Earlier today, I have a need to check for a UDP opening port on a remote Linux server. And I felt blank in my brain, like I never done this before. Then I remember with TCP, I could use nc command to check it. Something like:

➜ nc -vz opnsense 22
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connection to 2400:a888:333:0:222:ffff:fe54:67de failed: TIMEOUT.
Ncat: Trying next address...
Ncat: Connection to 192.168.1.1 failed: TIMEOUT.
Ncat: Trying next address...
Ncat: TIMEOUT.

The above output indicates that there is a failed connection between my computer to the remote host ‘opnsense’ on port 22.

Running the same command to check if SSH service is running on another server banan, which shows a successful connection.

➜ nc -vz banan 22
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to 2400:a884:333:0:5555:c7ff:feb6:575d:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
  • -v: verbose
  • -z: Zero-I/O mode, report connection status only

So, I thought there must be an option to check for UDP opening port with nc too. Running a quick man nc, I found the -u flag which is something I was looking for.

  • -u, --udp: use UDP instead of default TCP

Let’s test this out.

➜ nc -vz -u opnsense 53
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to 2400:a888:333:0:222:ffff:fe54:67de:53.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.02 seconds.

It works! There is indeed a DNS service listening on port 53 on my opnsense server.

But, are there other ways we can use to test the UDP connectivity? Sure, there are, and here is one them. From this article [1][2], we can use nmap also.

➜ nmap -v -sU opnsense 53
You requested a scan type which requires root privileges.
QUITTING!

Oh, fine! Take my sudo!

➜ sudo nmap -4 -v -sU -p 53 opnsense
Starting Nmap 7.92 ( https://nmap.org ) at 2024-07-17 21:18 AEST
Initiating ARP Ping Scan at 21:18
Scanning opnsense (192.168.1.1) [1 port]
Completed ARP Ping Scan at 21:18, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:18
Completed Parallel DNS resolution of 1 host. at 21:18, 0.00s elapsed
Initiating UDP Scan at 21:18
Scanning opnsense (192.168.1.1) [1 port]
Discovered open port 53/udp on 192.168.1.1
Completed UDP Scan at 21:18, 0.00s elapsed (1 total ports)
Nmap scan report for opnsense (192.168.1.1)
Host is up (0.00041s latency).
Other addresses for opnsense (not scanned): ... omitted ...
rDNS record for 192.168.1.1: opnsense.soputtra.com

PORT   STATE SERVICE
53/udp open  domain
MAC Address: 00:EE:66:55:66:DD (Unknown)

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
           Raw packets sent: 3 (126B) | Rcvd: 2 (68B)
  • -sU: UDP Scan
  • -v: Increase verbosity
  • -p <port ranges>: Only scan specified ports

Well, this is longer than I had expected. But, I’m glad I learn how to test UDP connectivity more than one way now.

References:

  1. Testing UDP Port Connectivity
  2. Nmap - Switches and Scan Types in Nmap