Skip to main content

How to check for open TCP ports in Linux using netcat, ssh, nmap, telnet and even just cat

 


 

There are may ways to check for open TCP ports. Usually I prefer to use netcat or telnet, however in some cases (especially within docker containers) these tools are not installed or available. This post shows most common ways to check if a remote port is open or not.

telnet

Even though the telnet client tool is supposed to be used for the telnet protocol (ie. remotely logging in to a Unix computer before we had ssh), it is also a handy tool to check for an open port.

For example, we can use it to check if we can access www.google.com via HTTPS:

$ telnet www.google.com 443
Trying 142.250.70.196...
Connected to www.google.com.

If we see the "Connected" message, we can deduct from this that the port is open - even though there are protocol differences. Furthermore, if the service is unencrypted, telnet will show us status messages / protocol hints and versions etc. The following connects to a Google mail / SMTP server.

$ telnet smtp.google.com 25
Trying 74.125.24.27...
Connected to smtp.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP

Telnet used to be commonly installed on systems, however these days it's not always the case.

netcat

Netcat / nc can be used for many purposes including file transfers. It is also fairly easy to test for open ports.

$ nc -v google.com 443
Connection to google.com (142.250.70.174) 443 port [tcp/https] succeeded!

ssh 

You can also use the ssh client program to check for remote TCP ports. Just use the verbose option and look at the connection level output.

$ ssh -v -p 443 google.com

debug1: Connecting to google.com [142.250.70.174] port 443.
debug1: Connection established.

nmap

Nmap also offers quite a few different ways to scan for remote networks and ports - including full port and network scans which may be illegal if you don't own the target infrastructure.

However, checking a single port is easy

$ nmap -sT google.com -p 443
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-22 16:49 AEST
Nmap scan report for google.com (142.250.70.174)
Host is up (0.020s latency).
Other addresses for google.com (not scanned): 2404:6800:4015:801::200e
rDNS record for 142.250.70.174: mel04s02-in-f14.1e100.net

PORT    STATE SERVICE
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

bash

If none of the tools above are available, you can also just simply use the Linux Kernel to connect to a remote port for you like this.

if timeout 10 bash -c '</dev/tcp/google.com/443 &>/dev/null'
then
  echo "Google on TLS port 443 is open"
else
  echo "Google on TLS port 443 is closed"
fi

Comments

Popular posts from this blog

Manual Kubernetes TLS certificate renewal procedure

Intro Kubernetes utilizes TLS certificates to secure different levels of internal and external cluster communication.  This includes internal services like the apiserver, kubelet, scheduler and controller-manager etc. These TLS certificates are created during the initial cluster installation and are usually valid for 12 months. The cluster internal certificate authority (CA) certificate is valid for ten years. There are options available to automate certificate renewals, but they are not always utilised and these certs can become out of date. Updating certain certificates may require restarts of K8s components, which may not be fully automated either. If any of these certificates is outdated or expired, it will stop parts or all of your cluster from functioning correctly. Obviously this scenario should be avoided - especially in production environments. This blog entry focuses on manual renewals / re-creation of Kubernetes certificates. For example, the api-server certificate below exp

Deprecating Networking Ingress API version in Kubernetes 1.22

  Intro Kubernetes deprecates API versions over time. Usually this affects alpha and beta versions and only requires changing the apiVersion: line in your resource file to make it work. However with this Ingress object version change, additional changes are necessary. Basics For this post I am quickly creating a new cluster via Kind (Kubernetes in Docker) . Once done, we can see which API versions are supported by this cluster (version v1.21.1). $ kubectl api-versions | grep networking networking.k8s.io/v1 networking.k8s.io/v1beta1 Kubernetes automatically converts existing resources internally into different supported API versions. So if we create a new Ingress object with version v1beta1 on a recent cluster version, you will receive a deprecation warning - and the same Ingress object will exist both in version v1beta1 and v1. Create $ cat ingress_beta.yaml apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata:   name: clusterpirate-ingress spec:   rules:   - http:       path

Analysing and replaying MySQL database queries using tcpdump

Why There are situations where you want to quickly enable query logging on a MySQL Database or trouble shoot queries hitting the Database server in real-time. Yes, you can enable the DB query log and there are other options available, however the script below has helped me in many cases as it is non intrusive and does not require changing the DB server, state or configuration in any way. Limitations The following only works if the DB traffic is not encrypted (no SSL/TLS transport enabled). Also this needs to be run directly on the DB server host (as root / admin). Please also be aware that this should be done on servers and data you own only. Script This script has been amended to suit my individual requirements. #!/bin/sh tcpdump -i any -s 0 -l -w - dst port 3306 | strings | perl -e ' while(<>) { chomp; next if /^[^ ]+[ ]*$/;   if(/^(ALTER|COMMIT|CREATE|DELETE|DROP|INSERT|SELECT|SET|UPDATE|ROLLBACK)/i) {     if (defined $q) { print "$q\n"; }     $q=$_;   } else {