F5检测远端UDP端口是否正常

使用F5内置命令：nc（NetCat）

NetCat，在网络工具中有“瑞士军刀”美誉，功能非常强大，测试udp只是其中的一个功能变通。在安全领域nc常用来端口监听转发，用的比较多的也是windows版的NC，在运维中需要常用到linux上的nc，而一般linux会默认集成这个命令，根据不同系统命令不同，有的为“nc”，有的为“netcat”，大家可以根据实际系统尝试下。

接下来进行连接性测试

# 使用 nc -uv $ip $port 命令，输入多次回车没有出现异常表示连接正常
#正常示例：
[root@bigip1:Active:Standalone] config # nc -uv 114.114.114.114 53
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 114.114.114.114:53.

# 使用 nc -uv $ip $port 命令，输入多次回车出现异常表示连接端口失败
#失败示例：
[root@bigip1:Active:Standalone] config # nc -uv 114.114.114.114 535
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 114.114.114.114:535.

Ncat: Connection refused.

其他参数如下所示：

-4                         Use IPv4 only
-6                         Use IPv6 only
-U, --unixsock             Use Unix domain sockets only
-C, --crlf                 Use CRLF for EOL sequence
-c, --sh-exec <command>    Executes the given command via /bin/sh
-e, --exec <command>       Executes the given command
    --lua-exec <filename>  Executes the given Lua script
-g hop1[,hop2,...]         Loose source routing hop points (8 max)
-G <n>                     Loose source routing hop pointer (4, 8, 12, ...)
-m, --max-conns <n>        Maximum <n> simultaneous connections
-h, --help                 Display this help screen
-d, --delay <time>         Wait between read/writes
-o, --output <filename>    Dump session data to a file
-x, --hex-dump <filename>  Dump session data as hex to a file
-i, --idle-timeout <time>  Idle read/write timeout
-p, --source-port port     Specify source port to use
-s, --source addr          Specify source address to use (doesn't affect -l)
-l, --listen               Bind and listen for incoming connections
-k, --keep-open            Accept multiple connections in listen mode
-n, --nodns                Do not resolve hostnames via DNS
-t, --telnet               Answer Telnet negotiations
-u, --udp                  Use UDP instead of default TCP
    --sctp                 Use SCTP instead of default TCP
-v, --verbose              Set verbosity level (can be used several times)
-w, --wait <time>          Connect timeout
    --append-output        Append rather than clobber specified output files
    --send-only            Only send data, ignoring received; quit on EOF
    --recv-only            Only receive data, never send anything
    --allow                Allow only given hosts to connect to Ncat
    --allowfile            A file of hosts allowed to connect to Ncat
    --deny                 Deny given hosts from connecting to Ncat
    --denyfile             A file of hosts denied from connecting to Ncat
    --broker               Enable Ncat's connection brokering mode
    --chat                 Start a simple Ncat chat server
    --proxy <addr[:port]>  Specify address of host to proxy through
    --proxy-type <type>    Specify proxy type ("http" or "socks4")
    --proxy-auth <auth>    Authenticate with HTTP or SOCKS proxy server
    --ssl                  Connect or listen with SSL
    --ssl-cert             Specify SSL certificate file (PEM) for listening
    --ssl-key              Specify SSL private key (PEM) for listening
    --ssl-verify           Verify trust and domain name of certificates
    --ssl-trustfile        PEM file containing trusted SSL certificates
    --version              Display Ncat's version information and exit