17

At work, the infrastructure team is rolling out new VMs with RHEL7 installed as the base OS. This particular image comes with the nmap-ncat version of Netcat and does not have NMap installed. We are precluded from installing anything on the machines.

Previously, we were using the GNU Netcat which have the -z option to scan a remote host/port to check if it was open. Something like this:

nc -z -v -w 3 remote.host.name 1234

How can I achieve the same check with the new ncat which does not have the -z option on a system where I cannot install nmap?

λ Jonas Gorauskas
  • 373
  • 1
  • 4
  • 9
  • 1
    Why are you checking to see if a port is open/closed? Is this part of a monitoring solution? – ewwhite Jul 09 '16 at 21:19
  • 1
    We're working on getting `-z` into Ncat, but it won't be in Red Hat for a while, I'm sure: https://github.com/nmap/nmap/pull/444 – bonsaiviking Jul 11 '16 at 16:32
  • @ewwhite I have to check if network ACLs are open between point A and point B. For instance: can the app server talk TCP to the DB server on port 1521. – λ Jonas Gorauskas Jun 14 '17 at 23:00

3 Answers3

16

Bash allows you to connect to TCP and/or UDP ports by redirecting to special files:

/dev/tcp/host/port If host is a valid hostname or Internet address, and port is an integer port number or service name, Bash attempts to open the corresponding TCP socket.

/dev/udp/host/port If host is a valid hostname or Internet address, and port is an integer port number or service name, Bash attempts to open the corresponding UDP socket.

A failure to open or create a file causes the redirection to fail.

So to test if you can connect to port 80 on www.example.com the following should work:

echo -n > /dev/tcp/www.example.com/80

If the port is blocked you either get a "connection refused" message or a timeout.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
9

Though Ncat does not yet support -z, you can get the same behavior with shell redirection:

$ ncat google.com 80 </dev/null >/dev/null && echo "yes"
yes
$ ncat google.com 81 </dev/null >/dev/null && echo "yes"
Ncat: Connection timed out.
$ ncat scanme.nmap.org 1234 </dev/null >/dev/null && echo "yes"
Ncat: Connection refused.

The connect timeout can be adjusted with the -w option.

EDIT: Ncat 7.25BETA2 introduced the -z option which works as it does with GNU netcat, but only on single ports. If you need to scan port ranges, you should be using Nmap.

bonsaiviking
  • 4,355
  • 16
  • 26
2

Neither netcat, telnet nor nmap are needed. Bash is simpler, portable and more efficient.

Open check

(>/dev/tcp/example.com/80) &>/dev/null && echo "Open" 

Open/Closed Check

(>/dev/tcp/example.com/80) &>/dev/null && echo "Open" || echo "Closed"

Port Range Check

for i in $(seq 80 88); do (>/dev/tcp/example.com/80/$i) &>/dev/null && echo $i Open|| echo $i Closed; done
AGS
  • 21
  • 2