From a bash script how can I quickly find out whether a port 445 is open/listening on a server.
如何从bash脚本快速查明端口445是否在服务器上打开/监听。
I have tried a couple of options, but I want something quick:
1. lsof -i :445 (Takes seconds)
2. netstat -an |grep 445 |grep LISTEN (Takes seconds)
3. telnet (it doesn't return)
4. nmap, netcat are not available on the server
我试过几个选择,但我想要快点:1。lsof -i:445(花费秒)2。netstat -一个|grep 445 |grep听(需要几秒钟)3。telnet(它不返回)4。nmap, netcat在服务器上不可用
It will be nice to know of a way that doesn't enumerate first and greps after that.
如果知道一种不先列举然后再列举的方法就好了。
13 个解决方案
#1
140
A surprise I found out recently is that Bash natively supports tcp connections as file descriptors. To use:
最近我发现,Bash本机支持tcp连接作为文件描述符。使用方法:
exec 6<>/dev/tcp/ip.addr.of.server/445
echo -e "GET / HTTP/1.0\n" >&6
cat <&6
I'm using 6 as the file descriptor because 0,1,2 are stdin, stdout, and stderr. 5 is sometimes used by Bash for child processes, so 3,4,6,7,8, and 9 should be safe.
我使用6作为文件描述符,因为0,1,2是stdin, stdout和stderr。Bash有时将5用于子进程,因此3、4、6、7、8和9应该是安全的。
As per the comment below, to test for listening on a local server in a script:
根据下面的评论,测试在脚本中监听本地服务器:
exec 6<>/dev/tcp/127.0.0.1/445 || echo "No one is listening!"
exec 6>&- # close output connection
exec 6<&- # close input connection
To determine if someone is listening, attempt to connect by loopback. If it fails, then the port is closed or we aren't allowed access. Afterwards, close the connection.
要确定某人是否在听,尝试通过loopback连接。如果失败,则端口被关闭,或者我们不允许访问。然后,关闭连接。
Modify this for your use case, such as sending an email, exiting the script on failure, or starting the required service.
对您的用例进行修改,例如发送电子邮件、在失败时退出脚本或启动所需的服务。
#2
93
There's a very short with "fast answer" here : How to test if remote TCP port is opened from Shell script?
这里有一个非常简短的“快速回答”:如何测试远程TCP端口是否从Shell脚本打开?
$ nc -z <host> <port>; echo $?
I use it with 127.0.0.1 as "remote" address.
我用127.0.0.1作为“远程”地址。
#3
87
You can use netstat this way for much faster results:
你可以使用netstat来获得更快的结果:
On Linux:
在Linux上:
netstat -lnt | awk '$6 == "LISTEN" && $4 ~ /\.445$/'
On Mac:
在Mac:
netstat -anp tcp | awk '$6 == "LISTEN" && $4 ~ /\.445$/'
This will output a list of processes listening on the port (445 in this example) or it will output nothing if the port is free.
这将输出监听端口的进程列表(本例中为445),或者如果端口是空闲的,则不会输出任何内容。
#4
33
You can use netcat for this.
你可以使用netcat。
nc ip port < /dev/null
connects to the server and directly closes the connection again. If netcat is not able to connect, it returns a non-zero exit code. The exit code is stored in the variable $?. As an example,
连接到服务器并再次关闭连接。如果netcat无法连接,则返回非零退出代码。退出代码存储在变量$?中。作为一个例子,
nc ip port < /dev/null; echo $?
will return 0 if and only if netcat could successfully connect to the port.
当且仅当netcat能够成功连接到端口时,将返回0。
#5
14
they're listed in /proc/net/tcp.
他们在/proc/net/tcp.上市
it's the second column, after the ":", in hex:
它是第二列,在“:”后面,在十六进制中:
> cat /proc/net/tcp
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 10863 1 ffff88020c785400 99 0 0 10 -1
1: 0100007F:0277 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 7983 1 ffff88020eb7b3c0 99 0 0 10 -1
2: 0500010A:948F 0900010A:2328 01 00000000:00000000 02:00000576 00000000 1000 0 10562454 2 ffff88010040f7c0 22 3 30 5 3
3: 0500010A:E077 5F2F7D4A:0050 01 00000000:00000000 02:00000176 00000000 1000 0 10701021 2 ffff880100474080 41 3 22 10 -1
4: 0500010A:8773 16EC97D1:0050 01 00000000:00000000 02:00000BDC 00000000 1000 0 10700849 2 ffff880104335440 57 3 18 10 -1
5: 0500010A:8772 16EC97D1:0050 01 00000000:00000000 02:00000BF5 00000000 1000 0 10698952 2 ffff88010040e440 46 3 0 10 -1
6: 0500010A:DD2C 0900010A:0016 01 00000000:00000000 02:0006E764 00000000 1000 0 9562907 2 ffff880104334740 22 3 30 5 4
7: 0500010A:AAA4 6A717D4A:0050 08 00000000:00000001 02:00000929 00000000 1000 0 10696677 2 ffff880106cc77c0 45 3 0 10 -1
so i guess one of those :50 in the third column must be * :o)
所以我猜其中一个,第三列的50肯定是*:o)
look in man 5 proc for more details. and picking that apart with sed etc is left as an exercise for the gentle reader...
