有时我们的服务程序采用udp与客户端进行通讯,但是总是接收不到客户端的请求,或者客户端总是接收不到服务器的响应,这个时候,我们需要确认时网络不通导致的,还是我们的服务程序故障引起的,特别是服务程序对应的网络端口状态是否正常,这个时候,我们就可以借助于linux环境下的nc命令进行辅助分析了。
1. nc命令帮助输出
# nc -help
Ncat 7.50 ( https://nmap.org/ncat )
Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds. Append 'ms' for milliseconds,
's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).
-4 Use IPv4 only
-6 Use IPv6 only
-U, --unixsock Use Unix domain sockets only
-C, --crlf Use CRLF for EOL sequence
-c, --sh-exec <command> Executes the given command via /bin/sh
-e, --exec <command> Executes the given command
--lua-exec <filename> Executes the given Lua script
-g hop1[,hop2,...] Loose source routing hop points (8 max)
-G <n> Loose source routing hop pointer (4, 8, 12, ...)
-m, --max-conns <n> Maximum <n> simultaneous connections
-h, --help Display this help screen
-d, --delay <time> Wait between read/writes
-o, --output <filename> Dump session data to a file
-x, --hex-dump <filename> Dump session data as hex to a file
-i, --idle-timeout <time> Idle read/write timeout
-p, --source-port port Specify source port to use
-s, --source addr Specify source address to use (doesn't affect -l)
-l, --listen Bind and listen for incoming connections
-k, --keep-open Accept multiple connections in listen mode
-n, --nodns Do not resolve hostnames via DNS
-t, --telnet Answer Telnet negotiations
-u, --udp Use UDP instead of default TCP
--sctp Use SCTP instead of default TCP
-v, --verbose Set verbosity level (can be used several times)
-w, --wait <time> Connect timeout
-z Zero-I/O mode, report connection status only
--append-output Append rather than clobber specified output files
--send-only Only send data, ignoring received; quit on EOF
--recv-only Only receive data, never send anything
--allow Allow only given hosts to connect to Ncat
--allowfile A file of hosts allowed to connect to Ncat
--deny Deny given hosts from connecting to Ncat
--denyfile A file of hosts denied from connecting to Ncat
--broker Enable Ncat's connection brokering mode
--chat Start a simple Ncat chat server
--proxy <addr[:port]> Specify address of host to proxy through
--proxy-type <type> Specify proxy type ("http" or "socks4" or "socks5")
--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server
--ssl Connect or listen with SSL
--ssl-cert Specify SSL certificate file (PEM) for listening
--ssl-key Specify SSL private key (PEM) for listening
--ssl-verify Verify trust and domain name of certificates
--ssl-trustfile PEM file containing trusted SSL certificates
--ssl-ciphers Cipherlist containing SSL ciphers to use
--version Display Ncat's version information and exit
See the ncat(1) manpage for full options, descriptions and usage examples
2. 使用nc命令检测udp端口(正常端口)
# nc -uzv 192.168.0.180 1812
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.0.180:1812.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.02 seconds.
#下面这样写也是一样的
# nc -u -z -v 192.168.0.180 1812
可以看到这里检测结果是,udp包发送成功,发送了一个字节,没有收到数据。
这里的参数-u 表示udp协议。
-z表示不进行io,只报告连接状态,测试一次连接后,就退出了,不发送数据。
-v表示显示详细信息
3. 使用nc命令检测udp端口(没有开启的端口)
# nc -uzv 192.168.0.180 1813
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.0.180:1813.
Ncat: Connection refused.
#下面这样写也是一样的
# nc -u -z -v 192.168.0.180 1813
可以看到这里的结果,连接被拒绝。说明端口没有开启或者是网络不通。
4. 开启一个到udp端口的会话,可以持续发送消息
ncat -uv 192.168.0.180 1812
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.0.180:1812.
5. 最简单的方式,只需要指定一个协议参数
# ncat -u 192.168.0.180 1812