP port connectivity with nc command is as follows:

# nc -z -v -u [hostname/IP address] [port number]

Example of successful connection:

# nc -z -v -u 192.168.10.12 123 Connection to 192.118.20.95 123 port [udp/ntp] succeeded!

Some more articles you might also be interested in …

Источник