So, are you getting connection time out while trying to connect to some service over some port? It may be possible that the service may be UP and Running but due to firewall the port may be in-accessible. So it is a good idea to check the port connectivity between client and server node. Although if you wish to check if a port is open then you should read Check open ports in Linux | Test firewall rules
In this article we will cover different methods which can be used to test port connectivity between two or more Linux servers. We will use the term client and server multiple times in our article, client would refer to the node using which I am trying to connect target node while server is the target node.
Method-1: Use timeout utility to test port connectivity
/usr/bin/timeout
utility is available in most distributions by default so this is one of the best method to test port connectivity. So you don't have a dependency on any additional tools for this.
$ ls -l /usr/bin/timeout
-rwxr-xr-x 1 root root 43800 Sep 5 2019 /usr/bin/timeout
The timeout utility is part of coreutils package:
## On Ubuntu $ dpkg -S `which timeout` coreutils: /usr/bin/timeout ## On CentOS ~]# rpm -qf `which timeout` coreutils-8.30-8.el8.x86_64
Syntax to use timeout utility
The syntax to use timeout utility will be:
timeout <value> bash -c "</dev/tcp/<server>/<port>"
Here value
is the timeout value until which timeout utility will poll the target server
on the provided port
.
Examples to use timeout utility
For example to check for port 22 on 192.168.0.113, we will execute:
$ timeout 5 bash -c "</dev/tcp/192.168.0.113/22"
In this command, timeout will wait for 5 seconds to check the port connectivity. Once we execute the command, there is no output generated. Next check the exit status:
$ echo $?
0
Since the exit status is 0, so it means that port 22 is reachable on 192.168.0.113. We can further enhance the syntax to add some additional message for success and failure:
$ timeout 5 bash -c "</dev/tcp/192.168.0.113/22" && echo "connection success" || echo "connection failed"
connection success
Similarly let's check for a random port:
$ timeout 5 bash -c "</dev/tcp/192.168.0.113/21" && echo "connection success" || echo "connection failed" bash: connect: No route to host bash: /dev/tcp/192.168.0.113/21: No route to host connection failed
This time the connection has failed so port 21 is not reachable.
Method-2: Use nmap command to test port connectivity
nmap may not be installed by default so you can manually install it using your default package manager.
## On CentOS dnf -y install nmap ## On Ubuntu apt-get install nmap
Syntax to use nmap command
Once installed, you can use nmap using the following syntax to test port connectivity from one node to another. Replace <server>
with the target node IP or hostname and <port-no>
with the port number to be checked
nmap <server> -PN -p <port-no> | egrep 'open|closed|filtered'
Here,
-Pn Treat all hosts as online -- skip host discovery -p <port-no> Only scan the provided port open means that an application on the target machine is listening for connections/packets on that port closed ports have no application listening on them, though they could open up at any time filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.
Examples to use nmap command
Let's try to check the connectivity for a known port:
$ nmap 192.168.0.113 -Pn -p 22 | egrep -io 'open|closed|filtered'
open
As expected, the connection is OPEN.
Now, let's try to check a different port which we know is not open:
$ nmap 192.168.0.113 -Pn -p 2222 | egrep -io 'open|closed|filtered'
filtered
So port 2222
is shown as filtered which means this is not reachable on 192.168.0.113
node.
Method-3: Use telnet command to test port connectivity
telnet is our old and traditional tool used by most administrators to test port connectivity on any specific port. Now telnet may not be installed by default so you can manually install it using:
## On CentOS dnf -y install telnet ## On Ubuntu apt-get install telnet
Syntax to use telnet command
We can use the following syntax to test port connectivity using telnet
command:
telnet <server> <port>
Here,
- <server> target node to check
- <port> port number to check on <server>
Examples to use telnet command
Let's use telnet to test the connectivity of port 22 which we know is open and reachable:
# telnet 10.76.191.51 22 Trying 10.76.191.51... Connected to 10.76.191.51. Escape character is '^]'. SSH-2.0-OpenSSH_7.4 ^] <-- At this stage press Ctrl+] to get the telnet prompt telnet> close Connection closed.
If you wish to automatically exit the connection on successful attempt, then you can use following command syntax:
# echo -e '\x1dclose\x0d' | telnet 10.76.191.51 22 Trying 10.76.191.51... Connected to 10.76.191.51. Escape character is '^]'. telnet> close Connection closed.
Similarly, if we try to connect to a non-reachable port:
# telnet 10.76.191.51 12345 Trying 10.76.191.51... telnet: connect to address 10.76.191.51: Connection refused
Here we get connection has been refused so clearly port 12345 is not reachable.
Method-4: Use nc command to test port connectivity
This is my personal favourite for some reason I can't explain. May be because I can just start listening a port and transfer any file using nc command. OR May be just because I have been using this for long time now. The only drawback I see with this is that nc
is not installed by default on most Linux distributions. So you can manually install nc
using following commands:
## On CentOS dnf -y install nmap-ncat ## On Ubuntu apt-get install netcat-openbsd
Syntax to use nc command
We can use the following syntax to use nc command to test port connectivity in Linux
nc <server> <port> -v
Here,
- <server> target node to check
- <port> port number to check on <server>
Examples to use nc command
Let's jump into some example usecases to use nc
utility to test port connectivity in Linux. So, first we will check the connectivity towards port 22 on our taget server:
# nc 10.76.191.51 22 -v Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 10.76.191.51:22. SSH-2.0-OpenSSH_7.4 ^C <-- Press Ctrl+C to exit
Next let us check some other random port:
# nc 10.76.191.51 2222 -v Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connection refused.
As expected we get connection refused so this port is not reachable from our source server to 10.76.191.51
Summary
In this article we learned about different methods which can be used to test port connectivity in Linux between two or more servers. You can easily incorporate these individual commands into any script to automate the testing. Based on your environment and requirement you can choose the best tool. In most cases we prefer the tool which is installed by default on any server, in such case timeout
utility will be your best choice in my view.