edit-icon download-icon

Why the server can be pinged but the port cannot be accessed

Last Updated: Sep 18, 2017

When a client accesses a target server, if the server can be pinged but the service port cannot be accessed, a node in the link may intercept data from the port. You can use a port availability test tool and perform testing to check whether any node intercepts the port based on the test results.


Contents:

Introduction to the port availability test tools

Port availability test tools are different for different operating systems.

Tool for Linux ECS

Traceroute is a network test tool pre-installed on almost all versions of Linux. It is used to track the path of an IP data packet sent to a target IP address. You can use traceroute to test port availability.

Traceroute sends TCP data packets to test the target port in order to check the connectivity of corresponding ports on the entire link from the data packet source to the target server. The following code shows how to use traceroute to test port availability:

  1. traceroute [-n] -T -p <Target port number> Host

Example

  1. [root@centos~]# traceroute -n -T -p 22 223.5.5.5
  2. traceroute to 223.5.5.5 (223.5.5.5), 30 hops max, 60 byte packets
  3. 1 58.96.171.249 0.431 ms 0.538 ms 0.702 ms
  4. 2 10.88.16.29 0.997 ms 1.030 ms 10.88.16.21 1.309 ms
  5. 3 58.96.160.246 0.393 ms 0.390 ms 58.96.160.250 0.423 ms
  6. 4 63.218.56.237 1.110 ms 202.123.74.122 0.440 ms 0.440 ms
  7. 5 63.223.15.90 1.744 ms 63.218.56.237 1.076 ms 1.232 ms
  8. 6 63.223.15.158 1.832 ms 63.223.15.90 1.663 ms 63.223.15.74 1.616 ms
  9. 7 202.97.122.113 2.776 ms 63.223.15.154 1.585 ms 1.606 ms
  10. 8 * * 202.97.122.113 2.537 ms
  11. 9 202.97.61.237 6.856 ms * *
  12. 10 * * *
  13. 11 * * *
  14. 12 * * 119.147.220.222 8.738 ms
  15. 13 119.147.220.230 8.248 ms 8.231 ms *
  16. 14 * 42.120.242.230 32.305 ms 42.120.242.226 29.877 ms
  17. 15 42.120.242.234 11.950 ms 42.120.242.222 23.853 ms 42.120.242.218 29.831 ms
  18. 16 42.120.253.2 11.007 ms 42.120.242.234 13.615 ms 42.120.253.2 11.956 ms
  19. 17 42.120.253.14 21.578 ms 42.120.253.2 13.236 ms *
  20. 18 * * 223.5.5.5 12.070 ms !X

Parameter description

  • -n allows you to directly use the IP address rather than the host name (with reverse DNS lookup disabled).
  • -T indicates that the TCP test is passed.
  • -p is used to test the target port number.
  • Host indicates the target server domain name or the IP address.

For details about how to use traceroute, refer to man.

Tool for Windows ECS

In Windows, you can use tracetcp to test port availability.

tracetcp also sends TCP data packets to test the link and check whether a node in the link blocks the target port.

Download and install the tool

  1. The use of tracetcp relies on WinPcap library. Therefore, you need to go to the official website to download WinPcap library first.

  2. Click here to download the latest tracetcp. Alternatively, you can download tracetcp v1.0.2 from attachment (which may not be the latest version).

  3. Decompress the downloaded tracetcp files to the C:\Windows directory. (If you want to decompress these files to a non-system directory, you need to manually modify system environment variables to ensure that commands can be called directly.)

  4. Double-click tracetcp.exe. The common usage of tracetcp is as follows:

    tracetcp [Target server domain name or IP address]:[Number of the port to be tested]

Example

  1. C:\ >tracetcp www.aliyun.com:80
  2. Tracing route to 140.205.63.8 on port 80
  3. Over a maximum of 30 hops.
  4. 1 3 ms 4 ms 3 ms 30.9.176.1
  5. 2 13 ms 3 ms 4 ms 10.64.200.33
  6. 3 3 ms 3 ms 2 ms 10.64.1.1
  7. 4 4 ms 3 ms 3 ms 42.120.74.4
  8. 5 5 ms 4 ms 7 ms 42.120.253.233
  9. 6 6 ms 5 ms 7 ms 42.120.247.97
  10. 7 8 ms 8 ms 8 ms 42.120.247.97
  11. 8 10 ms 10 ms 8 ms 123.56.34.246
  12. 9 9 ms 9 ms 11 ms 42.120.243.117
  13. 10 * * * Request timed out.
  14. 11 Destination Reached in 8 ms. Connection established to 140.205.63.8
  15. Trace Complete.

For details about tracetcp parameter descriptions, run tracetcp -?.

Port availability test procedure

  1. Use traceroute or tracetcp to test the port availability for the target IP address.
  2. Analyze the test results to locate the node with exceptions.
    • After locating the node with exceptions, access an IP address query website such as ip.taobao.com to obtain the responsible carrier and network of the node with exceptions.
    • Open a ticket. We will report the problem to the responsible carrier.

Analyze testing result

Judgement: If the port is blocked in a certain hop, no data will be returned in the following hops. In this way, you can locate the node with exceptions.

Example 1

  1. C:\ >tracetcp www.aliyun.com:135
  2. Tracing route to 115.239.210.27 on port 135
  3. Over a maximum of 30 hops.
  4. 1 3 ms 3 ms 3 ms 30.9.176.1
  5. 2 4 ms 3 ms 3 ms 10.64.200.33
  6. 3 3 ms 3 ms 3 ms 10.64.1.1
  7. 4 * * * Request timed out.
  8. 5 * * * Request timed out.
  9. 6 * * * Request timed out.
  10. 7 * * * Request timed out.
  11. 8 * * * Request timed out.
  12. 9 * * * Request timed out.
  13. 10 * * * Request timed out.
  14. 11 * * * Request timed out.
  15. 12 * * * Request timed out.
  16. 13 * * * Request timed out.
  17. 14 * * * Request timed out.
  18. 15 * * * Request timed out.
  19. 16 * * * Request timed out.
  20. 17 * * * Request timed out.
  21. 18 * * * Request timed out.
  22. 19 * * * Request timed out.
  23. 20 * * * Request timed out.
  24. 21 * * * Request timed out.
  25. 22 * * * Request timed out.
  26. 23 * * * Request timed out.
  27. 24 * * * Request timed out.
  28. 25 * * * Request timed out.
  29. 26 * * * Request timed out.
  30. 27 * * * Request timed out.
  31. 28 * * * Request timed out.
  32. 29 * * * Request timed out.
  33. 30 * * * Request timed out.
  34. Trace Complete.

In this example, no data is returned after the third hop on the target port. This indicates that data is intercepted on the target port corresponding to the node.

Conclusion: Because the node has an intranet IP address, the port may be blocked due to local network security policies. You need to contact the local network management personnel to analyze and troubleshoot the problem.

Example 2

  1. [root@mycentos ~]# traceroute -T -p 135 www.baidu.com
  2. traceroute to www.baidu.com (111.13.100.92), 30 hops max, 60 byte packets
  3. 1 * * *
  4. 2 192.168.17.20 (192.168.17.20) 4.115 ms 4.397 ms 4.679 ms
  5. 3 111.1.20.41 (111.1.20.41) 901.921 ms 902.762 ms 902.338 ms
  6. 4 111.1.34.197 (111.1.34.197) 2.187 ms 1.392 ms 2.266 ms
  7. 5 * * *
  8. 6 221.183.19.169 (221.183.19.169) 1.688 ms 1.465 ms 1.475 ms
  9. 7 221.183.11.105 (221.183.11.105) 27.729 ms 27.708 ms 27.636 ms
  10. 8 * * *
  11. 9 * * *
  12. 10 111.13.98.249 (111.13.98.249) 28.922 ms 111.13.98.253 (111.13.98.253) 29.030 ms 28.916 ms
  13. 11 111.13.108.22 (111.13.108.22) 29.169 ms 28.893 ms 111.13.108.33 (111.13.108.33) 30.986 ms
  14. 12 * * *
  15. 13 * * *
  16. 14 * * *
  17. 15 * * *
  18. 16 * * *
  19. 17 * * *
  20. 18 * * *
  21. 19 * * *
  22. 20 * * *
  23. 21 * * *
  24. 22 * * *
  25. 23 * * *
  26. 24 * * *
  27. 25 * * *
  28. 26 * * *
  29. 27 * * *
  30. 28 * * *
  31. 29 * * *
  32. 30 * * *

In this example, no data returns after the eleventh hop on the target port. This indicates that data is intercepted on the target port corresponding to the node.

Conclusion: Via querying, Beijing China Mobile is responsible for the target port corresponding to the node. Therefore, you need to contact Beijing Mobile or open a ticket to analyze and troubleshoot the problem.

Thank you! We've received your feedback.