在日常运维工作中,经常会需要检查本机或者其他服务器的端口开放情况,虽然自己本身也会几个基本的查看端口连通性的命令,但是也会遇到某些服务器上面没有安装自己会的工具,所以收集了一些可以用来检测端口连通性的命令工具。
查看本机监听端口
netstat
安装:yum -y install net-tools
使用:netstat -nplt
[zero@hopetree ~]$ netstat -nplt (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:5700 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:6789 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:9527 0.0.0.0:* LISTEN - tcp6 0 0 :::8888 :::* LISTEN - tcp6 0 0 ::1:25 :::* LISTEN - tcp6 0 0 :::5700 :::* LISTEN - tcp6 0 0 :::6789 :::* LISTEN - tcp6 0 0 :::8080 :::* LISTEN - tcp6 0 0 :::80 :::* LISTEN -
ss
ss 命令是 netstat 命令的替代品,而且更加优秀。ss 执行的时候消耗资源以及消耗的时间都比netstat少很多。ss 的优势在于它能够显示更多更详细的有关 TCP 和连接状态的信息,而且比 netstat 更快速更高效。
使用: ss -nplt
[zero@hopetree ~]$ ss -nplt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:8888 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 *:443 *:* LISTEN 0 128 *:5700 *:* LISTEN 0 128 *:6789 *:* LISTEN 0 128 *:8080 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 *:9527 *:* LISTEN 0 128 [::]:8888 [::]:* LISTEN 0 100 [::1]:25 [::]:* LISTEN 0 128 [::]:5700 [::]:* LISTEN 0 128 [::]:6789 [::]:* LISTEN 0 128 [::]:8080 [::]:* LISTEN 0 128 [::]:80 [::]:*
检查服务器端口连通性
telnet
telnet 在windows电脑不可用的时候需要开启服务,具体方式参考:Windows10系统开启telnet功能
安装:yum install -y telnet-server & yum install -y telnet
使用:telnet ip port
端口通的回显:
[root@hopetree zero]# telnet 172.17.120.246 443 Trying 172.17.120.246... Connected to 172.17.120.246. Escape character is '^]'.
端口不通的回显:
[root@hopetree zero]# telnet 172.17.120.246 1234 Trying 172.17.120.246... telnet: connect to address 172.17.120.246: Connection refused
ssh
ssh 命令一般用于登录服务器,也可以作为端口连通性的检查。
使用:ssh -v -p port ip
端口通的回显(关键信息是 debug1: Connection established.):
[root@hopetree zero]# ssh -v -p 443 172.17.120.246 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to 172.17.120.246 [172.17.120.246] port 443. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request
端口不通的回显:
[root@hopetree zero]# ssh -v -p 1234 172.17.120.246 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to 172.17.120.246 [172.17.120.246] port 1234. debug1: connect to address 172.17.120.246 port 1234: Connection refused ssh: connect to host 172.17.120.246 port 1234: Connection refused
curl
curl 一般情况下用来进行请求,实际上也可以检测端口是否能通.
使用:curl ip:port
端口通的回显
[zero@hopetree ~]$ curl 172.17.120.246:443 <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx/1.20.1</center> </body> </html>
端口不通的回显:
[zero@hopetree ~]$ curl 172.17.120.246:1234 curl: (7) Failed connect to 172.17.120.246:1234; Connection refused
wget
安装:yum install -y wget
使用 :wget ip:port
端口通的回显:
[zero@hopetree ~]$ wget 172.17.120.246:443 --2022-04-13 14:35:48-- http://172.17.120.246:443/ Connecting to 172.17.120.246:443... connected. HTTP request sent, awaiting response... 400 Bad Request 2022-04-13 14:35:48 ERROR 400: Bad Request.
端口不通的回显:
[zero@hopetree ~]$ wget 172.17.120.246:1234 --2022-04-13 14:36:29-- http://172.17.120.246:1234/ Connecting to 172.17.120.246:1234... failed: Connection refused.
nc
nc命令 全称netcat,用于设置路由器。它能通过 TCP 和 UDP 在网络中读写数据。通过与其他工具结合和重定向,你可以在脚本中以多种方式使用它。使用 netcat 命令所能完成的事情令人惊讶。
安装:yum install -y nc
使用:nc -vz ip port
端口通的回显:
[zero@hopetree ~]$ nc -vz 172.17.120.246 443 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 172.17.120.246:443. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
端口不通的回显:
[zero@hopetree ~]$ nc -vz 172.17.120.246 1234 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connection refused.
nmap
安装:yum install -y nmap
使用:nmap -p port ip
端口通的回显:
[zero@hopetree ~]$ nmap -p 443 172.17.120.246 Starting Nmap 6.40 ( http://nmap.org ) at 2022-04-13 14:46 CST Nmap scan report for iZwz91obh1cwf52kgsc0fgZ (172.17.120.246) Host is up (0.000054s latency). PORT STATE SERVICE 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
端口不通的回显:
[zero@hopetree ~]$ nmap -p 1234 172.17.120.246 Starting Nmap 6.40 ( http://nmap.org ) at 2022-04-13 14:46 CST Nmap scan report for iZwz91obh1cwf52kgsc0fgZ (172.17.120.246) Host is up (0.000066s latency). PORT STATE SERVICE 1234/tcp closed hotline Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
版权声明:如无特殊说明,文章均为本站原创,转载请注明出处
本文链接:https://tendcode.com/article/port-check/
许可协议:署名-非商业性使用 4.0 国际许可协议
1037083830
3 楼 - 3 周,5天前