Check if remote host/port is open - Can't use GNU Netcat nor NMap - RHEL 7

Question

At work, the infrastructure team is rolling out new VMs with RHEL7 installed as the base OS. This particular image comes with the nmap-ncat version of Netcat and does not have NMap installed. We are precluded from installing anything on the machines.

Previously, we were using the GNU Netcat which have the -z option to scan a remote host/port to check if it was open. Something like this:

nc -z -v -w 3 remote.host.name 1234

How can I achieve the same check with the new ncat which does not have the -z option on a system where I cannot install nmap?

Why are you checking to see if a port is open/closed? Is this part of a monitoring solution? — ewwhite, Jul 09 '16 at 21:19
We're working on getting `-z` into Ncat, but it won't be in Red Hat for a while, I'm sure: https://github.com/nmap/nmap/pull/444 — bonsaiviking, Jul 11 '16 at 16:32
@ewwhite I have to check if network ACLs are open between point A and point B. For instance: can the app server talk TCP to the DB server on port 1521. — λ Jonas Gorauskas, Jun 14 '17 at 23:00

score 16 · Accepted Answer · answered Jul 09 '16 at 20:00

16

Bash allows you to connect to TCP and/or UDP ports by redirecting to special files:

/dev/tcp/host/port If host is a valid hostname or Internet address, and port is an integer port number or service name, Bash attempts to open the corresponding TCP socket.

/dev/udp/host/port If host is a valid hostname or Internet address, and port is an integer port number or service name, Bash attempts to open the corresponding UDP socket.

A failure to open or create a file causes the redirection to fail.

So to test if you can connect to port 80 on www.example.com the following should work:

echo -n > /dev/tcp/www.example.com/80

If the port is blocked you either get a "connection refused" message or a timeout.

answered Jul 09 '16 at 20:00

HBruijn

72,524
21
127
192

1

You can telnet to the port too – Ryan Babchishin Jul 10 '16 at 01:03
Yes, but a minimal install in RHEL 7 does not include the telnet RPM where bash is always present. – HBruijn Jul 10 '16 at 08:41
2

Really? How things have changed. – Ryan Babchishin Jul 10 '16 at 12:38
1

@RyanBabchishin plus lots of security guidelines require removal of the telnet client on the basis that using it to log in to something else is insecure; ignoring its vast troubleshooting uses. – Jason Martin Jan 08 '17 at 02:27
@JasonMartin Pfft – Ryan Babchishin Jan 08 '17 at 14:29
Not so trivial to scan a range of ports with `/dev/tcp/` – Zlemini Jan 28 '17 at 12:25
@JasonMartin also ignoring that you can write your own tcp socket client in bash! – Jasen Nov 22 '17 at 10:33

bonsaiviking · Answer 2 · 2017-03-03T20:58:03.123

Though Ncat does not yet support -z, you can get the same behavior with shell redirection:

$ ncat google.com 80 </dev/null >/dev/null && echo "yes"
yes
$ ncat google.com 81 </dev/null >/dev/null && echo "yes"
Ncat: Connection timed out.
$ ncat scanme.nmap.org 1234 </dev/null >/dev/null && echo "yes"
Ncat: Connection refused.

The connect timeout can be adjusted with the -w option.

EDIT: Ncat 7.25BETA2 introduced the -z option which works as it does with GNU netcat, but only on single ports. If you need to scan port ranges, you should be using Nmap.

AGS · Answer 3 · 2019-04-25T15:27:30.410

2

Neither netcat, telnet nor nmap are needed. Bash is simpler, portable and more efficient.

Open check

(>/dev/tcp/example.com/80) &>/dev/null && echo "Open"

Open/Closed Check

(>/dev/tcp/example.com/80) &>/dev/null && echo "Open" || echo "Closed"

Port Range Check

for i in $(seq 80 88); do (>/dev/tcp/example.com/80/$i) &>/dev/null && echo $i Open|| echo $i Closed; done

edited Apr 25 '19 at 15:27

answered Apr 25 '19 at 15:09

AGS

21
2

Check if remote host/port is open - Can't use GNU Netcat nor NMap - RHEL 7

3 Answers3

Linked