I'm trying to verify that a couple of our servers can communicate via certain ports before migrating some of our services to them, and that they're not blocked by our organizations firewall ACLs.
Makes Sense
[mrduki@mybox1~]$ nc -ul 40000
---
[mrduki@mybox2~]$ nc -zvuw2 mybox1.com 40000
Connection to mybox1.com 40000 port [udp/*] succeeded!
Doesn't Make Sense
[mrduki@mybox1~]$ nc -ul 40000
[mrduki@mybox1~]$ ^C
---
[mrduki@mybox2~]$ nc -zvuw2 mybox1.com 40000
Connection to mybox1.com 40000 port [udp/*] succeeded!
In fact, if I do a port scan from 40000-40100
, every single port succeeds.
If I do the same tests without -u
(so that it tests TCP instead of UDP), I get 40000 (tcp) timed out: Operation now in progress
errors, as I would expect (since I have no such TCP service listening on 40000
).
Doing a sudo netstat -alnp | grep LISTEN
on mybox1
though shows no such services listening on these ports. So what am I missing?
Best Answer
nc
may not be the best tool for testing port status. Have you triednmap
? It's actually a port scanner. I checked a file server on my home network and 127.0.0.1, both report thatUDP port 40000
is closed.nmap
Kernel + /dev
You can also use the kernel to do this like so. But
nmap
is probably better.When I tried
nc
on the same server (igor) I was getting the same results as you. But I went back to try again, and now it returning no output (no succeeded message) and wireshark is showing "Destination unreachable" being sent back over ICMP. I don't understand any of this. But I'd switch to a different method of checking UDP port status.