?
Solved

HP-UX: Korn Shell Script: Are the correct ports open?

Posted on 2007-10-15
24
Medium Priority
?
3,109 Views
Last Modified: 2013-12-21
HP Superdome: HP-UX: Korn Shell:
I am building some enviroment validation scripts for this box in KSH.
I need a way of checking if the required ports are opened so that I would run a script and it would return output such as:
Port 80 is open
Port 22 is open
Port 58 is not open

I thought about something like this:
if [ "`telnet localhost 80 | grep "telnet: connect to address 127.0.0.1: Connection refused"`" = "" ]
then
 echo "Port 80 open"
else
 echo "Port 80 closed"
fi

But this probably won't work if the port is acually open as telnet will block waiting for communication.

Any suggestions?
0
Comment
Question by:ignition00
  • 9
  • 9
  • 5
  • +1
24 Comments
 
LVL 9

Expert Comment

by:ghostdog74
ID: 20077229
a straighforward way would be to use  port scanner, like nmap. however if you are restricted to installing such programs, you can use netstat. Here's an awk script to check ports opened. your environment will be different, so change the variables as desired


netstat -an| awk 'BEGIN{str="111 631 58 80 22";split(str,ports," ")}
     $NF ~ /LISTEN/ {
     m=split($4,a,":")
     for ( i in ports ) {
          if (a[2] == ports[i]) {
               print "port " a[2] " open"
          }
     }
}'
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20077299
Hi,

It is peter to use expect along with telnet to capture the response and do the right action.

Please see the links below for more info about expect:

http://www.hmug.org/man/1/expect.php
http://expect.nist.gov/
http://www.linuxjournal.com/article/3065


One point regarding your piping to grep. Any unix command will send responses to either stdout or stderr (file descriptor 1 and file descriptor 2). Thus you need to redirect both stdout & stderr like 2>&1.

If you are sure about the protocol you want connect to, then you may use the proper tool to check if it is running or not. e.g. you may use wget for http, https, ftp.

Please see http://gentoo-wiki.com/MAN_wget_1 for more info about wget.

Also, your script (plus some more tools) will work for TCP ports. It will not work for UDP ports since telnet uses TCP only.
0
 

Author Comment

by:ignition00
ID: 20077405
omarfarid:
I do not have expect installed, thanks for the idea anyway.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ignition00
ID: 20077438
ghostdog:
I have tried your script, it works but I am not sure it is correct.
The output it reported was:
Port 111 open.

I am not sure if this port should be open on the test server.  Further more I would expect at least the SSH port to be open as that was how I connected.

Any further suggestions as to how we can get this to work?
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20077455
Hi,

Is the script your are developing is to run on the same server you want to check ports for?

For that, as recommended by ghostdog74, you may use netstat -an anf grep.

0
 
LVL 9

Expert Comment

by:ghostdog74
ID: 20077527
ignition00:

if you noticed, the

str="111 631 58 80 22"

line, the "str" variable defines the ports that you want to check that is open or not. I just put some arbitrary port numbers( for my testing when i developed the script). You should define your own set of port numbers to check in your environment. Then, the script only displays to you whether these ports are open on your machine after you run it. It doesn't do anything else. If you find that the script did not print out "port 80 is open" , for example, you should check whether your web server is up...etc..
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20077568
Hi,

Try the following script

for port in `netstat -an | grep LISTEN | awk '{print $1}' | grep "*" | awk -F"."  '{print $2}' | sort -u`
do
        echo "Port:     $port   is open"
done
0
 

Author Comment

by:ignition00
ID: 20077580
Ok thanks, I wasn't sure what was going on with that.
We are getting closer:

[domain1636053@ssh ~]$ netstat -an| awk 'BEGIN{str="25 111 23 22 21 20";split(str,ports," ")}
>      $NF ~ /LISTEN/ {
>      m=split($4,a,":")
>      for ( i in ports ) {
>           if (a[2] == ports[i]) {
>                print "port " a[2] " open"
>           }
>      }
> }'
port 111 open
port 25 open


All looks good, except for port 22, it should be open:
[domain1636053@ssh ~]$ telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3

Connection closed by foreign host.
[domain1636053@ssh ~]$

Any ideas?
0
 
LVL 9

Expert Comment

by:ghostdog74
ID: 20077632
hi,  minor adjustment. change a[2] to a[m]

.....
          if (a[m] == ports[i]) {
               print "port " a[m] " open"
          }
.....
and try again.
0
 

Author Comment

by:ignition00
ID: 20077699
Nearly there!
Still 2 problems
1. ordering of ports in STR changes output
2. port " " is open (but i can live with that one)


[domain1636053@ssh ~]$ netstat -an| awk 'BEGIN{str="25 111 23 22 21 20";split(str,ports," ")}
>      $NF ~ /LISTEN/ {
>      m=split($4,a,":")
>      for ( i in ports ) {
>           if (a[m] == ports[i]) {
>                print "port " a[2] " open"
>           }
>      }
> }'
port 111 open
port 25 open
port  open
[domain1636053@ssh ~]$
[domain1636053@ssh ~]$
[domain1636053@ssh ~]$ netstat -an| awk 'BEGIN{str="21 22 23 25";split(str,ports," ")}
>      $NF ~ /LISTEN/ {
>      m=split($4,a,":")
>      for ( i in ports ) {
>           if (a[m] == ports[i]) {
>                print "port " a[2] " open"
>           }
>      }
> }'
port 25 open
port  open
[domain1636053@ssh ~]$
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20077730
Hi,

Are you interested in looking for particular ports to be open or not, or you want all open ports?

