commandlinefu.com is the place to record those command-line gems that you return to again and again.
You can sign-in using OpenID credentials, or register a traditional username and password.
Subscribe to the feed for:
you can use a pair of commands to test firewalls.
1st launch this command at destination machine
ncat -l [-u] [port] | cat
then use this command at source machine to test remote port
echo foo | ncat [-u] [ip address] [port]
First command will listen at specified port.
It will listen TCP. If you use -u option will listen UDP.
Second command will send "foo" through ncat and will reach defined IP and port.
Change the IP address from 127.0.0.1 to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings.
It really disables all ICMP responses not only the ping one.
If you want to enable it you can use:
sudo -s "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all"
Using netcat, usuallly installed on debian/ubuntu.
Also to test against a sample server the following two commands may help
echo got milk? | netcat -l -p 25
python -c "import SocketServer; SocketServer.BaseRequestHandler.handle = lambda self: self.request.send('got milk?\n'); SocketServer.TCPServer(('0.0.0.0', 25), SocketServer.BaseRequestHandler).serve_forever()"
this command will send a message to the socket 25 on host 192.168.1.2 in tcp.
works on udp and icmp
understand only IP address, not hostname.
on the other side (192.168.1.2), you can listen to this socket and test if you receive the message.
easy to diagnose a firewall problem or not.