Check TCP/UDP port with netcat

netcat, usually abbreviated in nc, is a network tool able to reads and writes data across network connections using TCP or UDP protocol. It’s a feature-rich tool, that every admin should know.

Check TCP port

nc -zv 80
Connection to 80 port [tcp/http] succeeded!

Check UDP port

nc -zuv 123
Connection to 123 port [udp/ntp] succeeded!

Not that contrary to TCP, UDP is a connectionless protocol. In theory if an UDP port is formally “closed” (for example via an iptables REJECT rule) the destination host should respond with an ICMP Port unreachable packet. But a lot of firewall simply silently drop the message, resulting in a wrong ‘succeed’ result.

Scan a range of ports

To find all the open ports in a given range:

nc -zv 1-500 2>&1 | grep succeeded
Connection to 21 port [tcp/ftp] succeeded!
Connection to 22 port [tcp/ssh] succeeded!
Connection to 80 port [tcp/http] succeeded!

To run a pseudo-server on a given port

nc -l -p 3873