[20190211]简单测试端口是否打开.txt

[20190211]简单测试端口是否打开.txt --//昨天看一个链接,提到如果判断一个端口是否打开可以简单执行如下: --//参考链接:https://dba010.com/2019/02/04/check-if-a-port-on-a-remote-system-is-reachable-without-telnet/ 1.测试: # cat < /dev/tcp/192.168.100.40/1521 # echo $? # cat < /dev/tcp/192.168.100.40/1522 -bash: connect: Connection refused -bash: /dev/tcp/192.168.100.40/1522: Connection refused # alias zdate alias zdate='date +'\''%Y/%m/%d %T'\''' --//不过我的测试需要等待一分钟,不知道那个受那个内核参数的影响,不知道那位知道: # zdate ;cat < /dev/tcp/192.168.100.40/1521 ; zdate 2019/02/11 08:42:59 2019/02/11 08:43:59 --//换另外一台机器测试: # zdate ;cat < /dev/tcp/192.168.100.78/1521;zdate 2019/02/11 08:46:07 2019/02/11 08:46:17 # zdate ;cat < /dev/tcp/192.168.100.40/1521;zdate 2019/02/11 08:46:36 2019/02/11 08:47:36 --//视乎和远程服务器某个内核参数有关.测试100.40需要60秒(这台机器很老redhat 4.3的版本),而测试100.78需要10秒. --//在100.78上使用tcpdump监测: # tcpdump -i eth0 host 192.168.xxx.xx -nnn tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 09:03:41.242607 IP 192.168.xxx.xx.48292 > 192.168.100.78.1521: S 226276375:226276375(0) win 29200 <mss 1460,sackOK,timestamp 3393435130 0,nop,wscale 7> 09:03:41.242785 IP 192.168.100.78.1521 > 192.168.xxx.xx.48292: S 995705425:995705425(0) ack 226276376 win 14480 <mss 1460,sackOK,timestamp 1354661055 3393435130,nop,wscale 7> 09:03:41.242852 IP 192.168.xxx.xx.48292 > 192.168.100.78.1521: . ack 1 win 229 <nop,nop,timestamp 3393435130 1354661055> 09:03:51.253449 IP 192.168.100.78.1521 > 192.168.xxx.xx.48292: F 1:1(0) ack 1 win 114 <nop,nop,timestamp 1354671066 3393435130> 09:03:51.253770 IP 192.168.xxx.xx.48292 > 192.168.100.78.1521: F 1:1(0) ack 2 win 229 <nop,nop,timestamp 3393445141 1354671066> 09:03:51.253797 IP 192.168.100.78.1521 > 192.168.xxx.xx.48292: . ack 2 win 114 <nop,nop,timestamp 1354671066 3393445141> --//也可以看出有10秒的等待时间.在100.78上执行: # echo /proc/sys/net/ipv4/* | xargs   -n 1  strings -1 -f | grep ": 10$" /proc/sys/net/ipv4/cipso_cache_bucket_size: 10 /proc/sys/net/ipv4/igmp_max_msf: 10 /proc/sys/net/ipv4/inet_peer_gc_mintime: 10 /proc/sys/net/ipv4/tcp_keepalive_intvl: 10 */ --//开始以为/proc/sys/net/ipv4/tcp_keepalive_intvl: 10有关,我查看100.40的设置/proc/sys/net/ipv4/tcp_keepalive_intvl=75,也不是这个 --//参数.我修改这个参数测试还是10秒. --//实际上还有1个更快的测试方法,发送信息到/dev/tcp/ip_address/port,例子如下: # echo a >  /dev/tcp/192.168.100.78/1521 # echo $? # echo a >  /dev/tcp/192.168.100.78/1522 -bash: connect: 拒绝连接 -bash: /dev/tcp/192.168.100.78/1522: 拒绝连接 --//在100.78上使用tcpdump监测:  # tcpdump -i eth0 host 192.168.xxx.xx -nnn tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 09:12:41.312584 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: S 3309983125:3309983125(0) win 29200 <mss 1460,sackOK,timestamp 3393975215 0,nop,wscale 7> 09:12:41.312761 IP 192.168.100.78.1521 > 192.168.xxx.xx.48331: S 124881852:124881852(0) ack 3309983126 win 14480 <mss 1460,sackOK,timestamp 1355201125 3393975215,nop,wscale 7> 09:12:41.312850 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: . ack 1 win 229 <nop,nop,timestamp 3393975216 1355201125> 09:12:41.312895 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: P 1:3(2) ack 1 win 229 <nop,nop,timestamp 3393975216 1355201125> 09:12:41.312911 IP 