Test TCP and UDP connections in Linux for firewalls

I am constantly having to check firewall rules for sevices I have not yet setup.  In this post I will reference the client (Source address) and server (Destination address).

Checking TCP

Server:

Open a tcp port with netcat so for example to open port 80 tcp I would use:

nc -l 80

Client:

Check the tcp port with telnet so to connect to port 80:

telnet destination_ip 80

Checking UDP

To open a udp (destination)listener on port 80 you would use the following command:

nc -lu 80

To Connect to your destination udp on port 80 use the following command from your source:

nc -zu destination_ip 80

Netcat fun

Netcat (nc) can also be used for a lot of other purposes.  It can also be used as a very fast basic port scanner:

To scan a range of UDP ports 80-4000

nc -zu destination_ip 80-4000

In order to get more information, you can add v, for more verbose, add another v

nc -vvzu destination_ip 80-4000

To scan a range of TCP ports 80-4000

nc -z destination_ip 80-4000

2 Replies to “Test TCP and UDP connections in Linux for firewalls”

  1. Hi Joseph,

    i’m investigating about how i can test if a port udp is closed or opened up with netcat, and reviewing the man pages of this awesome command can found this line:

    UDP port scans will always succeed (i.e. report the port as open), rendering the -uz combination of flags relatively useless.

    You can test anyway with “-z” flag but without “u”,

    thanks for this post, that make me see the light 😉
    regards!

  2. Jose,

    Thanks for the update. You are correct. Testing UDP is really a pain honestly. Now testing TCP that’s easy. It’s the nature of the protocols. I need to figure out some tests for multicast 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.