[20190211]簡單測試埠是否打開.txt

[20190211]簡單測試埠是否打開.txt--//昨天看一個鏈接,提到如果判斷一個埠是否打開可以簡單執行如下:--//參考鏈接:https://dba010.com/2019/02/04/check-if-a-port-on-a-remote-system-is-reachable-with ...

[20190211]簡單測試埠是否打開.txt

--//昨天看一個鏈接,提到如果判斷一個埠是否打開可以簡單執行如下:
--//參考鏈接:https://dba010.com/2019/02/04/check-if-a-port-on-a-remote-system-is-reachable-without-telnet/

1.測試:
# cat < /dev/tcp/192.168.100.40/1521
# echo $?
0
# cat < /dev/tcp/192.168.100.40/1522
-bash: connect: Connection refused
-bash: /dev/tcp/192.168.100.40/1522: Connection refused

# alias zdate
alias zdate='date +'\''%Y/%m/%d %T'\'''
--//不過我的測試需要等待一分鐘,不知道那個受那個內核參數的影響,不知道那位知道:
# zdate ;cat < /dev/tcp/192.168.100.40/1521 ; zdate
2019/02/11 08:42:59
2019/02/11 08:43:59

--//換另外一臺機器測試:
# zdate ;cat < /dev/tcp/192.168.100.78/1521;zdate
2019/02/11 08:46:07
2019/02/11 08:46:17

# zdate ;cat < /dev/tcp/192.168.100.40/1521;zdate
2019/02/11 08:46:36
2019/02/11 08:47:36

--//視乎和遠程伺服器某個內核參數有關.測試100.40需要60秒(這台機器很老redhat 4.3的版本),而測試100.78需要10秒.
--//在100.78上使用tcpdump監測:
# tcpdump -i eth0 host 192.168.xxx.xx -nnn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:03:41.242607 IP 192.168.xxx.xx.48292 > 192.168.100.78.1521: S 226276375:226276375(0) win 29200 <mss 1460,sackOK,timestamp 3393435130 0,nop,wscale 7>
09:03:41.242785 IP 192.168.100.78.1521 > 192.168.xxx.xx.48292: S 995705425:995705425(0) ack 226276376 win 14480 <mss 1460,sackOK,timestamp 1354661055 3393435130,nop,wscale 7>
09:03:41.242852 IP 192.168.xxx.xx.48292 > 192.168.100.78.1521: . ack 1 win 229 <nop,nop,timestamp 3393435130 1354661055>
09:03:51.253449 IP 192.168.100.78.1521 > 192.168.xxx.xx.48292: F 1:1(0) ack 1 win 114 <nop,nop,timestamp 1354671066 3393435130>
09:03:51.253770 IP 192.168.xxx.xx.48292 > 192.168.100.78.1521: F 1:1(0) ack 2 win 229 <nop,nop,timestamp 3393445141 1354671066>
09:03:51.253797 IP 192.168.100.78.1521 > 192.168.xxx.xx.48292: . ack 2 win 114 <nop,nop,timestamp 1354671066 3393445141>

--//也可以看出有10秒的等待時間.在100.78上執行:
# echo /proc/sys/net/ipv4/* | xargs   -n 1 strings -1 -f | grep ": 10$"
/proc/sys/net/ipv4/cipso_cache_bucket_size: 10
/proc/sys/net/ipv4/igmp_max_msf: 10
/proc/sys/net/ipv4/inet_peer_gc_mintime: 10
/proc/sys/net/ipv4/tcp_keepalive_intvl: 10

*/
--//開始以為/proc/sys/net/ipv4/tcp_keepalive_intvl: 10有關,我查看100.40的設置/proc/sys/net/ipv4/tcp_keepalive_intvl=75,也不是這個
--//參數.我修改這個參數測試還是10秒.

--//實際上還有1個更快的測試方法,發送信息到/dev/tcp/ip_address/port,例子如下:

