- Test if remote TCP port is open from a shell script
- 18 Answers 18
- How to check if a certain port is open and unused?
- 9 Answers 9
- Eg 1:
- Eg 2:
- 5 ways to check if a Port is open on a remote Linux PC
- TCP and UDP ports
- Best ways to check if a Port is open on a Linux PC
- 1. netcat command
- Check if port is open or closed on a Linux server?
- 8 Answers 8
Test if remote TCP port is open from a shell script
I’m looking for a quick and simple method for properly testing if a given TCP port is open on a remote server, from inside a Shell script. I’ve managed to do it with the telnet command, and it works fine when the port is opened, but it doesn’t seem to timeout when it’s not and just hangs there. Here’s a sample:
l_TELNET=`echo "quit" | telnet $SERVER $PORT | grep "Escape character is"` if [ "$?" -ne 0 ]; then echo "Connection to $SERVER on port $PORT failed" exit 1 else echo "Connection to $SERVER on port $PORT succeeded" exit 0 fi
I either need a better way, or a way to force telnet to timeout if it doesn’t connect in under 8 seconds for example, and return something I can catch in Shell (return code, or string in stdout). I know of the Perl method, which uses the IO::Socket::INET module and wrote a successful script that tests a port, but would rather like to avoid using Perl if possible. Note: This is what my server is running (where I need to run this from) SunOS 5.10 Generic_139556-08 i86pc i386 i86pc
The answer lied with Expect. We wrote a simple script that sends a telnet on the port we needed, with a timeout of 8 seconds. There’s plenty of examples to pick from too. We based ours off this post: unix.com/shell-programming-scripting/…
check_tcp from github.com/monitoring-plugins/monitoring-plugins can do this, including entering strings and checking for an expected answer.
18 Answers 18
As pointed by B. Rhodes, nc ( netcat ) will do the job. A more compact way to use it:
That way nc will only check if the port is open, exiting with 0 on success, 1 on failure.
For a quick interactive check (with a 5 seconds timeout):
FWIW, I have completely overhauled my answer with an example, separately applicable to both RHEL 6 and RHEL 7.
on Mac at least, you may need to add -G# to set a connection timeout separate from/in addition to the -w# timeout, which basically functions as a read timeout.
@jolestar You can manually upgrade Ncat on Centos 7 to get the -z option. You may want to consider: unix.stackexchange.com/questions/393762/…
It’s easy enough to do with the -z and -w TIMEOUT options to nc , but not all systems have nc installed. If you have a recent enough version of bash, this will work:
# Connection successful: $ timeout 1 bash -c 'cat < /dev/null >/dev/tcp/google.com/80' $ echo $? 0 # Connection failure prior to the timeout $ timeout 1 bash -c 'cat < /dev/null >/dev/tcp/sfsfdfdff.com/80' bash: sfsfdfdff.com: Name or service not known bash: /dev/tcp/sfsfdfdff.com/80: Invalid argument $ echo $? 1 # Connection not established by the timeout $ timeout 1 bash -c 'cat < /dev/null >/dev/tcp/google.com/81' $ echo $? 124
What’s happening here is that timeout will run the subcommand and kill it if it doesn’t exit within the specified timeout (1 second in the above example). In this case bash is the subcommand and uses its special /dev/tcp handling to try and open a connection to the server and port specified. If bash can open the connection within the timeout, cat will just close it immediately (since it’s reading from /dev/null ) and exit with a status code of 0 which will propagate through bash and then timeout . If bash gets a connection failure prior to the specified timeout, then bash will exit with an exit code of 1 which timeout will also return. And if bash isn’t able to establish a connection and the specified timeout expires, then timeout will kill bash and exit with a status of 124.
Use a different syntax for Git Bash:
Otherwise, Git Bash will return an error where none is expected:
$ timeout 1 bash -c 'cat < /dev/null >/dev/tcp/google.com/80' $ echo $? 124
How to check if a certain port is open and unused?
Could you please help and tell how can i find out if port 80 is open and unused so that I can start installation.
For what it’s worth, /etc/services is completely static. Grepping it can tell you if a port is officially designated by IANA or some such, but does not tell whether or not it’s in local use.
9 Answers 9
sudo netstat -anp | grep ':80 '
That should give you pid & name of the process that holds port 80
This can be achieved using the nc command as follows:
It will return TRUE if the port is already in use, or FALSE is it (i.e, available not listening currently).
I don’t recommend lsof or netstat method as it first try to scan all running PIDs to get all bounded ports:
# time lsof -i:8888 real 0m1.194s user 0m0.137s sys 0m1.056s``` # time nc -z 127.0.0.1 8888 real 0m0.014s user 0m0.011s sys 0m0.004s
Here 8888 is an unused port. The nc command is ~85 times faster in the above example.
Eg 1:
$ nc -z 127.0.0.1 80 && echo "IN USE" || echo "FREE" IN USE $ nc -z 127.0.0.1 81 && echo "IN USE" || echo "FREE" FREE
Eg 2:
If you are trying with a remote IP, it is better to add a timeout to auto-exit if it is not accepting connection for the specified time.
Its Google’s IP which is not used, so it will timeout after trying for 2 seconds.
This also works greatly when running inside the Docker image that uses host network. Inside the image, lsof incorrectly reports the port is not in use when it actually is.
