Friday, November 23, 2012

Test open ports by chatting from the command line

Today I needed to test whether or not a specific TCP/IP port on a firewall/server was open and whether or not traffic could successfully flow via that port without firewall interference. I needed to do this independent of the normal server application that handles this for testing purposes. I just needed to make sure the firewall aspect was all set to go.

Well, why not solve this problem with netcat? Here's how I did it...

First, I put a box booted into Knoppix at Site A and a Mac with Mountain Lion at Site B. (Netcat also exists for Windows.) I then disabled the Mountain Lion firewall temporarily and started up the netcat server at Site B:

nc -vl 666

The v is for verbose of course and the l tells it to be the listener/server. The 666 is the port it will listen on, lol. (All IP addresses and ports have been changed to protect the innocent.)

At Site A, I then had someone run this command on the Knoppix rig:

nc -v 666

This caused netcat to connect to the remote server via its IP address on port 666. At that point, I started chatting over the command line back and forth with the person at Site A like as if we were instant messaging. Who knew this could be so fun?! When I typed something on my screen and pressed enter, it appeared on their command line terminal and vice versa. Interestingly, until I solved a firewall issue, the netcat client would connect but when you typed text, you couldn't see it on the other end.

This utility is very useful and this post only shows one of many things netcat can do. By default, netcat uses TCP. For checking UDP, you can simply add the u switch to the command from both the server and the client. The 4 switch can also force netcat to use IPv4 which will help avoid problems.

This was a very lightweight, portable and easy way to test connectivity on a specific port and required no installation or configuration at all. This also allowed me to test completely independent of any normal server applications, etc. to rule out the possibility of any firewall filtering. [does happy little geek dance]

No comments:

Post a Comment

Spammy/foul language comments or those with an explicit avatar will be tossed in a 55 gallon drum and a match thrown in after them. (Oooo, now I can warm my hands!!)