# echo a > /dev/tcp/192.168.100.78/1521
# echo $?
0

# echo a > /dev/tcp/192.168.100.78/1522
-bash: connect: 拒絕連接
-bash: /dev/tcp/192.168.100.78/1522: 拒絕連接

--//在100.78上使用tcpdump監測:
# tcpdump -i eth0 host 192.168.xxx.xx -nnn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:12:41.312584 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: S 3309983125:3309983125(0) win 29200 <mss 1460,sackOK,timestamp 3393975215 0,nop,wscale 7>
09:12:41.312761 IP 192.168.100.78.1521 > 192.168.xxx.xx.48331: S 124881852:124881852(0) ack 3309983126 win 14480 <mss 1460,sackOK,timestamp 1355201125 3393975215,nop,wscale 7>
09:12:41.312850 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: . ack 1 win 229 <nop,nop,timestamp 3393975216 1355201125>
09:12:41.312895 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: P 1:3(2) ack 1 win 229 <nop,nop,timestamp 3393975216 1355201125>
09:12:41.312911 IP 192.168.100.78.1521 > 192.168.xxx.xx.48331: . ack 3 win 114 <nop,nop,timestamp 1355201125 3393975216>
09:12:41.312922 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: F 3:3(0) ack 1 win 229 <nop,nop,timestamp 3393975216 1355201125>
09:12:41.313454 IP 192.168.100.78.1521 > 192.168.xxx.xx.48331: F 1:1(0) ack 4 win 114 <nop,nop,timestamp 1355201126 3393975216>
09:12:41.313661 IP 192.168.xxx.xx.48331 > 192.168.100.78.1521: . ack 2 win 229 <nop,nop,timestamp 3393975217 1355201126>
--//這樣幾乎瞬間響應.後面2個網路包是監測1522埠的.
09:13:08.704102 IP 192.168.xxx.xx.15174 > 192.168.100.78.1522: S 2841139274:2841139274(0) win 29200 <mss 1460,sackOK,timestamp 3394002608 0,nop,wscale 7>
09:13:08.704140 IP 192.168.100.78.1522 > 192.168.xxx.xx.15174: R 0:0(0) ack 2841139275 win 0

--//前面測試在root用戶下進行,我在oracle用戶下測試看看:
# zdate ;cat < /dev/tcp/192.168.100.40/1521 ; zdate
2019/02/11 09:22:51
2019/02/11 09:23:51
--//也是可以的.

2.繼續測試:
--//我反覆測試發現僅僅探測100.78需要10秒,其它的機器都是60秒.這樣可能與內核的參數無關,因為我們伺服器許多版本使用與100.78一樣的.
--//我最終測試與參數INBOUND_CONNECT_TIMEOUT_LISTENER設置有關(在$ORACLE_HOME/network/admin/listener.ora下).

$ grep INBOUND_CONNECT_TIMEOUT_LISTENER listener.ora
INBOUND_CONNECT_TIMEOUT_LISTENER=10

--//而這個參數預設就是60秒.修改它等於1,要重啟監聽看看(我測試要重啟監聽才生效):
# zdate ;cat < /dev/tcp/192.168.100.78/1521;zdate
2019/02/11 09:36:14
2019/02/11 09:36:15

--//OK現在需要1秒.

--//一般以前使用nc或者telnet判斷,鏈接如下:
# echo a | nc -w 1 -n -v 192.168.xxx.xx 1-1521 2>/dev/null | grep "succeeded"
--//參考鏈接:http://blog.itpub.net/267265/viewspace-2148257/

--//關於INBOUND_CONNECT_TIMEOUT的設置,在sqlnet.ora與listener.ora意義不一樣,一個表示等待用戶認證超時的時間,一個表示等待用
--//戶連接請求超時的時間. 可以參考我以前鏈接:
--// http://blog.itpub.net/267265/viewspace-2147529/

3.自己在重覆驗證看看.
$ grep INBOUND_CONNECT_TIMEOUT sqlnet.ora listener.ora
sqlnet.ora:SQLNET.INBOUND_CONNECT_TIMEOUT=30
listener.ora:INBOUND_CONNECT_TIMEOUT_LISTENER=1

$ ps -ef | grep oracleboo[k]
--//沒有任何輸出.也就是遠程沒有客戶連接伺服器.
$ zdate;sqlplus scott/xxxxx@book
2019/02/11 09:48:04
SQL*Plus: Release 11.2.0.4.0 Production on Mon Feb 11 09:48:04 2019
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
--//註意sqlplus不能使用-l參數,不然馬上退出了.
--//切換終端會話,執行如下:
$ ps -ef | grep oracleboo[k]
oracle   43849     1 0 09:48 ?        00:00:00 oraclebook (LOCAL=NO)
--//可以發現實際上網路連接已經建立.

--//等alert*.log出現如下信息,在取消上面sqlplus的執行:
--//alert.log
Mon Feb 11 09:48:34 2019
WARNING: inbound connection timed out (ORA-3136)
--//兩者時間相減就是30秒.這個參數也就是sqlnet.ora有關.也就是等待用戶認證超時的時間.

$ zdate ;cat < /dev/tcp/192.168.100.78/1521;zdate
2019/02/11 10:00:21
2019/02/11 10:00:22
--//正好1秒,這個時候就是表示等待用戶連接請求超時的時間.

$ zdate; telnet 192.168.100.78 1521;zdate
2019/02/11 10:01:38
Trying 192.168.100.78...
Connected to xxxxxdg4.com (192.168.100.78).
Escape character is '^]'.
Connection closed by foreign host.
2019/02/11 10:01:39

$ time telnet 192.168.100.78 1521
Trying 192.168.100.78...
Connected to xxxxxdg4.com (192.168.100.78).
Escape character is '^]'.
Connection closed by foreign host.

real    0m1.007s
user    0m0.001s
sys     0m0.003s

$ /usr/bin/time -p telnet 192.168.100.78 1521 > /dev/null
Connection closed by foreign host.
Command exited with non-zero status 1
real 1.00
user 0.00
sys 0.00