Knowledge Base

A light weight approach to validating network port connectivity

If it becomes necessary to validate, particularly in a clustered environment whether Causal Cluster or High Availability, whether or not 1 instance can talk to another instance on a given port, and thus prove whether a firewall or iptables may be prohibiting traffic, one can use either of the 2 methods

if you have linux command netcat installed

Eestablish 2 terminal sessions.

  • From the first terminal session run from the linux command line/prompt

$ nc -l -p 5000

and to which this will start up a process on the host listening for traffic on port 5000. If the connection is possible then your terminal window will advance to the next line and simply await messages from another nc command.

If the port number is already in use by another linux process you will encounter error message

nc: Address already in use
  • From the second terminal session run from the linux command line/prompt

$ nc -v <hostname> 5000

replacing <hostname> with the internal IP address/hostname of the first terminal session. This command will make a connection to the <hostname> and port 5000. If the connection is successful then your terminal window will report the following and focus will advance to the next line:

Connection to <hostname> 5000 port [tcp/*] succeeded!

From here if you enter text, for example Hello, upon hitting return/enter you should then see the text on the first terminal window. And provided you see the text on the first terminal window connectivity has been successfully proved/established.

If the connection is not successful you may receive error messages similar to:

nc: getaddrinfo: Temporary failure in name resolution
nc: connection refused

If netcat is not installed one can run

` echo > "/dev/tcp/<hostname/<port>") >/dev/null 2>&1 && echo "CAN CONNECT" || echo "CANNOT CONNECT" `

replacing <hostname> with the hostname of the machine and <port> with the port you are trying to connect to. For example

` echo > "/dev/tcp/production.neo4j.com/5001") >/dev/null 2>&1 && echo "CAN CONNECT" || echo "CANNOT CONNECT" `

and if connection is possible you should then see CAN CONNECT and if not possible you would see CANNOT CONNECT

For the above to work this would require that <hostname> and <port> are open and in LISTEN status. This would normally be the case when Neo4j has been started