• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3152
  • Last Modified:

HP-UX: Korn Shell Script: Are the correct ports open?

HP Superdome: HP-UX: Korn Shell:
I am building some enviroment validation scripts for this box in KSH.
I need a way of checking if the required ports are opened so that I would run a script and it would return output such as:
Port 80 is open
Port 22 is open
Port 58 is not open

I thought about something like this:
if [ "`telnet localhost 80 | grep "telnet: connect to address 127.0.0.1: Connection refused"`" = "" ]
then
 echo "Port 80 open"
else
 echo "Port 80 closed"
fi

But this probably won't work if the port is acually open as telnet will block waiting for communication.

Any suggestions?
0
ignition00
Asked:
ignition00
  • 9
  • 9
  • 5
  • +1
1 Solution
 
ghostdog74Commented:
a straighforward way would be to use  port scanner, like nmap. however if you are restricted to installing such programs, you can use netstat. Here's an awk script to check ports opened. your environment will be different, so change the variables as desired


netstat -an| awk 'BEGIN{str="111 631 58 80 22";split(str,ports," ")}
     $NF ~ /LISTEN/ {
     m=split($4,a,":")
     for ( i in ports ) {
          if (a[2] == ports[i]) {
               print "port " a[2] " open"
          }
     }
}'
0
 
omarfaridCommented:
Hi,

It is peter to use expect along with telnet to capture the response and do the right action.

Please see the links below for more info about expect:

http://www.hmug.org/man/1/expect.php
http://expect.nist.gov/
http://www.linuxjournal.com/article/3065


One point regarding your piping to grep. Any unix command will send responses to either stdout or stderr (file descriptor 1 and file descriptor 2). Thus you need to redirect both stdout & stderr like 2>&1.

If you are sure about the protocol you want connect to, then you may use the proper tool to check if it is running or not. e.g. you may use wget for http, https, ftp.

Please see http://gentoo-wiki.com/MAN_wget_1 for more info about wget.

Also, your script (plus some more tools) will work for TCP ports. It will not work for UDP ports since telnet uses TCP only.
0
 
ignition00Author Commented:
omarfarid:
I do not have expect installed, thanks for the idea anyway.
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
ignition00Author Commented:
ghostdog:
I have tried your script, it works but I am not sure it is correct.
The output it reported was:
Port 111 open.

I am not sure if this port should be open on the test server.  Further more I would expect at least the SSH port to be open as that was how I connected.

Any further suggestions as to how we can get this to work?
0
 
omarfaridCommented:
Hi,

Is the script your are developing is to run on the same server you want to check ports for?

For that, as recommended by ghostdog74, you may use netstat -an anf grep.

0
 
ghostdog74Commented:
ignition00:

if you noticed, the

str="111 631 58 80 22"

line, the "str" variable defines the ports that you want to check that is open or not. I just put some arbitrary port numbers( for my testing when i developed the script). You should define your own set of port numbers to check in your environment. Then, the script only displays to you whether these ports are open on your machine after you run it. It doesn't do anything else. If you find that the script did not print out "port 80 is open" , for example, you should check whether your web server is up...etc..
0
 
omarfaridCommented:
Hi,

Try the following script

for port in `netstat -an | grep LISTEN | awk '{print $1}' | grep "*" | awk -F"."  '{print $2}' | sort -u`
do
        echo "Port:     $port   is open"
done
0
 
ignition00Author Commented:
Ok thanks, I wasn't sure what was going on with that.
We are getting closer:

[domain1636053@ssh ~]$ netstat -an| awk 'BEGIN{str="25 111 23 22 21 20";split(str,ports," ")}
>      $NF ~ /LISTEN/ {
>      m=split($4,a,":")
>      for ( i in ports ) {
>           if (a[2] == ports[i]) {
>                print "port " a[2] " open"
>           }
>      }
> }'
port 111 open
port 25 open


All looks good, except for port 22, it should be open:
[domain1636053@ssh ~]$ telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3

Connection closed by foreign host.
[domain1636053@ssh ~]$

Any ideas?
0
 
ghostdog74Commented:
hi,  minor adjustment. change a[2] to a[m]

.....
          if (a[m] == ports[i]) {
               print "port " a[m] " open"
          }
.....
and try again.
0
 
ignition00Author Commented:
Nearly there!
Still 2 problems
1. ordering of ports in STR changes output
2. port " " is open (but i can live with that one)


[domain1636053@ssh ~]$ netstat -an| awk 'BEGIN{str="25 111 23 22 21 20";split(str,ports," ")}
>      $NF ~ /LISTEN/ {
>      m=split($4,a,":")
>      for ( i in ports ) {
>           if (a[m] == ports[i]) {
>                print "port " a[2] " open"
>           }
>      }
> }'
port 111 open
port 25 open
port  open
[domain1636053@ssh ~]$
[domain1636053@ssh ~]$
[domain1636053@ssh ~]$ netstat -an| awk 'BEGIN{str="21 22 23 25";split(str,ports," ")}
>      $NF ~ /LISTEN/ {
>      m=split($4,a,":")
>      for ( i in ports ) {
>           if (a[m] == ports[i]) {
>                print "port " a[2] " open"
>           }
>      }
> }'
port 25 open
port  open
[domain1636053@ssh ~]$
0
 
omarfaridCommented:
Hi,

Are you interested in looking for particular ports to be open or not, or you want all open ports?