更多细节,请参阅man 5 proc。把它与sed分开,作为对温柔读者的练习……
#6
10
ss -tl4 '( sport = :22 )'
2ms is quick enough ?
2ms够快吗?
Add the colon and this works on Linux
添加冒号,这在Linux上是可行的
#7
7
Based on Spencer Rathbun's answer, using bash:
根据Spencer Rathbun的回答,使用bash:
true &>/dev/null </dev/tcp/127.0.0.1/$PORT && echo open || echo closed
#8
5
nc -l 8000
Where 8000 is the port number. If the port is free, it will start a server that you can close easily. If it isn't it will throw an error:
其中8000是端口号。如果端口是空闲的,它将启动一个可以轻松关闭的服务器。如果不是,它会抛出一个错误:
nc: Address already in use
#9
4
Here's one that works for both Mac and Linux:
这里有一个适用于Mac和Linux:
netstat -aln | awk '$6 == "LISTEN" && $4 ~ "[\\.\:]445$"'
#10
4
I wanted to check if a port is open on one of our linux test servers. I was able to do that by trying to connect with telnet from my dev machine to the test server. On you dev machine try to run:
我想检查一个端口是否在我们的linux测试服务器上打开。我可以通过尝试从我的开发机器连接telnet到测试服务器来实现这一点。在您的开发机器上尝试运行:
$ telnet test2.host.com 8080
Trying 05.066.137.184...
Connected to test2.host.com
In this example I want to check if port 8080 is open on host test2.host.com
在本例中,我想检查主机test2.host.com上的端口8080是否打开
#11
1
tcping is a great tool with a very low overhead.It also has a timeout argument to make it quicker:
tcping是一个非常好的工具,开销非常低。它还有一个超时参数,以使它更快:
[root@centos_f831dfb3 ~]# tcping 10.86.151.175 22 -t 1
10.86.151.175 port 22 open.
[root@centos_f831dfb3 ~]# tcping 10.86.150.194 22 -t 1
10.86.150.194 port 22 user timeout.
[root@centos_f831dfb3 ~]# tcping 1.1.1.1 22 -t 1
1.1.1.1 port 22 closed.
#12
-1
nmap is the right tool. Simply use nmap example.com -p 80
nmap是正确的工具。简单地使用nmap example.com - p80。
You can use it from local or remote server. It also helps you identify if a firewall is blocking the access.
您可以从本地或远程服务器使用它。它还可以帮助您识别防火墙是否阻塞了访问。
#13
-3
If you're using iptables try:
如果您正在使用iptables,请尝试:
iptables -nL
or
或
iptables -nL | grep 445
#1
140
A surprise I found out recently is that Bash natively supports tcp connections as file descriptors. To use:
最近我发现,Bash本机支持tcp连接作为文件描述符。使用方法:
exec 6<>/dev/tcp/ip.addr.of.server/445
echo -e "GET / HTTP/1.0\n" >&6
cat <&6
I'm using 6 as the file descriptor because 0,1,2 are stdin, stdout, and stderr. 5 is sometimes used by Bash for child processes, so 3,4,6,7,8, and 9 should be safe.
我使用6作为文件描述符,因为0,1,2是stdin, stdout和stderr。Bash有时将5用于子进程,因此3、4、6、7、8和9应该是安全的。
As per the comment below, to test for listening on a local server in a script:
根据下面的评论,测试在脚本中监听本地服务器:
exec 6<>/dev/tcp/127.0.0.1/445 || echo "No one is listening!"
exec 6>&- # close output connection
exec 6<&- # close input connection
To determine if someone is listening, attempt to connect by loopback. If it fails, then the port is closed or we aren't allowed access. Afterwards, close the connection.
要确定某人是否在听,尝试通过loopback连接。如果失败,则端口被关闭,或者我们不允许访问。然后,关闭连接。
Modify this for your use case, such as sending an email, exiting the script on failure, or starting the required service.
对您的用例进行修改,例如发送电子邮件、在失败时退出脚本或启动所需的服务。
#2
93
There's a very short with "fast answer" here : How to test if remote TCP port is opened from Shell script?
这里有一个非常简短的“快速回答”:如何测试远程TCP端口是否从Shell脚本打开?
$ nc -z <host> <port>; echo $?
I use it with 127.0.0.1 as "remote" address.
我用127.0.0.1作为“远程”地址。
#3
87
You can use netstat this way for much faster results:
你可以使用netstat来获得更快的结果:
On Linux:
在Linux上:
netstat -lnt | awk '$6 == "LISTEN" && $4 ~ /\.445$/'
On Mac:
在Mac:
netstat -anp tcp | awk '$6 == "LISTEN" && $4 ~ /\.445$/'
This will output a list of processes listening on the port (445 in this example) or it will output nothing if the port is free.
