目录
CentOS 6 中nc命令的使用
CentOS 7 中nc命令的使用
使用nc命令可以探测目标主机的端口。但是在Centos 6 和 CentOS 7中这个命令的使用有所不同,甚至可以说功能已经不同,下面分别是CentOS 6 和 CentOS 7中对nc命令的解释:
CentOS 6:nc - arbitrary TCP and UDP connections and listens
CentOS 7:ncat - Concatenate and redirect sockets
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# nc -h usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port] [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version] [-x proxy_address[:port]] [hostname] [port[s]] Command Summary: -4 Use IPv4 -6 Use IPv6 -D Enable the debug socket option -d Detach from stdin -h This help text -i secs Delay interval for lines sent, ports scanned -k Keep inbound sockets open for multiple connects -l Listen mode, for inbound connects -n Suppress name/port resolutions -p port Specify local port for remote connects -r Randomize remote ports -S Enable the TCP MD5 signature option -s addr Local source address -T ToS Set IP Type of Service -C Send CRLF as line-ending -t Answer TELNET negotiation -U Use UNIX domain socket -u UDP mode -v Verbose -w secs Timeout for connects and final net reads -X proto Proxy protocol: "4", "5" (SOCKS) or "connect" -x addr[:port] Specify proxy address and port -z Zero-I/O mode [used for scanning] Port numbers can be individual or ranges: lo-hi [inclusive] |
参数说明:
示例
1.扫描TCP端口,端口范围是 20-2000
1 2 3 |
# nc -rz -w 2 10.252.32.122 20-2000 Connection to 10.252.32.122 111 port [tcp/sunrpc] succeeded! Connection to 10.252.32.122 22 port [tcp/ssh] succeeded! |
2.扫描UDP端口,端口范围是 20-2000
1 |
# nc -z -u -w 2 10.252.32.122 20-2000 |
3.扫描指定端口,扫描 111端口
1 2 |
# nc -nvv -w 2 10.252.32.122 111 Connection to 10.252.32.122 111 port [tcp/*] succeeded! |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# nc -h Ncat 6.40 ( http://nmap.org/ncat ) Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds. Append 'ms' for milliseconds, 's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms). -4 Use IPv4 only -6 Use IPv6 only -U, --unixsock Use Unix domain sockets only -C, --crlf Use CRLF for EOL sequence -c, --sh-exec -e, --exec --lua-exec -g hop1[,hop2,...] Loose source routing hop points (8 max) -G -m, --max-conns -h, --help Display this help screen -d, --delay -o, --output -x, --hex-dump -i, --idle-timeout -p, --source-port port Specify source port to use -s, --source addr Specify source address to use (doesn't affect -l) -l, --listen Bind and listen for incoming connections -k, --keep-open Accept multiple connections in listen mode -n, --nodns Do not resolve hostnames via DNS -t, --telnet Answer Telnet negotiations -u, --udp Use UDP instead of default TCP --sctp Use SCTP instead of default TCP -v, --verbose Set verbosity level (can be used several times) -w, --wait --append-output Append rather than clobber specified output files --send-only Only send data, ignoring received; quit on EOF --recv-only Only receive data, never send anything --allow Allow only given hosts to connect to Ncat --allowfile A file of hosts allowed to connect to Ncat --deny Deny given hosts from connecting to Ncat --denyfile A file of hosts denied from connecting to Ncat --broker Enable Ncat's connection brokering mode --chat Start a simple Ncat chat server --proxy --proxy-type --proxy-auth --ssl Connect or listen with SSL --ssl-cert Specify SSL certificate file (PEM) for listening --ssl-key Specify SSL private key (PEM) for listening --ssl-verify Verify trust and domain name of certificates --ssl-trustfile PEM file containing trusted SSL certificates --version Display Ncat's version information and exit
See the ncat(1) manpage for full options, descriptions and usage examples |
可以看到centos 6中nc 原有的 -r,-z选项在centos 7中都已经没有了,那么如何测试端口连通性呢?可以使用如下格式来测试端口的连通性
1 |
nc -w 1 IP地址 端口 < /dev/null && echo "tcp port ok" |
示例
tcp端口测试
1 2 3 4 |
# nc 10.252.35.37 111 < /dev/null && echo "tcp port ok" tcp port ok # nc 10.252.35.37 21 < /dev/null && echo "tcp port ok" Ncat: Connection refused. |
参考:
https://www.cnblogs.com/panzhicheng/p/5704561.html
https://www.cnblogs.com/richerdyoung/p/8336893.html