The script provided will list all open ports, but can be customized for particular ones.

0
 
ignition00Author Commented:
Omarfarid, your script produces no output:

[domain1636053@ssh ~]$ for port in `netstat -an | grep LISTEN | awk '{print $1}' | grep "*" | awk -F"."  '{print $2}' | sort -u`
> do
>         echo "Port:     $port   is open"
> done
[domain1636053@ssh ~]$
[domain1636053@ssh ~]$
0
 
omarfaridCommented:
Hi,

I tested it and it is working. Which sell are you using? Try ksh
0
 
ghostdog74Commented:
ignition00

please change carefully...

.....
          if (a[m] == ports[i]) {
               print "port " a[m] " open"  <-----------change this as well from a[2] to a[m]
          }
.....



0
 
ignition00Author Commented:
Ghost dog, we got it!

Thanks very much

[domain1636053@ssh ~]$ netstat -an| awk 'BEGIN{str="21 22 23 25 111";split(str,ports," ")}
>      $NF ~ /LISTEN/ {
>      m=split($4,a,":")
>      for ( i in ports ) {
>           if (a[m] == ports[i]) {
>                print "port " a[m] " open"
>           }
>      }
> }'
port 111 open
port 25 open
port 22 open
0
 
ignition00Author Commented:
Sorry omar, still dosn't work:

[domain1636053@ssh ~]$ ksh
$ for port in `netstat -an | grep LISTEN | awk '{print $1}' | grep "*" | awk -F"."
>
>
> done
$
[domain1636053@ssh ~]$

Ghost dog's is working fine now tho.
0
 
omarfaridCommented:
Hi,

The script shown below is working on my server. netstat -an may have different format on your server. If you can show sample output from your server


if test -f /tmp/ports.$$
then
      rm /tmp/ports.$$
fi
for port in `netstat -an | grep LISTEN | awk '{print $1}' | grep "*" | awk -F"."  '{print $2}' | sort -u`
do
echo "Port:     $port   is open" >> /tmp/ports.$$
done
for p in 21 512
do
grep -w $p /tmp/ports.$$
done
0
 
omarfaridCommented:
Hi,

If you don't mind, please provide sample output of netstat -an to see why my script did not work.

Thanks,

Omar
0
 
ignition00Author Commented:
Its long, 500 lines...you want me to post or or can I email it to you?
0
 
ghostdog74Commented:
omar,
since ignition and mine's are quite similar, here's the output frm my machine for just this:

 # netstat -an | grep LISTEN | more
tcp        0      0 127.0.0.1:2208          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:1474          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2544          0.0.0.0:*               LISTEN

as you can see, if  $1 is used in the first awk statement, it won't get any result when it reaches

netstat -an | grep LISTEN | awk '{print $1}' | grep "*"

it should be either $3, or $4 ...
0
 
omarfaridCommented:
Hi,

ok, omarfarid@gmail.com
0
 
omarfaridCommented:
Hi,

Thats why. The netstat -an on my m/c gives:

      *.111                *.*                0      0 24576      0 LISTEN
      *.21                 *.*                0      0 24576      0 LISTEN
      *.23                 *.*                0      0 24576      0 LISTEN
      *.514                *.*                0      0 24576      0 LISTEN
      *.514                *.*                0      0 24576      0 LISTEN
      *.513                *.*                0      0 24576      0 LISTEN
      *.512                *.*                0      0 24576      0 LISTEN
      *.512                *.*                0      0 24576      0 LISTEN
      *.540                *.*                0      0 24576      0 LISTEN
      *.79                 *.*                0      0 24576      0 LISTEN
      *.37                 *.*                0      0 24576      0 LISTEN
      *.7                  *.*                0      0 24576      0 LISTEN
      *.9                  *.*                0      0 24576      0 LISTEN
0
 
TintinCommented:
Please note that you are only looking at TCP services.

Did you want to include UDP as well?
0
 
ignition00Author Commented:
No need for UDP as well.
This question is now closed.
Thanks everyone for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 9
  • 9
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now