The script provided will list all open ports, but can be customized for particular ones.

0
 

Author Comment

by:ignition00
ID: 20077749
Omarfarid, your script produces no output:

[domain1636053@ssh ~]$ for port in `netstat -an | grep LISTEN | awk '{print $1}' | grep "*" | awk -F"."  '{print $2}' | sort -u`
> do
>         echo "Port:     $port   is open"
> done
[domain1636053@ssh ~]$
[domain1636053@ssh ~]$
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20077816
Hi,

I tested it and it is working. Which sell are you using? Try ksh
0
 
LVL 9

Accepted Solution

by:
ghostdog74 earned 800 total points
ID: 20077832
ignition00

please change carefully...

.....
          if (a[m] == ports[i]) {
               print "port " a[m] " open"  <-----------change this as well from a[2] to a[m]
          }
.....



0
 

Author Comment

by:ignition00
ID: 20077867
Ghost dog, we got it!

Thanks very much

[domain1636053@ssh ~]$ netstat -an| awk 'BEGIN{str="21 22 23 25 111";split(str,ports," ")}
>      $NF ~ /LISTEN/ {
>      m=split($4,a,":")
>      for ( i in ports ) {
>           if (a[m] == ports[i]) {
>                print "port " a[m] " open"
>           }
>      }
> }'
port 111 open
port 25 open
port 22 open
0
 

Author Comment

by:ignition00
ID: 20077875
Sorry omar, still dosn't work:

[domain1636053@ssh ~]$ ksh
$ for port in `netstat -an | grep LISTEN | awk '{print $1}' | grep "*" | awk -F"."
>
>
> done
$
[domain1636053@ssh ~]$

Ghost dog's is working fine now tho.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20077885
Hi,

The script shown below is working on my server. netstat -an may have different format on your server. If you can show sample output from your server


if test -f /tmp/ports.$$
then
      rm /tmp/ports.$$
fi
for port in `netstat -an | grep LISTEN | awk '{print $1}' | grep "*" | awk -F"."  '{print $2}' | sort -u`
do
echo "Port:     $port   is open" >> /tmp/ports.$$
done
for p in 21 512
do
grep -w $p /tmp/ports.$$
done
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20077989
Hi,

If you don't mind, please provide sample output of netstat -an to see why my script did not work.

Thanks,

Omar
0
 

Author Comment

by:ignition00
ID: 20078096
Its long, 500 lines...you want me to post or or can I email it to you?
0
 
LVL 9

Expert Comment

by:ghostdog74
ID: 20078424
omar,
since ignition and mine's are quite similar, here's the output frm my machine for just this:

 # netstat -an | grep LISTEN | more
tcp        0      0 127.0.0.1:2208          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:1474          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2544          0.0.0.0:*               LISTEN

as you can see, if  $1 is used in the first awk statement, it won't get any result when it reaches

netstat -an | grep LISTEN | awk '{print $1}' | grep "*"

it should be either $3, or $4 ...
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20078435
Hi,

ok, omarfarid@gmail.com
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20078480
Hi,

Thats why. The netstat -an on my m/c gives:

      *.111                *.*                0      0 24576      0 LISTEN
      *.21                 *.*                0      0 24576      0 LISTEN
      *.23                 *.*                0      0 24576      0 LISTEN
      *.514                *.*                0      0 24576      0 LISTEN
      *.514                *.*                0      0 24576      0 LISTEN
      *.513                *.*                0      0 24576      0 LISTEN
      *.512                *.*                0      0 24576      0 LISTEN
      *.512                *.*                0      0 24576      0 LISTEN
      *.540                *.*                0      0 24576      0 LISTEN
      *.79                 *.*                0      0 24576      0 LISTEN
      *.37                 *.*                0      0 24576      0 LISTEN
      *.7                  *.*                0      0 24576      0 LISTEN
      *.9                  *.*                0      0 24576      0 LISTEN
0
 
LVL 48

Expert Comment

by:Tintin
ID: 20080414
Please note that you are only looking at TCP services.

Did you want to include UDP as well?
0
 

Author Comment

by:ignition00
ID: 20084155
No need for UDP as well.
This question is now closed.
Thanks everyone for your help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month14 days, 7 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question