目录
使用nc命令可以探测目标主机的端口。但是在Centos 6 和 CentOS 7中这个命令的使用有所不同,甚至可以说功能已经不同,下面分别是CentOS 6 和 CentOS 7中对nc命令的解释:
CentOS 6:nc - arbitrary TCP and UDP connections and listens
CentOS 7:ncat - Concatenate and redirect sockets
CentOS 6 中nc命令的使用
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# nc -h usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port] [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version] [-x proxy_address[:port]] [hostname] [port[s]] Command Summary: -4 Use IPv4 -6 Use IPv6 -D Enable the debug socket option -d Detach from stdin -h This help text -i secs Delay interval for lines sent, ports scanned -k Keep inbound sockets open for multiple connects -l Listen mode, for inbound connects -n Suppress name/port resolutions -p port Specify local port for remote connects -r Randomize remote ports -S Enable the TCP MD5 signature option -s addr Local source address -T ToS Set IP Type of Service -C Send CRLF as line-ending -t Answer TELNET negotiation -U Use UNIX domain socket -u UDP mode -v Verbose -w secs Timeout for connects and final net reads -X proto Proxy protocol: "4", "5" (SOCKS) or "connect" -x addr[:port] Specify proxy address and port -z Zero-I/O mode [used for scanning] Port numbers can be individual or ranges: lo-hi [inclusive] |
参数说明:
- -h 在线帮助。
- -i<延迟秒数> 设置时间间隔,以便传送信息及扫描通信端口。
- -l 使用监听模式,管控传入的资料。
- -n 直接使用IP地址,而不通过域名服务器。
- -o<输出文件> 指定文件名称,把往来传输的数据以16进制字码倾倒成该文件保存。
- -p<通信端口> 设置本地主机使用的通信端口。
- -r 随机指定本地与远端主机的通信端口。
- -s<来源位址> 设置本地主机送出数据包的IP地址。
- -u 使用UDP传输协议。
- -v 显示指令执行过程。
- -w<超时秒数> 设置等待连线的时间。
- -z 使用0输入/输出模式,只在扫描通信端口时使用。
示例
1.扫描TCP端口,端口范围是 20-2000
| 1 2 3 |
# nc -rz -w 2 10.252.32.122 20-2000 Connection to 10.252.32.122 111 port [tcp/sunrpc] succeeded! Connection to 10.252.32.122 22 port [tcp/ssh] succeeded! |
2.扫描UDP端口,端口范围是 20-2000
| 1 |
# nc -z -u -w 2 10.252.32.122 20-2000 |
3.扫描指定端口,扫描 111端口
| 1 2 |
# nc -nvv -w 2 10.252.32.122 111 Connection to 10.252.32.122 111 port [tcp/*] succeeded! |
CentOS 7 中nc命令的使用
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# nc -h Ncat 6.40 ( http://nmap.org/ncat ) Usage: ncat [options] [hostname] [port] Options taking a time assume seconds. Append 'ms' for milliseconds, 's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms). -4 Use IPv4 only -6 Use IPv6 only -U, --unixsock Use Unix domain sockets only -C, --crlf Use CRLF for EOL sequence -c, --sh-exec <command> Executes the given command via /bin/sh -e, --exec <command> Executes the given command --lua-exec <filename> Executes the given Lua script -g hop1[,hop2,...] Loose source routing hop points (8 max) -G <n> Loose source routing hop pointer (4, 8, 12, ...) -m, --max-conns <n> Maximum <n> simultaneous connections -h, --help Display this help screen -d, --delay <time> Wait between read/writes -o, --output <filename> Dump session data to a file -x, --hex-dump <filename> Dump session data as hex to a file -i, --idle-timeout <time> Idle read/write timeout -p, --source-port port Specify source port to use -s, --source addr Specify source address to use (doesn't affect -l) -l, --listen Bind and listen for incoming connections -k, --keep-open Accept multiple connections in listen mode -n, --nodns Do not resolve hostnames via DNS -t, --telnet Answer Telnet negotiations -u, --udp Use UDP instead of default TCP --sctp Use SCTP instead of default TCP -v, --verbose Set verbosity level (can be used several times) -w, --wait <time> Connect timeout --append-output Append rather than clobber specified output files --send-only Only send data, ignoring received; quit on EOF --recv-only Only receive data, never send anything --allow Allow only given hosts to connect to Ncat --allowfile A file of hosts allowed to connect to Ncat --deny Deny given hosts from connecting to Ncat --denyfile A file of hosts denied from connecting to Ncat --broker Enable Ncat's connection brokering mode --chat Start a simple Ncat chat server --proxy <addr[:port]> Specify address of host to proxy through --proxy-type <type> Specify proxy type ("http" or "socks4") --proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server --ssl Connect or listen with SSL --ssl-cert Specify SSL certificate file (PEM) for listening --ssl-key Specify SSL private key (PEM) for listening --ssl-verify Verify trust and domain name of certificates --ssl-trustfile PEM file containing trusted SSL certificates --version Display Ncat's version information and exit See the ncat(1) manpage for full options, descriptions and usage examples |
可以看到centos 6中nc 原有的 -r,-z选项在centos 7中都已经没有了,那么如何测试端口连通性呢?可以使用如下格式来测试端口的连通性
| 1 |
nc -w 1 IP地址 端口 < /dev/null && echo "tcp port ok" |
示例
tcp端口测试
| 1 2 3 4 |
# nc 10.252.35.37 111 < /dev/null && echo "tcp port ok" tcp port ok # nc 10.252.35.37 21 < /dev/null && echo "tcp port ok" Ncat: Connection refused. |
参考: