All Products
Search
Document Center

The server can be pinged but the port is not connected

Last Updated: Aug 20, 2020

Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.

Introduction

This topic describes how to test port availability when the server can be pinged.

Details

If a client can ping the target server but the service port cannot be accessed, the possible cause is that the port is intercepted by a node in the link. You can perform a test by using the tools for port availability detection to check whether a node has blocked the port.

 

Introduction to port availability detection tools

The tools used for testing the port availability vary with the operating system. The port availability test tools in the following systems are described as follows:

Linux OS

traceroute is A network testing tool pre-installed in almost all Linux distributions to track the path that an Internet Protocol (IP) packet passes to a target address. traceroute checks the connectivity of the entire link between the source data packet and the target server by sending TCP data packets to the target port. The tool is described below.

Use method

The common commands for traceroute port availability test are as follows:

traceroute [-n] -T -p [$Port] [$Host]

Note:

  • -n: use the IP address instead of the hostname. (disable reverse DNS lookup.)
  • -T: specifies the TCP connection.
  • -p: sets the port number of the probe.
  • [$Port]: indicates the Port to be tested, for example, 80.
  • Host: specifies the address of the target server, such as 10.10.1.1.
  • For more information about how to use traceroute, see the man command.
Examples

The following is an example of traceroute commands and the returned results:

[root@centos~]#  traceroute -n -T -p 22 223.5.5.5
traceroute to 223.5.5.5 (223.5.5.5), 30 hops max, 60 byte packets
1 5X.X.X.X 0.431 ms 0.538 ms 0.702 ms
2 1X.X.X.X 0.997 ms 1.030 ms 10.88.16.21 1.309 ms
3 5X.X.1X.2X 0.393 ms 0.390 ms 58.96.160.250 0.423 ms
4 6X.X.X.X 1.110 ms 202.123.74.122 0.440 ms 0.440 ms
5 6X.X.1X.X 1.744 ms 63.218.56.237 1.076 ms 1.232 ms
6 63.2X.1X.1X 1.832 ms 63.223.15.90 1.663 ms 63.223.15.74 1.616 ms
7 20X.97.1X.1X 2.776 ms 63.223.15.154 1.585 ms 1.606 ms
8 * * 202.97.122.113 2.537 ms
9 202.97.61.237 6.856 ms * *
10 * * *
11 * * *
12 * * 119.147.220.222 8.738 ms
13 119.147.220.230 8.248 ms 8.231 ms *
14 * 42.120.242.230 32.305 ms 42.120.242.226 29.877 ms
15 42.120.242.234 11.950 ms 42.120.242.222 23.853 ms 42.120.242.218 29.831 ms
16 42.120.253.2 11.007 ms 42.120.242.234 13.615 ms 42.120.253.2 11.956 ms
17 42.120.253.14 21.578 ms 42.120.253.2 13.236 ms *
18 * * 223.5.5.5 12.070 ms ! X

Windows OS

In Windows, you can run the tracetcp command to test the port availability. tracetcp also performs link detection by sending TCP data packets to analyze whether an intermediate node in the link has blocked the target port. The tool is described below.

Download and installation
  1. The use of tracetcp depends on the WinPcap library. Therefore, you need go to the official website download the WinPcap library.
  2. Go tracetcp official website download the latest tracetcp.
  3. Extract the downloaded tracetcp-related files to the C:\Windows table of contents.
    Note: You can also decompress the package to a non-system directory. However, you need to manually modify the system environment variables to ensure that the commands can be called directly.
Use method

Double-click the tracetcp application to open it. Common uses of tracetcp are as follows:

tracetcp [$IP]:[$Port]

Note:

  • [$IP] indicates the IP address or domain name of the target server.
  • [$Port] indicates the target Port to be tested.
  • For more information about tracetcp parameters, see tracetcp -? Command to view help.
Examples

The following is a tracetcp sample command and the returned results:

C:\ >tracetcp www.aliyun.com:80
Tracing route to 140.205.63.8 on port 80
Over a maximum of 30 hops.
1 3 ms 4 ms 3 ms 3X.X.X.X
2 13 ms 3 ms 4 ms 1X.X.X.X
3 3 ms 3 ms 2 ms 10.X.X.X
4 4 ms 3 ms 3 ms 4X.X.X.X
5 5 ms 4 ms 7 ms 5X.X.X.X
6 6 ms 5 ms 7 ms 6X.X.X.X
7 8 ms 8 ms 8 ms 42.120.247.97
8 10 ms 10 ms 8 ms 123.56.34.246
9 9 ms 9 ms 11 ms 42.120.243.117
10 * * * Request timed out.
11 Destination Reached in 8 ms. Connection established to 140.205.63.8
Trace Complete.

Port availability test steps

Generally, you can perform the following steps for troubleshooting.

  1. Use the corresponding tool to perform availability test on the target server and port as described above.
  2. Check and analyze the detection results to confirm the root cause of the problem. If a port is blocked in one hop, no data is returned for each hop after that port. Based on this, abnormal nodes can be determined.
  3.  If a node does exist, you can resolve the node.
    • By ip.aliyun.com IP address query for the carrier and network to which the corresponding node belongs.
    • Or you can submit a ticket, please ask Ali Cloud technical support to help you feedback to relevant operators.
      Note: When you submit a ticket, submit the result of port availability check.

Case Analysis of detection results

This topic describes two troubleshooting cases that contain detection results and analysis.

Case 1

The detection results are as follows. The target Port has no data returned after the 3rd hop.

C:\>tracetcp www.aliyun.com:135
Tracing route to 115.239.210.27 on port 135
Over a maximum of 30 hops.
1 3 ms 3 ms 3 ms 1X.X.X.X
2 4 ms 3 ms 3 ms 2X.X.X.X
3 3 ms 3 ms 3 ms 3X.X.X.X
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
Trace Complete.
Analysis

Because the node is an intranet IP address, the node may be caused by the local network security policy. Contact the local network administrator for further troubleshooting and analysis.

Case 2

The detection results are as follows. The target Port has no data returned after the 11th hop.

[root@mycentos ~]# traceroute -T -p 135 www.baidu.com
traceroute to www.baidu.com (111.13.100.92), 30 hops max, 60 byte packets
1 * * *
2 1X.X.X.X (1X.X.X.X) 4.115 ms 4.397 ms 4.679 ms
3 2X.X.X.X (2X.X.X.X) 901.921 ms 902.762 ms 902.338 ms
4 3X.X.X.X (3X.X.X.X) 2.187 ms 1.392 ms 2.266 ms
5 * * *
6 5X.X.X.X (5X.X.X.X) 1.688 ms 1.465 ms 1.475 ms
7 6X.X.X.X (6X.X.X.X) 27.729 ms 27.708 ms 27.636 ms
8 * * *
9 * * *
10 111.13.98.249 (111.13.98.249) 28.922 ms 111.13.98.253 (111.13.98.253) 29.030 ms 28.916 ms
11 111.13.108.22 (111.13.108.22) 29.169 ms 28.893 ms 111.13.108.33 (111.13.108.33) 30.986 ms
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
Analysis

Because the node belongs to Beijing Mobile after the query, you need to report this information to the carrier, or submit a ticket perform further troubleshooting and analysis.

Application scope

  • ECS