在日常运维工作中,经常会需要检查本机或者其他服务器的端口开放情况,虽然自己本身也会几个基本的查看端口连通性的命令,但是也会遇到某些服务器上面没有安装自己会的工具,所以收集了一些可以用来检测端口连通性的命令工具。
查看本机监听端口
netstat
安装:yum -y install net-tools
使用:netstat -nplt
[zero@hopetree ~]$ netstat -nplt
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5700 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6789 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:9527 0.0.0.0:* LISTEN -
tcp6 0 0 :::8888 :::* LISTEN -
tcp6 0 0 ::1:25 :::* LISTEN -
tcp6 0 0 :::5700 :::* LISTEN -
tcp6 0 0 :::6789 :::* LISTEN -
tcp6 0 0 :::8080 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
ss
ss 命令是 netstat 命令的替代品,而且更加优秀。ss 执行的时候消耗资源以及消耗的时间都比netstat少很多。ss 的优势在于它能够显示更多更详细的有关 TCP 和连接状态的信息,而且比 netstat 更快速更高效。
使用: ss -nplt
[zero@hopetree ~]$ ss -nplt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:8888 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 *:5700 *:*
LISTEN 0 128 *:6789 *:*
LISTEN 0 128 *:8080 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:9527 *:*
LISTEN 0 128 [::]:8888 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:5700 [::]:*
LISTEN 0 128 [::]:6789 [::]:*
LISTEN 0 128 [::]:8080 [::]:*
LISTEN 0 128 [::]:80 [::]:*
检查服务器端口连通性
telnet
telnet 在windows电脑不可用的时候需要开启服务,具体方式参考:Windows10系统开启telnet功能
安装:yum install -y telnet-server & yum install -y telnet
使用:telnet ip port
端口通的回显:
[root@hopetree zero]# telnet 172.17.120.246 443
Trying 172.17.120.246...
Connected to 172.17.120.246.
Escape character is '^]'.
端口不通的回显:
[root@hopetree zero]# telnet 172.17.120.246 1234
Trying 172.17.120.246...
telnet: connect to address 172.17.120.246: Connection refused
ssh
ssh 命令一般用于登录服务器,也可以作为端口连通性的检查。
使用:ssh -v -p port ip
端口通的回显(关键信息是 debug1: Connection established.):
[root@hopetree zero]# ssh -v -p 443 172.17.120.246
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 172.17.120.246 [172.17.120.246] port 443.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request
端口不通的回显:
[root@hopetree zero]# ssh -v -p 1234 172.17.120.246
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 172.17.120.246 [172.17.120.246] port 1234.
debug1: connect to address 172.17.120.246 port 1234: Connection refused
ssh: connect to host 172.17.120.246 port 1234: Connection refused
curl
curl 一般情况下用来进行请求,实际上也可以检测端口是否能通.
使用:curl ip:port
端口通的回显
[zero@hopetree ~]$ curl 172.17.120.246:443
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
端口不通的回显:
[zero@hopetree ~]$ curl 172.17.120.246:1234
curl: (7) Failed connect to 172.17.120.246:1234; Connection refused
wget
安装:yum install -y wget
使用 :wget ip:port
端口通的回显:
[zero@hopetree ~]$ wget 172.17.120.246:443
--2022-04-13 14:35:48-- http://172.17.120.246:443/
Connecting to 172.17.120.246:443... connected.
HTTP request sent, awaiting response... 400 Bad Request
2022-04-13 14:35:48 ERROR 400: Bad Request.
端口不通的回显:
[zero@hopetree ~]$ wget 172.17.120.246:1234
--2022-04-13 14:36:29-- http://172.17.120.246:1234/
Connecting to 172.17.120.246:1234... failed: Connection refused.
nc
nc命令 全称netcat,用于设置路由器。它能通过 TCP 和 UDP 在网络中读写数据。通过与其他工具结合和重定向,你可以在脚本中以多种方式使用它。使用 netcat 命令所能完成的事情令人惊讶。
安装:yum install -y nc
使用:nc -vz ip port
端口通的回显:
[zero@hopetree ~]$ nc -vz 172.17.120.246 443
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 172.17.120.246:443.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
端口不通的回显:
[zero@hopetree ~]$ nc -vz 172.17.120.246 1234
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection refused.
nmap
安装:yum install -y nmap
使用:nmap -p port ip
端口通的回显:
[zero@hopetree ~]$ nmap -p 443 172.17.120.246
Starting Nmap 6.40 ( http://nmap.org ) at 2022-04-13 14:46 CST
Nmap scan report for iZwz91obh1cwf52kgsc0fgZ (172.17.120.246)
Host is up (0.000054s latency).
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
端口不通的回显:
[zero@hopetree ~]$ nmap -p 1234 172.17.120.246
Starting Nmap 6.40 ( http://nmap.org ) at 2022-04-13 14:46 CST
Nmap scan report for iZwz91obh1cwf52kgsc0fgZ (172.17.120.246)
Host is up (0.000066s latency).
PORT STATE SERVICE
1234/tcp closed hotline
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
版权声明:如无特殊说明,文章均为本站原创,转载请注明出处
本文链接:https://tendcode.com/subject/article/port-check/
许可协议:署名-非商业性使用 4.0 国际许可协议
能不能行? 
yy
15 楼 - 1 年,4月前
好