文章目录
1.测试TCP和UDP端口连接状态
准备环境
| 系统 | IP | 测试端口 | 机器 | 主机名 |
|---|---|---|---|---|
| CentOS Linux | 192.168.192.11 | 主机 | node1 | |
| CentOS Linux | 192.168.192.12 | 80[TCP] 161[UDP] 3306[TCP] 69[UDP] |
目标主机 | node2 |
测试主机与目标端口的网络是否通畅
两台主机的防火墙跟SELinux已关闭
1.1.查找命令是由那个软件包提供的
# 查找 telnet 命令有那个软件包提供的
[root@node1 ~]# yum -y provides telnet # 或者 yum -y provides *bin/telnet
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.sjtu.edu.cn
* epel: ftp.riken.jp
* extras: ftp.sjtu.edu.cn
* updates: ftp.sjtu.edu.cn
1:telnet-0.17-65.el7_8.x86_64 : The client program for the Telnet remote login protocol
Repo : base
1:telnet-0.17-66.el7.x86_64 : The client program for the Telnet remote login protocol
Repo : updates
[root@node1 ~]#
# 查找 nc 命令有那个软件包提供的
[root@node1 ~]# yum -y provides nc
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.sjtu.edu.cn
* extras: ftp.sjtu.edu.cn
* updates: ftp.sjtu.edu.cn
2:nmap-ncat-6.40-19.el7.x86_64 : Nmap's Netcat replacement
Repo : base
Matched from:
Provides : nc
[root@node1 ~]#
1.2.安装测试端口所需的命令
[root@node1 ~]# yum -y install telnet nmap
1.3.安装所需测试的应用
[root@node2 ~]# yum -y install nginx net-snmp tftp tftp-server
# mysql 的安装不在这里写了,如果需要请别我的安装mysql文档
1.4.启动服务
[root@node2 ~]# systemctl start snmpd
[root@node2 ~]#
[root@node2 ~]# systemctl status snmpd
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2023-08-19 13:54:47 CST; 5s ago
Main PID: 2208 (snmpd)
CGroup: /system.slice/snmpd.service
└─2208 /usr/sbin/snmpd -LS0-6d -f
Aug 19 13:54:47 node2 systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Aug 19 13:54:47 node2 snmpd[2208]: NET-SNMP version 5.7.2
Aug 19 13:54:47 node2 systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..
[root@node2 ~]#
[root@node2 ~]# systemctl start nginx
[root@node2 ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2023-08-19 13:35:21 CST; 20min ago
Main PID: 1900 (nginx)
CGroup: /system.slice/nginx.service
├─1900 nginx: master process /usr/sbin/nginx
├─1901 nginx: worker process
├─1902 nginx: worker process
└─1903 nginx: worker process
......省略
[root@node2 ~]# systemctl start mysqld
[root@node2 ~]# systemctl status mysqld
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2023-08-19 13:44:51 CST; 11min ago
Docs: man:mysqld(8)
......省略N
[root@node2 ~]# systemctl start tftp
[root@node2 ~]#
[root@node2 ~]# systemctl status tftp
● tftp.service - Tftp Server
Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled)
Active: active (running) since Sat 2023-08-19 13:57:06 CST; 3s ago
Docs: man:in.tftpd
Main PID: 2221 (in.tftpd)
CGroup: /system.slice/tftp.service
└─2221 /usr/sbin/in.tftpd -s /var/lib/tftpboot
Aug 19 13:57:06 node2 systemd[1]: Started Tftp Server.
[root@node2 ~]#
1.5.查看端口
[root@node2 ~]# ss -antlp | grep 3306
LISTEN 0 70 [::]:33060 [::]:* users:(("mysqld",pid=2107,fd=22))
LISTEN 0 128 [::]:3306 [::]:* users:(("mysqld",pid=2107,fd=25))
[root@node2 ~]#
[root@node2 ~]# ss -antlp | grep 80
LISTEN 0 128 *:80 *:* users:(("nginx",pid=1903,fd=6),("nginx",pid=1902,fd=6),("nginx",pid=1901,fd=6),("nginx",pid=1900,fd=6))
LISTEN 0 128 [::]:80 [::]:* users:(("nginx",pid=1903,fd=7),("nginx",pid=1902,fd=7),("nginx",pid=1901,fd=7),("nginx",pid=1900,fd=7))
[root@node2 ~]#
[root@node2 ~]# ss -anulp | grep 161
UNCONN 0 0 *:161 *:* users:(("snmpd",pid=2208,fd=6))
[root@node2 ~]#
[root@node2 ~]# ss -anulp | grep 69
UNCONN 0 0 [::]:69 [::]:* users:(("in.tftpd",pid=2221,fd=0),("systemd",pid=1,fd=27))
[root@node2 ~]#
[root@node2 ~]# ss -antlu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:161 *:*
udp UNCONN 0 0 [::]:69 [::]:*
tcp LISTEN 0 128 127.0.0.1:199 *:*
tcp LISTEN 0 128 *:80 *:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 70 [::]:33060 [::]:*
tcp LISTEN 0 128 [::]:3306 [::]:*
tcp LISTEN 0 128 [::]:80 [::]:*
tcp LISTEN 0 128 [::]:22 [::]:*
[root@node2 ~]#
1.6.测试TCP端口
[root@node1 ~]# telnet 192.168.192.12 80
Trying 192.168.192.12...
