In this post, we will look at tools to test remote connectivity in Linux. With increasing usage of firewalls, server hardening due to cyber attacks, it becomes important to determine appropriate connectivity between two hots. Note that, we are looking for connectivity tests w.r.t. server systems such as databases, application servers etc.
Organizations having multiple datacenters, systems running in private / public clouds, accessing vendor partner systems, its important to have a know how to determine if the a system is able to connect to a remote system or not.
Note that our focus will be on covering out of the box tools in Linux and not any custom built tools by 3rd party.
So, let’s get down to it.
$ ping -c 5 www.example.com PING www.example.com (220.127.116.11): 56 data bytes 64 bytes from 18.104.22.168: icmp_seq=0 ttl=56 time=11.632 ms 64 bytes from 22.214.171.124: icmp_seq=1 ttl=56 time=11.726 ms 64 bytes from 126.96.36.199: icmp_seq=2 ttl=56 time=10.683 ms 64 bytes from 188.8.131.52: icmp_seq=3 ttl=56 time=9.674 ms 64 bytes from 184.108.40.206: icmp_seq=4 ttl=56 time=11.127 ms --- www.example.com ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 9.674/10.968/11.726/0.748 ms
- The issue with ping is that it does not test TCP connectivity to a particular port. It was designed in mind when there used to be no firwalls or restriction between 2 hosts. But in modern world, ICMP traffic is usually restricted. So its possible that there exists a valid connectvity between two hosts at a particular port while ping command shows unreachable.
Telnet is another utility which has been widely used in history to test connectivity between hosts at a specific port. For ex,
if we want to test the connectivty at IP 220.127.116.11 at port 443, we can simply do
$ ~ telnet 18.104.22.168 443 Trying 22.214.171.124... Connected to maa05s01-in-f14.1e100.net. Escape character is '^]'.
- The issue with telnet is that it transfer everything in plaintext. So if you type a password in it, it will be transferred without encryption. Due to this reason, many popular flavors of Linux such as Fedora, CentOS and RHEL do not include this utility anymore in standard Linux distribution. It can be installed manually through
yum install telnetthough.
Netcat or nc is by far the most currently popular tool right now. It is very powerful as it allows you to even setup your own server and is generally referred to as swiss army knife.
Taking the same above example,
$ ~ nc -v 126.96.36.199 443 found 0 associations found 1 connections: 1: flags=82<CONNECTED,PREFERRED> outif en0 src 192.168.1.96 port 55004 dst 188.8.131.52 port 443 rank info not available TCP aux info available
It can do port scanning
It can test out UDP ports too
curl is the best tool if you are dealing with HTTP / HTTPS traffic.
$ ~ curl -k https://184.108.40.206 <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML>
-k option is used to skip SSL check.
Using verbose option (-vvv) can give you much more information about HTTP version, headers and TLS version.
$ ~ curl -vvv -k https://220.127.116.11 * Rebuilt URL to: https://18.104.22.168/ * Trying 22.214.171.124... * TCP_NODELAY set * Connected to 126.96.36.199 (188.8.131.52) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=*.google.com * start date: Apr 7 09:27:14 2020 GMT * expire date: Jun 30 09:27:14 2020 GMT * issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7fb685003c00) > GET / HTTP/2 > Host: 184.108.40.206 > User-Agent: curl/7.54.0 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 301 < location: http://www.google.com/ < content-type: text/html; charset=UTF-8 < date: Fri, 01 May 2020 14:27:00 GMT < expires: Sun, 31 May 2020 14:27:00 GMT < cache-control: public, max-age=2592000 < server: gws < content-length: 219 < x-xss-protection: 0 < x-frame-options: SAMEORIGIN < alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML> * Connection #0 to host 220.127.116.11 left intact
netstat is another one of mine favourite tools. Though, it doesn’t allow you to test the connectivity with the new host, its the best tool if you want to view the list of already connected hosts.
# ~ netstat -tun Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.33.128.63:36352 10.12.24.223:9092 ESTABLISHED tcp 0 0 10.33.128.63:22 172.29.124.150:63515 ESTABLISHED tcp 0 0 10.33.128.63:55638 10.12.38.199:9997 TIME_WAIT tcp 0 0 10.33.128.63:45938 10.36.66.150:5000 ESTABLISHED tcp 0 0 10.33.128.63:37738 10.12.38.187:9997 TIME_WAIT tcp 0 0 10.33.128.63:44620 10.12.38.206:9997 ESTABLISHED tcp 0 0 10.33.128.63:33676 10.33.128.63:22 TIME_WAIT tcp 0 0 10.33.128.63:41616 10.12.24.222:9092 ESTABLISHED tcp 0 52 10.33.128.63:22 172.28.96.245:58173 ESTABLISHED
It also gives the state of TCP port as well (ESTABLISHED, TIME_WAIT, LISTENING)
nmap is one of the most advanced tools out of these. It might not be installed out of the box in every Linux distribution. It is considered a very advanced security tool for OS fingerprinting, port scanning.