What are the alternatives for checking open ports, besides telnet?

Question

We can use the following in order to test telnet VIA port; in the following example we test port 6667:

[root@kafka03 ~]# telnet kafka02 6667
Trying 103.64.35.86...
Connected to kafka02.
Escape character is '^]'.
^CConnection closed by foreign host

Since on some machines we can't use telnet (for internal reasons) what are the alternatives to check ports, as telnet?

Those "internal reasons" might bar you from using other port-scanning software. I knew a guy that worked at a bank and had his contract terminated because he had a copy of nmap on his PC. He was using it for work-related purposes, but it was on the proscribed list, so he was escorted out of the building. — Roger Lipscombe, Nov 04 '18 at 15:39
Note that telnet is a sophisticated protocol. The telnet utility turns off the protocol behaviour if a port is given at command line. Then it behaves much like netcat, just with line ending detection. — rexkogitans, Nov 05 '18 at 08:29
A more operating-system agnostic question, that does not even hint at port scanning, is https://unix.stackexchange.com/questions/499694/ . — JdeBP, Feb 10 '19 at 10:40

score 115 · Accepted Answer · edited Dec 03 '20 at 10:54

115

Netcat (nc) is one option.

nc -zv kafka02 6667

-z = sets nc to simply scan for listening daemons, without actually sending any data to them
-v = enables verbose mode

edited Dec 03 '20 at 10:54

alex

291

answered Nov 04 '18 at 10:28

steve

21,892

is it possible to get standard output from the nc ? because I want to write in in my bash script – yael Nov 04 '18 at 10:36
4

Read the documentation! Without options nc behaves a lot like telnet. – Henrik supports the community Nov 04 '18 at 11:03
yes I read the docs but -w flag not works as timeout – yael Nov 04 '18 at 11:09
1

example - c -v -w 1 kafka01 6667 ( we not get timeout ) – yael Nov 04 '18 at 11:09
1

nc -v -w 3 kafka01 6667 Ncat: Version 6.40 ( http://nmap.org/ncat ) Ncat: Connected to 10.164.235.85:6667. ( this still hang ) – yael Nov 04 '18 at 11:10
3

ncat is not netcat. – Roger Lipscombe Nov 04 '18 at 15:40

score 53 · Answer 2 · edited Nov 07 '18 at 10:17

53

If using Bash Shell, then you can use its feature to check if a port is open or closed:

(timeout 1 bash -c '</dev/tcp/127.0.0.1/17500 && echo PORT OPEN || echo PORT CLOSED') 2>/dev/null
PORT OPEN

(timeout 1 bash -c '</dev/tcp/127.0.0.1/7500 && echo PORT OPEN || echo PORT CLOSED') 2>/dev/null
PORT CLOSED

Note that if the server does not respond after 1 second the timeout is reached, the commands between ' interrupted, and thus nothing is printed.

edited Nov 07 '18 at 10:17

thecarpy

3,935

answered Nov 04 '18 at 18:27

in2nix4life

651

6

Perhaps you should use the hostname from the question (kafka02) instead of 127.0.0.1, which makes it look like it only works with the loopback. – Dmitry Grigoryev Nov 05 '18 at 09:52
7

(timeout 1 bash -c '</dev/tcp/www.google.com/444 && echo PORT OPEN || echo PORT CLOSED') 2>/dev/null prints nothing for me. (timeout 1 bash -c '</dev/tcp/www.google.com/444' && echo PORT OPEN || echo PORT CLOSED) 2>/dev/null worked as expected (prints PORT CLOSED). Note the location of the '. – thecarpy Nov 07 '18 at 09:21
what you get on bash -c '</dev/tcp/kafka01/6667' – yael Nov 07 '18 at 10:45
then echo $? ( if 0 then port is open ,) – yael Nov 07 '18 at 10:46
IIRC this bash feature used to be disabled in Debian some time ago. It's a neat trick but doesn't always work. – AnonymousLurker Nov 27 '18 at 09:50
Both in2nix4life and thecarpy versions work. It doesn't matter where the ' is – lobi Feb 07 '20 at 19:22
This worked great -- well it didn't print "PORT CLOSED" when it's closed but it does print "PORT OPEN" when it's open. Running on a dockerized Centos7 box. Anyway, exactly what I needed since telnet and nc were unavailable – Kasapo Nov 17 '21 at 18:01

score 35 · Answer 3 · edited Dec 26 '23 at 18:06

35

'curl' can make life easier. No root require ; curl is readily available on all the Linux systems:

If port is not open will show below output

[niti@SourceServerName ~]$ curl -vv telnet://DestinationServerName:80

About to connect() to DestinationServerName port 80 (#0)
Trying 192.168.0.100...