Connected to 192.168.192.12. # 看到 Connected 表示192.168.192.12开通了80端口
Escape character is '^]'.
Connection closed by foreign host.
[root@node1 ~]#
# 如果以上的命令看得不是很理解可以使用nmap命令
# nmap命令 – 网络探测及端口扫描工具
[root@node1 ~]# nmap -p 80,3306,443 192.168.192.12 # 表示扫描80跟443端口
Starting Nmap 6.40 ( http://nmap.org ) at 2023-08-19 14:08 CST
Nmap scan report for 192.168.192.12
Host is up (0.00030s latency).
PORT STATE SERVICE
80/tcp open http # open 表示打开了80 端口
443/tcp closed https # closed 表示关闭
3306/tcp open mysql
MAC Address: 00:0C:29:6A:EF:87 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 13.46 seconds
[root@node1 ~]#
[root@node1 ~]# nc -vz 192.168.192.12 80
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.192.12:80.
Ncat: 0 bytes sent, 0 bytes received in 0.00 seconds.
[root@node1 ~]#
# Ncat: 7.50版本(https://nmap.org/ncat)
# Ncat:连接192.168.192.12:80。
# Ncat:发送0字节,在0.00秒内接收0字节。
1.7.测试UDP端口
[root@node1 ~]# nmap -sU -p 161,69 192.168.192.12
Starting Nmap 6.40 ( http://nmap.org ) at 2023-08-19 14:21 CST
Nmap scan report for 192.168.192.12
Host is up (0.00029s latency).
PORT STATE SERVICE
69/udp open|filtered tftp
161/udp open snmp
MAC Address: 00:0C:29:6A:EF:87 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 14.47 seconds
[root@node1 ~]#
[root@node1 ~]# nc -vuz 192.168.192.12 161
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.192.12:161.
Ncat: UDP packet sent successfully # 看到successfully 表示成功
Ncat: 1 bytes sent, 0 bytes received in 2.01 seconds.
[root@node1 ~]#
以上都是测试成功的,现在模拟服务没有开启或者防火墙阻挡
1.8.关闭 nginx 服务
[root@node2 ~]# systemctl stop nginx
# 到192.168.192.11 主机上测试
[root@node1 ~]# nc -vz 192.168.192.12 80
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection refused. # 看到refused 表示拒绝连接
[root@node1 ~]#
[root@node1 ~]# nmap -p80,3306 192.168.192.12
Starting Nmap 6.40 ( http://nmap.org ) at 2023-08-19 14:32 CST
Nmap scan report for 192.168.192.12
Host is up (0.00033s latency).
PORT STATE SERVICE
80/tcp closed http # 表示失败
3306/tcp open mysql # 表示成功
MAC Address: 00:0C:29:6A:EF:87 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 13.45 seconds
[root@node1 ~]#
1.9.开启防火墙测试161端口
[root@node2 ~]# systemctl start firewalld
[root@node2 ~]#
[root@node2 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2023-08-19 14:36:34 CST; 1min 27s ago
Docs: man:firewalld(1)
......
# 在node1测试 161 端口
[root@node1 ~]# nc -vuz 192.168.192.12 161
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.192.12:161.
Ncat: No route to host. # 表示失败
[root@node1 ~]#
[root@node1 ~]# nmap -sU -p 161 192.168.192.12
Starting Nmap 6.40 ( http://nmap.org ) at 2023-08-19 14:39 CST
Nmap scan report for 192.168.192.12
Host is up (0.00028s latency).
PORT STATE SERVICE
161/udp filtered snmp
MAC Address: 00:0C:29:6A:EF:87 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 13.45 seconds
[root@node1 ~]#
# 放行 161 端口
[root@node2 ~]# firewall-cmd --zone=public --add-port=161/udp --permanent
success
[root@node2 ~]# firewall-cmd --reload # 更新防火墙规则,不然不会生效
success
# 查看端口是否开放
[root@node2 ~]# firewall-cmd --zone=public --query-port=161/udp
yes
[root@node2 ~]#
# 再次测试 161 端口
[root@node1 ~]# nc -vuz 192.168.192.12 161
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.192.12:161.
Ncat: UDP packet sent successfully # 成功
Ncat: 1 bytes sent, 0 bytes received in 2.01 seconds.
[root@node1 ~]#
[root@node1 ~]# nmap -sU -p 161 192.168.192.12
Starting Nmap 6.40 ( http://nmap.org ) at 2023-08-19 14:51 CST
Nmap scan report for 192.168.192.12
Host is up (0.00048s latency).
PORT STATE SERVICE
161/udp open snmp
MAC Address: 00:0C:29:6A:EF:87 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 13.46 seconds
[root@node1 ~]#
报错信息
安装 net-snmp 报错信息:
Error: Package: 1:net-snmp-agent-libs-5.7.2-49.el7_9.2.x86_64 (xxx)
Requires: libmysqlclient.so.18()(64bit)
Error: Package: 1:net-snmp-5.7.2-49.el7_9.2.x86_64 (xxx)
Requires: libmysqlclient.so.18()(64bit)
Error: Package: 1:net-snmp-agent-libs-5.7.2-49.el7_9.2.x86_64 (xxx)
Requires: libmysqlclient.so.18(libmysqlclient_18)(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
解决安装 net-snmp 报错
[root@node2 ~]# yum -y install https://repo.mysql.com/yum/mysql-8.0-community/el/7/x86_64/mysql-community-libs-compat-8.0.25-1.el7.x86_64.rpm