If you’d like to check if a port is listening (e.g. typical usage in a bash script), you can use the following line:
nc -w 1 -z $IP $PORT > /dev/null 2>&1
After running this command, you can check the return code.
If $? is 0, the connection is up. If it’s 1, it’s not working.
Here a basic script that you can use if you want to connect from your local box, via a middle linux machine, to a third host.
It will also allow you to use FoxyProxy on your browser and browse the internal network of the destination box.
BOX_A <==== MIDDLE_BOX ====> BOX_B
The goal is having access from BOX_A to BOX_B via MIDDLE_BOX
MIDDLE_BOX is the only one that can talk withBOX_A and BOX_B
#!/bin/bash
#
# ==================================================== #
# Tunnel from CURRENT_HOST to DEST_HOST via MIDDLE_BOX #
# ==================================================== #
#
# The scripts connects the local port 8888
# to the SSH port on DEST_BOX via MIDDLE_BOX.
#
MIDDLE_BOX_HOST="bastion_server.localdomain.loc"
MIDDLE_BOX_USER="username"
MIDDLE_BOX_SSH_PORT="22"
DEST_BOX_HOST="destination_host.domain.com"
DEST_BOX_USER="username"
DEST_BOX_SSH_PORT="22"
LOC_PORT=8888
SOCK_PORT=9050
############################################################
CHECK_TUNS=$(ps aux | grep "[s]sh -N -f -p $MIDDLE_BOX_SSH_PORT -L$LOC_PORT:$DEST_BOX_HOST:$DEST_BOX_SSH_PORT $MIDDLE_BOX_USER@$MIDDLE_BOX_HOST" | awk '{print $2}')
N_TUNS=$(echo $CHECK_TUNS | wc -l)
create_tunnel(){
# Create a connection between localhost:$LOC_PORT to MIDDLE_BOX:SSH_PORT
# It will ask for MIDDLE_BOX's password
# -N -f keep the connection open in background executing No commands
ssh -N -f -p $MIDDLE_BOX_SSH_PORT -L$LOC_PORT:$DEST_BOX_HOST:$DEST_BOX_SSH_PORT $MIDDLE_BOX_USER@$MIDDLE_BOX_HOST
echo "Created new tunnel"
}
check_tunnel(){
nc -w 1 -z localhost $LOC_PORT > /dev/null 2>&1
}
reset_tunnel() {
for PID in $CHECK_TUNS; do
kill -9 $PID > /dev/null 2>&1
echo "Found multiple tunnels. Killed all."
done
}
# Hidden function. Add 'cleanup' as argument to close all the tunnels
[ "$1" == "cleanup" ] && reset_tunnel && exit 0
if [ $N_TUNS -eq 0 ] ; then
create_tunnel
elif [ $N_TUNS -eq 1 ] ; then
check_tunnel
if [ $? -eq 0 ] ; then
echo "Tunnel already up and running"
else
reset_tunnel
create_tunnel
fi
else
reset_tunnel
create_tunnel
fi
CHECK_SOCK=$(ps aux | grep -q "[s]sh -D$SOCK_PORT -p$LOC_PORT $DEST_BOX_USER@localhost")
if [ $? -eq 0 ] ; then
echo "Sock already created on port $SOCK_PORT - just opening SSH shell on $DEST_BOX_HOST"
ssh -p$LOC_PORT $DEST_BOX_USER@localhost
else
# This will open an SSH shell from DEST_BOX *AND* create a sock proxy on port $SOCK_PORT locally
# You can use FoxyProxy in your browser to browse the DEST_BOX's network
# Just set "localhost", dest port "$SOCK_PORT" and select "Socks Proxy"
echo "Created sock on port $SOCK_PORT and ssh'ing on $DEST_BOX_HOST"
ssh -D$SOCK_PORT -p$LOC_PORT $DEST_BOX_USER@localhost
fi
I was just looking around info about netcat and telnet, trying to understand a bit more. Well… in few words: no point to install telnet if you have netcat! 🙂 Netcat is perfect for scripting, ’cause it’s non-interactive, UDP/TCP capable, can be a listener as well… very powerful tool. Here some example.
~ $ nc -zv localhost 80 Connection to localhost 80 port [tcp/http] succeeded!
…and it closes gracefully 😉
~ $ nc -zv localhost 20-25 nc: connect to localhost port 20 (tcp) failed: Connection refused Connection to localhost 21 port [tcp/ftp] succeeded! Connection to localhost 22 port [tcp/ssh] succeeded! nc: connect to localhost port 23 (tcp) failed: Connection refused nc: connect to localhost port 24 (tcp) failed: Connection refused nc: connect to localhost port 25 (tcp) failed: Connection refused
$ nc -zv localhost 20 22 80 443 nc: connect to localhost port 20 (tcp) failed: Connection refused Connection to localhost 22 port [tcp/ssh] succeeded! Connection to localhost 80 port [tcp/http] succeeded! Connection to localhost 443 port [tcp/https] succeeded!
NOTE: If you want to grep or play with the “output” of the command, you need to use 2>&1
For example:nc -zv localhost 1-1024 <strong>2>&1</strong> | grep succeeded
(From man) Alternatively, it might be useful to know which server software is running, and which versions. This information is often contained within the greeting banners. In order to retrieve these, it is necessary to first make a connection, and then break the connection when the banner has been retrieved. This can be accomplished by specifying a small timeout with the -w flag, or perhaps by issuing a “QUIT” command to the server:
$ echo "QUIT" | nc host.example.com 20-30 SSH-1.99-OpenSSH_3.6.1p2 Protocol mismatch. 220 host.example.com IMS SMTP Receiver Version 0.84 Ready
In some cases, it’s handy to add -q 1 at the end, if nc hangs (I’ve noticed this in some cases) Like this:
$ echo "QUIT" | nc host.example.com 20-30 <strong>-q 1</strong>
On the receiver side:
$ nc -l 1234 > /tmp/file_to_receive
On the sender side:
$ cat file_to_send | nc receiver_ip_or_fqdn 1234
or
$ nc receiver_ip_or_fqdn 1234 < file_to_send
There are plenty of things that you can do. These are just simple examples… enjoy! 🙂