192.168.100.78.1521 > 192.168.xxx.xx.48331: . ack 3 win 114 <nop,nop,timestamp 1355201125 3393975216> 09:12:41.312922 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: F 3:3(0) ack 1 win 229 <nop,nop,timestamp 3393975216 1355201125> 09:12:41.313454 IP 192.168.100.78.1521 > 192.168.xxx.xx.48331: F 1:1(0) ack 4 win 114 <nop,nop,timestamp 1355201126 3393975216> 09:12:41.313661 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: . ack 2 win 229 <nop,nop,timestamp 3393975217 1355201126> --//这样几乎瞬间响应.后面2个网络包是监测1522端口的. 09:13:08.704102 IP 192.168.xxx.xx.15174 > 192.168.100.78.1522: S 2841139274:2841139274(0) win 29200 <mss 1460,sackOK,timestamp 3394002608 0,nop,wscale 7> 09:13:08.704140 IP 192.168.100.78.1522 > 192.168.xxx.xx.15174: R 0:0(0) ack 2841139275 win 0 --//前面测试在root用户下进行,我在oracle用户下测试看看: # zdate ;cat < /dev/tcp/192.168.100.40/1521 ; zdate 2019/02/11 09:22:51 2019/02/11 09:23:51 --//也是可以的. 2.继续测试: --//我反复测试发现仅仅探测100.78需要10秒,其它的机器都是60秒.这样可能与内核的参数无关,因为我们服务器许多版本使用与100.78一样的. --//我最终测试与参数INBOUND_CONNECT_TIMEOUT_LISTENER设置有关(在$ORACLE_HOME/network/admin/listener.ora下). $ grep INBOUND_CONNECT_TIMEOUT_LISTENER listener.ora INBOUND_CONNECT_TIMEOUT_LISTENER=10 --//而这个参数缺省就是60秒.修改它等于1,要重启监听看看(我测试要重启监听才生效): # zdate ;cat < /dev/tcp/192.168.100.78/1521;zdate 2019/02/11 09:36:14 2019/02/11 09:36:15 --//OK现在需要1秒. --//一般以前使用nc或者telnet判断,链接如下: # echo a | nc -w 1 -n -v  192.168.xxx.xx 1-1521 2>/dev/null | grep "succeeded"  --//参考链接:http://blog.itpub.net/267265/viewspace-2148257/ --//关于INBOUND_CONNECT_TIMEOUT的设置,在sqlnet.ora与listener.ora意义不一样,一个表示等待用户认证超时的时间,一个表示等待用 --//户连接请求超时的时间. 可以参考我以前链接: --// http://blog.itpub.net/267265/viewspace-2147529/ 3.自己在重复验证看看. $ grep INBOUND_CONNECT_TIMEOUT sqlnet.ora listener.ora sqlnet.ora:SQLNET.INBOUND_CONNECT_TIMEOUT=30 listener.ora:INBOUND_CONNECT_TIMEOUT_LISTENER=1 $ ps -ef | grep oracleboo[k] --//没有任何输出.也就是远程没有客户连接服务器. $ zdate;sqlplus scott/xxxxx@book  2019/02/11 09:48:04 SQL*Plus: Release 11.2.0.4.0 Production on Mon Feb 11 09:48:04 2019 Copyright (c) 1982, 2013, Oracle.  All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied --//注意sqlplus不能使用-l参数,不然马上退出了. --//切换终端会话,执行如下: $ ps -ef | grep oracleboo[k] oracle   43849     1  0 09:48 ?        00:00:00 oraclebook (LOCAL=NO) --//可以发现实际上网络连接已经建立. --//等alert*.log出现如下信息,在取消上面sqlplus的执行: --//alert.log Mon Feb 11 09:48:34 2019 WARNING: inbound connection timed out (ORA-3136) --//两者时间相减就是30秒.这个参数也就是sqlnet.ora有关.也就是等待用户认证超时的时间. $ zdate ;cat < /dev/tcp/192.168.100.78/1521;zdate 2019/02/11 10:00:21 2019/02/11 10:00:22 --//正好1秒,这个时候就是表示等待用户连接请求超时的时间. $ zdate; telnet 192.168.100.78 1521;zdate 2019/02/11 10:01:38 Trying 192.168.100.78... Connected to xxxxxdg4.com (192.168.100.78). Escape character is '^]'. Connection closed by foreign host. 2019/02/11 10:01:39 $ time telnet  192.168.100.78 1521 Trying 192.168.100.78... Connected to xxxxxdg4.com (192.168.100.78). Escape character is '^]'. Connection closed by foreign host. real    0m1.007s user    0m0.001s sys     0m0.003s $ /usr/bin/time -p telnet  192.168.100.78 1521 > /dev/null Connection closed by foreign host. Command exited with non-zero status 1 real 1.00 user 0.00 sys 0.00