测试端口是否连通的几种方式
👉 本文共约1606个字,系统预计阅读时间或需7分钟。
telnet
命令:
1 | telnet 192.168.8.8 22 |
回车后,若端口是开放的,则会显示相关的协议,例如:SSH、mysql等,或者为空。
wget
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | C:\Users\lhr>wget 192.168.8.8:22 -v --10:05:11-- http://192.168.8.8:22/ => `index.html' Connecting to 192.168.8.8:22... connected! HTTP request sent, awaiting response... Read error (No such file or directory) in headers. Retrying. --10:05:11-- http://192.168.8.8:22/ (try: 2) => `index.html' Connecting to 192.168.8.8:22... connected! HTTP request sent, awaiting response... Read error (No such file or directory) in headers. Retrying. --10:05:11-- http://192.168.8.8:22/ (try: 3) => `index.html' Connecting to 192.168.8.8:22... connected! HTTP request sent, awaiting response... 10:05:11 ERROR -1: Malformed status line. |
curl
curl是用于从服务器传输数据或将数据传输到服务器的工具。它支持以下协议:DICT,FILE,FTP,FTPS,GOPHER,GOPHERS,HTTP,HTTPS,IMAP,IMAPS,LDAP,LDAPS,MQTT,POP3,POP3S,RTMP,RTMPS,RTSP,SCP,SFTP,SMB,SMBS,SMTP,SMTPS,TELNET,TFTP,WS和WSS。它由 libcurl 提供支持,适用于所有与传输相关的功能
通的情况:
1 2 3 4 5 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$timeout 3 curl -vvv telnet://192.168.26.55:55555 * About to connect() to 192.168.26.55 port 55555 (#0) * Trying 192.168.26.55... * Connected to 192.168.26.55 (192.168.26.55) port 55555 (#0) |
不通的情况:
1 2 3 4 5 6 7 8 9 10 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$timeout 3 curl -vvv telnet://192.168.26.55:443 * About to connect() to 192.168.26.55 port 443 (#0) * Trying 192.168.26.55... * 拒绝连接 * Failed connect to 192.168.26.55:443; 拒绝连接 * Closing connection 0 curl: (7) Failed connect to 192.168.26.55:443; 拒绝连接 ┌──[root@vms100.liruilongs.github.io]-[~] └─$ |
nc或nact
nc 或者 ncat 命令也可以用于测试远程主机是否在指定端口上侦听或建立到该端口的连接。
1 2 3 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$which nc /usr/bin/nc |
例如,要测试远程主机的 55555 端口是否打开,可以使用以下命令:
本人提供Oracle(OCP、OCM)、MySQL(OCP)、PostgreSQL(PGCA、PGCE、PGCM)等数据库的培训和考证业务,私聊QQ646634621或微信db_bao,谢谢!
通的情况
1 2 3 4 5 6 7 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$nc -vz 192.168.26.55 55555 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 192.168.26.55:55555. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. ┌──[root@vms100.liruilongs.github.io]-[~] └─$ |
不通的情况
1 2 3 4 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$nc -vz 192.168.26.55 443 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connection refused. |
或者可以使用 ncat,ncat 是 nmap 网络工具套件的一部分,是一个更现代的工具。它被设计为 nc 的更丰富的替代品。它支持 SSL/TLS 加密、IPv6、SOCKS 代理等。
1 2 3 4 5 6 7 8 9 10 11 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$ncat -zv 192.168.26.55 55555 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 192.168.26.55:55555. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. ┌──[root@vms100.liruilongs.github.io]-[~] └─$ncat -zv 192.168.26.55 443 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connection refused. ┌──[root@vms100.liruilongs.github.io]-[~] └─$ |
nmap
端口扫描工具,会扫描所有的端口,一般不建议使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$rpm -ql nmap || yum -y install nmap ┌──[root@vms100.liruilongs.github.io]-[~] └─$nmap -sT 192.168.26.55 443 Starting Nmap 6.40 ( http://nmap.org ) at 2023-04-11 16:44 CST Nmap scan report for 192.168.26.55 (192.168.26.55) Host is up (0.0025s latency). Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 222/tcp open rsh-spx 8080/tcp open http-proxy 50000/tcp open ibm-db2 55555/tcp open unknown MAC Address: 00:0C:29:9F:48:81 (VMware) Nmap done: 2 IP addresses (1 host up) scanned in 1.74 seconds |