The traditional version of nc does not include the -z option. See the differences between traditional and openbsd.
netstat -tln | tail -n +3 | awk '< print $4 >'
This one displays bind addresses of TCP listening endpoints. All other endpoints are free; Also if on Unix and you are not root, then you can’t bind to a ‘privileged’ port number (port number lower than 1024).
Explained in more details:
- netstat -tln — all listening tcp ports
- tail -n +3 — cut off the header of netstat command
- awk ‘< print $4 >‘ — print the fourth column that consists of [ip]:[port]
For the general case you still need to care to cut out all irrelevant interfaces; a listening address 0.0.0.0 is listening on all network cards, if there is an IP address then that’s the specific IP of the network card/network interface.
5 ways to check if a Port is open on a remote Linux PC
T here is an ample number of ways to check for any open ports on a remote Linux PC. Knowing open ports on a Linux machine helps system administrators to connect to the remote PC for troubleshooting system and cloud server issues.
TCP and UDP ports
TCP stands for Transmission Control Protocol. In this method, the computers get connected directly until the data transfer is taking place. Therefore, with this method, the data transfer is guaranteed and is reliable but puts a higher load on the server as it has to monitor the connection and the data transfer too.
UDP stands for User Datagram Protocol. Using this method, the data is sent in the form of little packages into the network with the hope that it reaches the final destination. It means the two computers are not connected directly to each other. This method does not provide any guarantee that the data you send will ever reach its destination. Load on the server is less, and so this method is used commonly by the system administrators first to try something that’s not so important.
Now that you know the types are ports on a Linux system, let’s get started with ways of finding the ones that are open.
Best ways to check if a Port is open on a Linux PC
There are multiple ways you can do it. However, the most reliable way to do this is by using the following commands:
- nc: netcat command
- nmap: network mapper tool
- telnet: telnet command
- echo > /dev/tcp/..
- netstat – tuplen
Let’s go through each method one by one.
1. netcat command
netcat is a simple Unix utility that can be used to write and read data using UDP and TCP protocol across network connections.
The primary reason for its design is to provide a back-end tool that works with the scripts and programs. It is also an exploration and network debugging tool that offers tons of features.
To use it, you need to install it in your distro using the respective installation commands.
Check if port is open or closed on a Linux server?
It’s not quite clear what you’re asking. What do you mean by «open»? Do you mean some server is listening on that port? Or do you mean it’s allowed by the system firewall? Or what?
nc -w5 -z -v
A topic that contains an answer also for kernel level services and programs serverfault.com/questions/1078483/…
8 Answers 8
You can check if a process listens on a TCP or UDP port with netstat -tuplen .
To check whether some ports are accessible from the outside (this is probably what you want) you can use a port scanner like Nmap from another system. Running Nmap on the same host you want to check is quite useless for your purpose.
GNU netstat knows the parameters -t , -u , -p , -l , -e , and -n . Thanks to the options parser it can be expressed as -tuplen . linux.die.net/man/8/netstat
Also, the telnet command usually does only supports TCP, so you’re out of luck if the service you want to check runs on another protocol.
According to article: computingforgeeks.com/netstat-vs-ss-usage-guide-linux netstat is deprecated, and ss is it’s replacement, so you can do ss -an , ss -tuplen or for tcp listening sockets ss -ntlp .
Quickest way to test if a TCP port is open (including any hardware firewalls you may have), is to type, from a remote computer (e.g. your desktop):
Which will try to open a connection to port 80 on that server. If you get a time out or deny, the port is not open 🙂
OK, in summary, you have a server that you can log into. You want to see if something is listening on some port. As root, run:
this will show a listing of processes listening on TCP and UDP ports. You can scan (or grep) it for the process you’re interest in,and/or the port numbers you expect to see.
If the process you expect isn’t there, you should start up that process and check netstat again. If the process is there, but it’s listening on a interface and port that you did not expect, then there’s a configuration issue (e.g., it could be listening, but only on the loopback interface, so you would see 127.0.0.1:3306 and no other lines for port 3306, in the case of the default configuration for MySQL).
If the process is up, and it’s listening on the port you expect, you can try running a «telnet» to that port from your Macbook in your office/home, e.g.,
telnet xxxxxxxxxxxx.co.uk 443
That will test if (assuming standard ports) that there’s a web server configured for SSL. Note that this test using telnet is only going to work if the process is listening on a TCP port. If it’s a UDP port, you may as well try with whatever client you were going to use to connect to it. (I see that you used port 224. This is masqdialer, and I have no idea what that is).
If the service is there, but you can’t get to it externally, then there’s a firewall blocking you. In that case, run:
This will show all the firewall rules as defined on your system. You can post that, but, generally, if you’re not allowing everything on the INPUT chain, you probably will need to explicitly allow traffic on the port in question:
iptables -I INPUT -p tcp --dport 224 -j ACCEPT
or something along those lines. Do not run your firewall commands blindly based on what some stranger has told you on the Internet. Consider what you’re doing.
If your firewall on the box is allowing the traffic you want, then your hosting company may be running a firewall (e.g., they’re only allowing SSH (22/tcp), HTTP (80/tcp) and HTTPS (443/tcp) and denying all other incoming traffic). In this case, you will need to open a helpdesk ticket with them to resolve this issue, though I suppose there might be something in your cPanel that may allow it.