这将输出监听端口的进程列表(本例中为445),或者如果端口是空闲的,则不会输出任何内容。
#4
33
You can use netcat for this.
你可以使用netcat。
nc ip port < /dev/null
connects to the server and directly closes the connection again. If netcat is not able to connect, it returns a non-zero exit code. The exit code is stored in the variable $?. As an example,
连接到服务器并再次关闭连接。如果netcat无法连接,则返回非零退出代码。退出代码存储在变量$?中。作为一个例子,
nc ip port < /dev/null; echo $?
will return 0 if and only if netcat could successfully connect to the port.
当且仅当netcat能够成功连接到端口时,将返回0。
#5
14
they're listed in /proc/net/tcp.
他们在/proc/net/tcp.上市
it's the second column, after the ":", in hex:
它是第二列,在“:”后面,在十六进制中:
> cat /proc/net/tcp
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 10863 1 ffff88020c785400 99 0 0 10 -1
1: 0100007F:0277 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 7983 1 ffff88020eb7b3c0 99 0 0 10 -1
2: 0500010A:948F 0900010A:2328 01 00000000:00000000 02:00000576 00000000 1000 0 10562454 2 ffff88010040f7c0 22 3 30 5 3
3: 0500010A:E077 5F2F7D4A:0050 01 00000000:00000000 02:00000176 00000000 1000 0 10701021 2 ffff880100474080 41 3 22 10 -1
4: 0500010A:8773 16EC97D1:0050 01 00000000:00000000 02:00000BDC 00000000 1000 0 10700849 2 ffff880104335440 57 3 18 10 -1
5: 0500010A:8772 16EC97D1:0050 01 00000000:00000000 02:00000BF5 00000000 1000 0 10698952 2 ffff88010040e440 46 3 0 10 -1
6: 0500010A:DD2C 0900010A:0016 01 00000000:00000000 02:0006E764 00000000 1000 0 9562907 2 ffff880104334740 22 3 30 5 4
7: 0500010A:AAA4 6A717D4A:0050 08 00000000:00000001 02:00000929 00000000 1000 0 10696677 2 ffff880106cc77c0 45 3 0 10 -1
so i guess one of those :50 in the third column must be * :o)
所以我猜其中一个,第三列的50肯定是*:o)
look in man 5 proc for more details. and picking that apart with sed etc is left as an exercise for the gentle reader...
更多细节,请参阅man 5 proc。把它与sed分开,作为对温柔读者的练习……
#6
10
ss -tl4 '( sport = :22 )'
2ms is quick enough ?
2ms够快吗?
Add the colon and this works on Linux
添加冒号,这在Linux上是可行的
#7
7
Based on Spencer Rathbun's answer, using bash:
根据Spencer Rathbun的回答,使用bash:
true &>/dev/null </dev/tcp/127.0.0.1/$PORT && echo open || echo closed
#8
5
nc -l 8000
Where 8000 is the port number. If the port is free, it will start a server that you can close easily. If it isn't it will throw an error:
其中8000是端口号。如果端口是空闲的,它将启动一个可以轻松关闭的服务器。如果不是,它会抛出一个错误:
nc: Address already in use
#9
4
Here's one that works for both Mac and Linux:
这里有一个适用于Mac和Linux:
netstat -aln | awk '$6 == "LISTEN" && $4 ~ "[\\.\:]445$"'
#10
4
I wanted to check if a port is open on one of our linux test servers. I was able to do that by trying to connect with telnet from my dev machine to the test server. On you dev machine try to run:
我想检查一个端口是否在我们的linux测试服务器上打开。我可以通过尝试从我的开发机器连接telnet到测试服务器来实现这一点。在您的开发机器上尝试运行:
$ telnet test2.host.com 8080
Trying 05.066.137.184...
Connected to test2.host.com
In this example I want to check if port 8080 is open on host test2.host.com
在本例中,我想检查主机test2.host.com上的端口8080是否打开
#11
1
tcping is a great tool with a very low overhead.It also has a timeout argument to make it quicker:
tcping是一个非常好的工具,开销非常低。它还有一个超时参数,以使它更快:
[root@centos_f831dfb3 ~]# tcping 10.86.151.175 22 -t 1
10.86.151.175 port 22 open.
[root@centos_f831dfb3 ~]# tcping 10.86.150.194 22 -t 1
10.86.150.194 port 22 user timeout.
[root@centos_f831dfb3 ~]# tcping 1.1.1.1 22 -t 1
1.1.1.1 port 22 closed.
#12
-1
nmap is the right tool. Simply use nmap example.com -p 80
nmap是正确的工具。简单地使用nmap example.com - p80。
You can use it from local or remote server. It also helps you identify if a firewall is blocking the access.
您可以从本地或远程服务器使用它。它还可以帮助您识别防火墙是否阻塞了访问。
#13
-3
If you're using iptables try:
如果您正在使用iptables,请尝试:
iptables -nL
or
或
iptables -nL | grep 445