在Ubuntu上使用OpenSSL检查端口是否开放,可以通过以下步骤进行:
打开终端: 在Ubuntu系统中,你可以通过快捷键 Ctrl + Alt + T 打开终端。
运行OpenSSL命令: 使用以下命令来检查指定主机的端口是否开放:
openssl s_client -connect hostname:port 其中,hostname 是你要检查的主机名或IP地址,port 是要检查的端口号。
例如,如果你想检查 www.example.com 的80端口是否开放,可以运行:
openssl s_client -connect www.example.com:80 分析输出:
如果连接成功,你会看到类似以下的输出:
CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 ... verify error:num=20:unable to get local issuer certificate verify return:1 depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 ... verify return:1 depth=0 CN = www.example.com verify return:1 --- Certificate chain 0 s:CN = www.example.com i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 --- Server certificate ... Subject:CN = www.example.com Issuer:C = US, O = Let's Encrypt, CN = R3 ... No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits ... SSL handshake has read 3547 bytes and written 430 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 20 (unable to get local issuer certificate) 如果连接失败,你会看到类似以下的输出:
CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 ... verify error:num=20:unable to get local issuer certificate verify return:1 depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 ... verify return:1 depth=0 CN = example.com verify return:1 --- Certificate chain 0 s:CN = example.com i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 --- Server certificate ... Subject:CN = example.com Issuer:C = US, O = Let's Encrypt, CN = R3 ... No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits ... SSL handshake has read 3547 bytes and written 430 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 20 (unable to get local issuer certificate) 注意:verify return:20 表示证书验证失败,但这并不一定意味着端口未开放。
如果你更喜欢使用图形界面或命令行工具,可以使用 nmap 来检查端口:
安装nmap:
sudo apt update sudo apt install nmap 运行nmap命令:
nmap -p port hostname 其中,port 是要检查的端口号,hostname 是目标主机名或IP地址。
例如,检查 www.example.com 的80端口:
nmap -p 80 www.example.com 分析输出: nmap 会显示目标主机的端口状态,例如:
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-05 12:34 UTC Nmap scan report for www.example.com (93.184.216.34) Host is up (0.0010s latency). PORT STATE SERVICE 80/tcp open http 通过以上方法,你可以轻松地在Ubuntu上使用OpenSSL或nmap检查端口是否开放。
