64

So I can use this netcat command to check if a UDP port is open:

$  nc -vz -u 10.1.0.100 53
Connection to 10.1.0.100 53 port [udp/domain] succeeded!

Unlike TCP, UDP is connectionless (fire and forget). So at a high level does anyone know how netcat knows the UDP port is open? Does it ask for a reply or something like that?

tshepang
  • 64,472
  • 86
  • 223
  • 290
Patrick McMahon
  • 790
  • 1
  • 5
  • 9

4 Answers4

30

In fact, it doesn't. You can check by doing:

$ nc -vz -u 8.8.8.8 53 
Connection to 8.8.8.8 53 port [udp/domain] succeeded!
$ nc -vz -u 8.8.8.8 54
Connection to 8.8.8.8 54 port [udp/*] succeeded!
$ nc -vz -u 8.8.8.8 59
Connection to 8.8.8.8 59 port [udp/*] succeeded!
$

So with UDP, it's not something you can really check unless it will give you information back.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Sandri_Nenes
  • 401
  • 4
  • 3
18

Judging by the specific output Connection to Connection to 10.1.0.100 53 port [udp/domain] succeeded! you are using openbsd-netcat.

Looking at the code for that the test is to bind to the UDP socket, i.e. there is an open connection: 

              if (vflag || zflag) {
                            /* For UDP, make sure we are connected. */
                            if (uflag) {
                                    if (udptest(s) == -1) {
                                            ret = 1;
                                            continue;
                                    }
                            }

                            /* Don't look up port if -n. */
                            if (nflag)
                                    sv = NULL;
                            else {
                                    sv = getservbyport(
                                        ntohs(atoi(portlist[i])),
                                        uflag ? "udp" : "tcp");
                            }

                            fprintf(stderr,
                                "Connection to %s %s port [%s/%s] "
                                "succeeded!\n", host, portlist[i],
                                uflag ? "udp" : "tcp",
                                sv ? sv->s_name : "*");

udptest issues around 3 writes to the open socket. There is a note that this doesn't work for IPv6 and fails after around 100 ports checked.

So while the other suggestion may be valid, I don't think that's happening in this particular case.

rocky
  • 1,978
  • 11
  • 23
  • so `udptest` is the function I am looking for and it answers my question. From the link you provided "* udptest() * Do a few writes to see if the UDP port is there" – Patrick McMahon Oct 13 '15 at 15:11
  • Yes, I just checked that and saw the writes as well. Revised answer. – rocky Oct 13 '15 at 15:13
  • 2
    @PatrickMcMahon - if this answers your question, then accept it by clicking on the large tick. – cas Oct 14 '15 at 00:29
14

Well I have different opinion:

a:~# nc -luk 10.12.0.12 667 // listen on UDP port 667
b:~# nc -uv 10.12.0.12 667  // check if port is open 
nc: 10.12.0.12 (10.12.0.12) 667 [667] open
I love stackexchange // send a message
a:~# nc -luk 10.12.0.12 667
I love stackexchange // receive the message.

So based on that, you can check if the connection between a and b on that udp port is possible. Later on you can continue checking using tcpdump.

crashoverbike
  • 249
  • 2
  • 2
  • 1
    Ah yes I like this. Its a good way to test if you have access to both nodes. I guess when I was asking the question I was steering towards "how to test a black box" or probing an external node. The results of doing just that, netcat cannot guarantee. – Patrick McMahon Jun 14 '17 at 15:58
  • Could you please expand on the IP address `10.12.0.12` ? Why is it used on both computers? – Sopalajo de Arrierez Jun 18 '18 at 17:22
  • -k option is not necessary when you are dealing with UDP – YON Nov 13 '19 at 06:27
9

There is an ICMP message to signalize that a port, even an UDP one, is closed. So if a host sends this message then the port can be assumed to be closed.

https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Destination_unreachable

phk
  • 5,893
  • 7
  • 41
  • 70
  • 5
    Note that because UDP is connectionless, you cannot reliably distinguish an open port from a firewalled port from a lost packet. – Mark Oct 13 '15 at 23:06
  • Very true. And theoretically it would also be possible that you get the packet and the port is not really closed. – phk Oct 13 '15 at 23:09