python
Linux 环境一般都 python 环境,要使用 Python 检查远程端口是否打开,可以使用 socket 模块
端口通的 Demo
1 2 3 4 5 6 7 8 9 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$python2 Python 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import socket >>> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) >>> sock.connect(('192.168.26.55', 55555)) >>> |
端口不通的 Demo
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$python2 Python 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import socket >>> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) >>> sock.connect(('192.168.26.55', 443)) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib64/python2.7/socket.py", line 224, in meth return getattr(self._sock,name)(*args) socket.error: [Errno 111] Connection refused >>> ┌──[root@vms100.liruilongs.github.io]-[~] └─$ |
/dev/tcp
利用 /dev/tcp 虚拟文件系统 检查端口是打开还是关闭,使用下面这样的命名就可以测试
1 | /dev/tcp/192.168.8.8/3306 |
看一个Demo,使用 Linux 中的 /dev/tcp 虚拟文件系统连接到远程主机的 55555 端口。用于测试远程主机是否在该端口上侦听或建立到该端口的连接。/dev/proto/host/port/ 对应测试数据 /dev/tcp/$host/$port
这里为了好看,我们做一些简单修饰
通的情况
1 2 3 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$(timeout 1 bash -c '</dev/tcp/192.168.26.55/55555' && echo PORT OPEN || echo PORT CLOSED) 2>/dev/null PORT OPEN |
不通的情况
1 2 3 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$(timeout 1 bash -c '</dev/tcp/192.168.26.55/443' && echo PORT OPEN || echo PORT CLOSED) 2>/dev/null PORT CLOSED |
原理,Linux 的真值和编程语言代码中的真值是不同的。根据执行的返回值确认是否通
1 2 3 4 5 6 7 8 9 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$bash -c '</dev/tcp/192.168.26.55/55555' && echo $? 0 ┌──[root@vms100.liruilongs.github.io]-[~] └─$bash -c '</dev/tcp/192.168.26.55/443' && echo $? bash: connect: 拒绝连接 bash: /dev/tcp/192.168.26.55/443: 拒绝连接 ┌──[root@vms100.liruilongs.github.io]-[~] └─$ |
换成分号的情况我们就可以正常显示。
1 2 3 4 5 | ┌──[root@vms100.liruilongs.github.io]-[~] └─$bash -c '</dev/tcp/192.168.26.55/443' ;echo $? bash: connect: 拒绝连接 bash: /dev/tcp/192.168.26.55/443: 拒绝连接 1 |
需要注意的是,这个命令可能不适用于所有系统,因为它依赖于 /dev/tcp 虚拟文件系统是否启用。此外,这个命令应该只用于测试或诊断目的,而不用于任何恶意活动。
如果三层都不通,对于不同的情况也可以具体分析
端口通的情况
1 | [root@master ~]# </dev/tcp/172.30.127.22/3306 |
IP 都不通的情况
1 2 3 4 5 6 7 | [root@master ~]# </dev/tcp/172.30.127.23/3306 bash: connect: No route to host bash: /dev/tcp/172.30.127.23/3306: No route to host [root@master ~]# </dev/tcp/192.168.26.55/55555 bash: connect: Network is unreachable bash: /dev/tcp/192.168.26.55/55555: Network is unreachable [root@master ~]# |
Network is unreachable:当源设备无法找到到达目标网络的路由时,会出现此错误。这意味着源设备的路由表中没有目标设备所在的网络的条目。这可能是因为网络已经关闭,或者路由表中存在配置错误。No route to host:当源设备可以找到到达目标网络的路由,但无法找到该网络上特定主机的路由时,会出现此错误。这意味着源设备的路由表中有目标设备所在的网络的条目,但没有目标设备的特定IP地址的条目。这可能是因为目标设备已关闭,或者路由表中存在配置错误。
总结
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | telnet 192.168.8.8 22 wget 192.168.8.8:22 -v curl -vvv telnet://192.168.8.8:22 ncat -vz 192.168.8.8 22 nc -vz 192.168.8.8 22 nmap -sT 192.168.8.8 python2 import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect(('192.168.8.8', 22)) |
参考
https://mp.weixin.qq.com/s/D2G1pGiX1RtgEamzreyo6w
https://medium.com/geekculture/linux-useful-tricks-telnet-alternatives-ed9f342149a1
