nc -z 是做什麼用的？

在一個練習的解決方案中，我發現了這個：

nc -z [serverip] [port]

它有什麼作用？

在nc手冊頁上我發現

-z 零 I/O 模式

$$ used for scanning $$

不是很解釋……在網上搜尋我發現了Netcat Cheat Sheet，上面寫著：

-z：零I/O模式（不發送任何數據，只發出一個沒有有效負載的數據包）

那麼，為什麼我要發送一個沒有任何內容的數據包呢？這就像一個ping？

-z將選項視為“立即關閉連接”可能更有用。我的版本nc對埠掃描有這樣的說法：

埠掃描

It may be useful to know which ports are open and running services on a target machine.  The -z flag can
be used to tell nc to report open ports, rather than initiate a connection. Usually it's useful to turn on
verbose output to stderr by use this option in conjunction with -v option.

For example:

      $ nc -zv host.example.com 20-30
      Connection to host.example.com 22 port [tcp/ssh] succeeded!
      Connection to host.example.com 25 port [tcp/smtp] succeeded!

The port range was specified to limit the search to ports 20 - 30, and is scanned by increasing order (un‐
less the -r flag is set).

You can also specify a list of ports to scan, for example:

      $ nc -zv host.example.com http 20 22-23
      nc: connect to host.example.com 80 (tcp) failed: Connection refused
      nc: connect to host.example.com 20 (tcp) failed: Connection refused
      Connection to host.example.com port [tcp/ssh] succeeded!
      nc: connect to host.example.com 23 (tcp) failed: Connection refused

The ports are scanned by the order you given (unless the -r flag is set).

Alternatively, it might be useful to know which server software is running, and which versions.  This in‐
formation is often contained within the greeting banners.  In order to retrieve these, it is necessary to
first make a connection, and then break the connection when the banner has been retrieved.  This can be
accomplished by specifying a small timeout with the -w flag, or perhaps by issuing a "QUIT" command to the
server:

      $ echo "QUIT" | nc host.example.com 20-30
      SSH-1.99-OpenSSH_3.6.1p2
      Protocol mismatch.
      220 host.example.com IMS SMTP Receiver Version 0.84 Ready

您可以使用tcpdump來查看nc發送和不發送的內容-z。

沒有-z：

carbon# nc -v localhost 25
Connection to localhost 25 port [tcp/smtp] succeeded!
220 carbon.home ESMTP Postfix (Ubuntu)

tcpdump -i lo port 25:

15:59:07.956294 IP6 localhost.41584 > localhost.smtp: Flags [S], seq 717573315, win 65476, options [mss 65476,sackOK,TS val 4044858638 ecr 0,nop,wscale 7], length 0
15:59:07.956309 IP6 localhost.smtp > localhost.41584: Flags [S.], seq 3478976646, ack 717573316, win 65464, options [mss 65476,sackOK,TS val 4044858638 ecr 4044858638,nop,wscale 7], length 0
15:59:07.956320 IP6 localhost.41584 > localhost.smtp: Flags [.], ack 1, win 512, options [nop,nop,TS val 4044858638 ecr 4044858638], length 0
15:59:07.956536 IP6 localhost.smtp > localhost.41584: Flags [P.], seq 1:41, ack 1, win 512, options [nop,nop,TS val 4044858639 ecr 4044858638], length 40: SMTP: 220 carbon.home ESMTP Postfix (Ubuntu)
15:59:07.956548 IP6 localhost.41584 > localhost.smtp: Flags [.], ack 41, win 512, options [nop,nop,TS val 4044858639 ecr 4044858639], length 0
15:59:14.917615 IP6 localhost.41584 > localhost.smtp: Flags [F.], seq 1, ack 41, win 512, options [nop,nop,TS val 4044865599 ecr 4044858639], length 0
15:59:14.917754 IP6 localhost.smtp > localhost.41584: Flags [F.], seq 41, ack 2, win 512, options [nop,nop,TS val 4044865600 ecr 4044865599], length 0
15:59:14.917773 IP6 localhost.41584 > localhost.smtp: Flags [.], ack 42, win 512, options [nop,nop,TS val 4044865600 ecr 4044865600], length 0

與-z：

carbon# nc -zv localhost 25
Connection to localhost 25 port [tcp/smtp] succeeded!

tcpdump：

15:59:22.394593 IP6 localhost.41592 > localhost.smtp: Flags [S], seq 449578009, win 65476, options [mss 65476,sackOK,TS val 4044873076 ecr 0,nop,wscale 7], length 0
15:59:22.394605 IP6 localhost.smtp > localhost.41592: Flags [S.], seq 3916701833, ack 449578010, win 65464, options [mss 65476,sackOK,TS val 4044873076 ecr 4044873076,nop,wscale 7], length 0
15:59:22.394615 IP6 localhost.41592 > localhost.smtp: Flags [.], ack 1, win 512, options [nop,nop,TS val 4044873076 ecr 4044873076], length 0
15:59:22.394683 IP6 localhost.41592 > localhost.smtp: Flags [F.], seq 1, ack 1, win 512, options [nop,nop,TS val 4044873076 ecr 4044873076], length 0
15:59:22.394828 IP6 localhost.smtp > localhost.41592: Flags [P.], seq 1:41, ack 2, win 512, options [nop,nop,TS val 4044873077 ecr 4044873076], length 40: SMTP: 220 carbon.home ESMTP Postfix (Ubuntu)
15:59:22.394840 IP6 localhost.41592 > localhost.smtp: Flags [R], seq 449578011, win 0, length 0

您可以看到伺服器仍然發送了問候語 ( 220 carbon.home ESMTP Postfix (Ubuntu)) 但nc沒有列印出來（並且可能沒有閱讀它）。

引用自：https://unix.stackexchange.com/questions/589561