If port is open will show below output

[niti@SourceServerName ~]$ curl -vv telnet://DestinationServerName:443

About to connect() to DestinationServerName port 443 (#0)
Trying 192.168.0.100...
Connected to DestinationServerName (192.168.0.100) port 443 (#0)

Ctrl + C to exit.

edited Dec 26 '23 at 18:06

Pablo A

2,712

answered Jan 22 '20 at 09:14

Niti

589

1

Why the extra v in "-vv"? I have not found any documentation that it does anything. Also, curl shows messages like "Connection refused" and "Could not resolve host" in regular (non-verbose) mode. – Derek Bennett Jul 01 '20 at 16:14
1

Good news: this also works out of the box in Windows 10 now. – Amit Naidu May 09 '22 at 23:07
this was the easiest and simplest for me. In my experience, for VMs behind k8s clusters it is not possible to install missing tools eg., telnet, nc etc., so curl came in quite handy. thank you! – mkumar118 Dec 01 '22 at 12:20
Curl is absolutely not available on all linux systems, though it is available on most desktop distributions. – mc0e Oct 26 '23 at 15:38

score 28 · Answer 4 · edited Nov 05 '18 at 12:23

28

The gold standard is undoubtedly nmap (nmap.org), but it typically requires root for “best results”. However, standalone binaries are available and it is possible to run it as an unprivileged user, just with degraded capabilities. For example, instead of a stealth syn scan (-sS), it falls back to a standard TCP connect scan (-sT). This is functionally equivalent to netcat, but with the nice multi-host, sped-up capabilities that it has.

An example:

not-root$ nmap -sT google.com
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-04 21:01 GMT
Nmap scan report for google.com (172.217.23.14)
Host is up (0.12s latency).
rDNS record for 172.217.23.14: lhr35s01-in-f14.1e100.net
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

edited Nov 05 '18 at 12:23

crater2150

3,946

answered Nov 04 '18 at 21:04

Landak

364

3

in most organizations nmap is considered as a scaning tool and one can not use nmap without proper authorization. Also if it is an EC2 instance, authorization required from AWS as well. – al mamun Nov 06 '18 at 20:52
1

do you really think a system where telnet isn't allowed would allow nmap? – Sascha Rambeaud Apr 15 '20 at 09:37

score 8 · Answer 5 · edited Nov 28 '19 at 11:21

If Perl is an option, you can use its IO::Socket module to test a connection to a particular host and port; the script below hard-codes TCP as the protocol (which is what telnet would use):

#!/usr/bin/perl -w

# tries to connect to the given IP and port (tcp)

use strict;
use IO::Socket;

my $desthost = shift or die "Usage: $0 host port\n";
my $destport = shift or die "Usage: $0 host port\n";

gethostbyname($desthost) || die "Invalid host given\n";

my $handle = IO::Socket::INET->new(
        PeerAddr => $desthost,
        PeerPort => $destport,
        Proto    => 'tcp')
    or die "can't connect to $desthost:$destport: $!\n";
close $handle;
print "Success!\n"

Sample output from a closed port:

$ ./above-script kafka02 6667
can't connect to kafka02:6667: Connection refused

Sample output from an open port:

$ ./above-script kafka02 4200
Success!

score 4 · Answer 6 · answered Feb 03 '22 at 21:07

4

openssl s_client -connect host:port

answered Feb 03 '22 at 21:07

fliX

141

score 3 · Answer 7 · edited Jan 22 '20 at 13:23

3

Device file /dev/tcp and /dev/udp can be used instead of telnet. Example: echo 0 > /dev/tcp/103.64.35.86/6667 . Then check the exit status using echo $? . If exit status is 0 then the port is open. If exit status is non-zero then the port is closed. For checking udp packets, use echo 0 > /dev/udp/103.64.35.86/6667 .

edited Jan 22 '20 at 13:23

Jeff Schaller

67,283
35
116
255

answered Nov 06 '18 at 20:47

al mamun

123

in my redhat 7 under /dev/ , we not have tcp – yael Nov 07 '18 at 10:47
ls /dev/tcp/ ls: cannot access /dev/tcp/: No such file or directory – yael Nov 07 '18 at 10:48
on which OS you test it? – yael Nov 07 '18 at 10:49
@yael, you will not get /dev/tcp or /dev/udp while ls. try the exact same command on your shell and you will get the result. by the way, I frequently use it on RHEL6,7 – al mamun Nov 07 '18 at 15:29

score 2 · Answer 8 · answered Feb 27 '20 at 15:10

I found fast and simple this way, throgh Python interpreter (from https://serverfault.com/a/500062/168647):

[gryphius@ut ~]$ python
Python 2.6.6 (r266:84292, Feb 22 2013, 00:00:18) 
[GCC 4.4.7 20120313 (Red Hat 4.4.7-3)] on linux2                                                                                                                                                                                                                               
Type "help", "copyright", "credits" or "license" for more information.                                                                                                                                                                                                         
>>> import socket                                                                                                                                                                                                                                                              
>>> conn=socket.create_connection(('gmail-smtp-in.l.google.com',25))

If that didn't throw an error so far the connection is ok.

score 1 · Answer 9 · answered Nov 27 '18 at 09:31

1

ss -lt

this is another command you can use.

answered Nov 27 '18 at 09:31

Dileep Jayasundara

231

1

It works only for local machine, I believe that question is about checking the open ports of a remote host. – Alex Baranowski Nov 27 '19 at 19:45

What are the alternatives for checking open ports, besides telnet?

9 Answers9