1.使用nc
# yum -y install nc
Loaded plugins: fastestmirror, langpacks, versionlock
Loading mirror speeds from cached hostfile
UCloud-Software | 1.3 kB 00:00:00
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
ucloud | 1.3 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): epel/x86_64/primary_db | 7.0 MB 00:00:00
(2/2): epel/x86_64/updateinfo | 1.0 MB 00:00:00
Excluding 1 update due to versionlock (use "yum versionlock status" to show it)
Package 2:nmap-ncat-6.40-19.el7.x86_64 already installed and latest version
Nothing to do
# cat check_port.sh
#!/bin/bash
nc -z localhost 443
if [ $? -ne 0 ]; then
exit 1
fi
#!/bin/bash
if ! nc -z xx.xx.xx.xx 443; then
exit 1
fi
nc -z localhost 443 是使用 nc 命令来检测本机是否在 443 端口上监听。这里:
-
nc是一个网络工具,用于读写网络连接。 -
-z参数表示使用nc命令的扫描模式,它只会扫描端口,而不会发送任何数据。 -
localhost表示本机地址,即127.0.0.1。 -
443是指定端口号,这里是检测是否在 443 端口上监听。
如果命令成功连接到目标主机的指定端口,返回值为 0;如果连接失败,返回值为非 0。
# nc --help
Ncat 7.50 ( https://nmap.org/ncat )
Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds. Append 'ms' for milliseconds,
's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).
-4 Use IPv4 only
-6 Use IPv6 only
-U, --unixsock Use Unix domain sockets only
-C, --crlf Use CRLF for EOL sequence
-c, --sh-exec <command> Executes the given command via /bin/sh
-e, --exec <command> Executes the given command
--lua-exec <filename> Executes the given Lua script
-g hop1[,hop2,...] Loose source routing hop points (8 max)
-G <n> Loose source routing hop pointer (4, 8, 12, ...)
-m, --max-conns <n> Maximum <n> simultaneous connections
-h, --help Display this help screen
-d, --delay <time> Wait between read/writes
-o, --output <filename> Dump session data to a file
-x, --hex-dump <filename> Dump session data as hex to a file
-i, --idle-timeout <time> Idle read/write timeout
-p, --source-port port Specify source port to use
-s, --source addr Specify source address to use (doesn't affect -l)
-l, --listen Bind and listen for incoming connections
-k, --keep-open Accept multiple connections in listen mode
-n, --nodns Do not resolve hostnames via DNS
-t, --telnet Answer Telnet negotiations
-u, --udp Use UDP instead of default TCP
--sctp Use SCTP instead of default TCP
-v, --verbose Set verbosity level (can be used several times)
-w, --wait <time> Connect timeout
-z Zero-I/O mode, report connection status only
--append-output Append rather than clobber specified output files
--send-only Only send data, ignoring received; quit on EOF
--recv-only Only receive data, never send anything
--allow Allow only given hosts to connect to Ncat
--allowfile A file of hosts allowed to connect to Ncat
--deny Deny given hosts from connecting to Ncat
--denyfile A file of hosts denied from connecting to Ncat
--broker Enable Ncat's connection brokering mode
--chat Start a simple Ncat chat server
--proxy <addr[:port]> Specify address of host to proxy through
--proxy-type <type> Specify proxy type ("http" or "socks4" or "socks5")
--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server
--ssl Connect or listen with SSL
--ssl-cert Specify SSL certificate file (PEM) for listening
--ssl-key Specify SSL private key (PEM) for listening
--ssl-verify Verify trust and domain name of certificates
--ssl-trustfile PEM file containing trusted SSL certificates
--ssl-ciphers Cipherlist containing SSL ciphers to use
--version Display Ncat's version information and exit
See the ncat(1) manpage for full options, descriptions and usage examples
2.使用 telnet
# yum -y install telnet
Loaded plugins: fastestmirror, langpacks, versionlock
Loading mirror speeds from cached hostfile
Excluding 1 update due to versionlock (use "yum versionlock status" to show it)
Package 1:telnet-0.17-66.el7.x86_64 already installed and latest version
Nothing to do
# cat check_port.sh
#!/bin/bash
export LANG="en_US.UTF-8"
if ! echo "" | telnet xx.xx.xx.xx 443 2> /dev/null | grep -wq "Escape character is '^]'"; then
exit 1
fi
3. 为什么不使用 echo ?
#!/bin/bash
if ! echo > /dev/tcp/xx.xx.xx.xx/443; then
exit 1
fi
image.png
如果对方没有设置防火墙策略,如果没监听,会迅速返回失败;
如果对方设置了防火墙策略,且规则是DROP ,那么echo > /dev/tcp/xx.xx.xx.xx/443会一直被卡着,耗时太长,影响脚本判断。
当然,其实telnet 也存在这个问题。
# echo "" | telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.
# echo "" | telnet 127.0.0.1 443
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
# echo > /dev/tcp/127.0.0.1/80
# echo > /dev/tcp/127.0.0.1/443
# echo "" | telnet www.baidu.com 443 2> /dev/null
Trying 180.101.50.188...
Connected to www.baidu.com.
Escape character is '^]'.
# time echo "" | telnet www.baidu.com 8080 2> /dev/null
Trying 180.101.50.242...
Trying 180.101.50.188...
Trying 240e:e9:6002:15c:0:ff:b015:146f...
Trying 240e:e9:6002:15a:0:ff:b05c:1278...
real 1m3.302s
user 0m0.000s
sys 0m0.002s
# time echo > /dev/tcp/www.baidu.com/443
real 0m0.011s
user 0m0.000s
sys 0m0.000s
# time echo > /dev/tcp/www.baidu.com/8080
-bash: connect: Network is unreachable
-bash: /dev/tcp/www.baidu.com/8080: Network is unreachable
real 1m3.660s
user 0m0.001s
sys 0m0.000s
// 如果域名有做ipv6解析,也是探测出
# time echo "" | telnet www.jianshu.com 8080 2> /dev/null
Trying 39.98.74.233...
Trying 2408:4001:f30::221...
real 0m31.836s
user 0m0.000s
sys 0m0.002s
# time echo > /dev/tcp/www.jianshu.com/8080
-bash: connect: Network is unreachable
-bash: /dev/tcp/www.jianshu.com/8080: Network is unreachable
real 0m31.894s
user 0m0.000s
sys 0m0.000s
连接耗时较长的原因可能是因为目标主机无法访问或网络不可达。
当 shell 尝试通过 /dev/tcp/www.baidu.com/8080 或者 telnet www.baidu.com 8080进行连接时,由于网络不可达,系统会尝试进行重试,直到超时。
在这种情况下,如果目标主机无法到达,shell 会等待连接超时,才会返回错误信息。
这个耗时长短,取决于对目标地址的各种测试时间的多少。
网友评论