There have always been a severe lack of port querying tools with ESXi until nc was added to the builds and now it looks like the VCSA finally gets something along the same lines. This utility is somewhat limited to what you can and cannot do but it helps when you are in a pinch.
This script is called port-accessible.py and is located in
1 |
/usr/lib/applmgmt/support/scripts |
So if we run the python script we will observe the following:
1 2 3 4 5 6 7 8 9 10 11 12 |
./port-accessible.py Usage: portaccess [options] <host> [<port>] Options: --version show program's version number and exit -h, --help show this help message and exit -p, --print-prefix Print the greeting message. Both host and port must be provided. -t, --http Print HTTP response headers. Default port is 80 for HTTP. -s, --https Print HTTPS response headers. Default port is 443 for HTTPS. |
So if I want to issue a test to say one of my hosts to make sure that we can communicate over 902 I would issue the following :
1 2 |
# ./port-accessible.py -p 192.168.232.131 902 220 VMware Authentic |
If we are using tcpdump at the same time we can see the rrequest and then we can see the response
1 2 3 |
20:52:46.769079 IP localhost.localdom.46989 > 192.168.232.131.ideafarm-door: S 238732389:238732389(0) win 14600 <mss 1460,sackOK,timestamp 4617941 0,nop,wscale 8> 20:52:46.769253 IP 192.168.232.131.ideafarm-door > localhost.localdom.46989: S 846290550:846290550(0) ack 238732390 win 65535 <mss 1460,nop,wscale 9,sackOK,timestamp 1952515 4617941> 20:52:46.769277 IP localhost.localdom.46989 > 192.168.232.131.ideafarm-door: . ack 1 win 58 <nop,nop,timestamp 4617942 1952515> |
If we try it on a port that we know isn’t open on the host we get the following
1 |
./port-accessible.py -p 192.168.232.131 6537 |
The command will sit there and hang and while tcpdumping the interface we observe constant retries but the script will not terminate until there is a total of 6 failures
1 2 3 4 5 6 |
20:54:39.662486 IP localhost.localdom.42643 > 192.168.232.131.6537: S 443994958:443994958(0) win 14600 <mss 1460,sackOK,timestamp 4646164 0,nop,wscale 8> 20:54:42.666023 IP localhost.localdom.42643 > 192.168.232.131.6537: S 443994958:443994958(0) win 14600 <mss 1460,sackOK,timestamp 4646916 0,nop,wscale 8> 20:54:48.682798 IP localhost.localdom.42643 > 192.168.232.131.6537: S 443994958:443994958(0) win 14600 <mss 1460,sackOK,timestamp 4648420 0,nop,wscale 8> 20:55:00.697271 IP localhost.localdom.42643 > 192.168.232.131.6537: S 443994958:443994958(0) win 14600 <mss 1460,sackOK,timestamp 4651424 0,nop,wscale 8> 20:55:24.761465 IP localhost.localdom.42643 > 192.168.232.131.6537: S 443994958:443994958(0) win 14600 <mss 1460,sackOK,timestamp 4657440 0,nop,wscale 8> 20:56:12.888786 IP localhost.localdom.42643 > 192.168.232.131.6537: S 443994958:443994958(0) win 14600 <mss 1460,sackOK,timestamp 4669472 0,nop,wscale 8> |
Here is what is returned after the failure
1 2 |
./port-accessible.py -p 192.168.232.131 6537 Failed to connect to 192.168.232.131:6537 ([Errno 110] Connection timed out) |
I do know for a fact that the ESXi host has port 80 open so I want to try to see what a HTTP return is when I set the flag for it.
1 2 3 4 5 6 |
./port-accessible.py -t 192.168.232.131 200 OK date : Mon, 2 Feb 2015 21:02:42 GMT connection : close content-type : text/html content-length : 5279 |
Verdict: It’s not perfect but I think that it is a great start. I would love if they could include nc on the VCSA but I am sure that they have their reasons. My main complaint is that you can’t specify the protocol that you can use when sending the traffic.