Testing ports without telnet or nc

Ever hop onto a server where the network admin may have been a bit over-caffeinated when they were locking down the firewall? What if they also locked down egress along with ingress? They want you to prove you cannot connect outbound, but you cannot even install ‘telnet’ or ‘nc’ since yum/apt can’t get outbound. While that is proof in and of itself, what if you needed something more for some reason?

Assuming you have root access and ‘telnet’ or ‘nc’ is not installed, you can use the bash networking features (see REDIRECTION man page). The example below shows connections that succeed since they return instantly:

[root@web01 ~]# echo > /dev/tcp/1.1.1.1/80
[root@web01 ~]# echo > /dev/tcp/1.1.1.1/443
[root@web01 ~]# echo > /dev/tcp/google.com/443
[root@web01 ~]#

You can tell the connection failed as the command will hang or return an error about ‘connection refused’.

Another way around this is to use curl if it is available. Below is an example for checking if you can connect to port 25 on the remote server:

[root@web01 ~]# curl -v telnet://1.1.1.1:25
* About to connect() to 1.1.1.1 port 25 (#0)
*   Trying 1.1.1.1...
* Connected to 1.1.1.1 (1.1.1.1) port 25 (#0)