使用nc命令探測udp端口

分別探測udp 1123和123端口【Connected的探測結果並不准確，只代表可以開始發送信息了】：

$ nc -v -u 172.22.35.65 1123
Ncat: Version 6.40 ( [http://nmap.org/ncat](http://nmap.org/ncat) )
Ncat: Connected to 172.22.35.65:1123.

$ nc -v -u 172.22.35.65 123
Ncat: Version 6.40 ( [http://nmap.org/ncat](http://nmap.org/ncat) )
Ncat: Connected to 172.22.35.65:123.

經tcpdump抓包，發現顯示“Connected”之后並沒有發送報文，而是敲回車后，顯示xterm-256color才開始抓到報文，結果如下：

09:07:08.196131 IP (tos 0x0, ttl 64, id 51436, offset 0, flags [DF], proto UDP (17), length 43)
    10.59.0.93.33385 > <$ip>.<$port>: [udp sum ok]  [|isakmp]
09:07:08.204326 IP (tos 0x0, ttl 249, id 20115, offset 0, flags [DF], proto UDP (17), length 68)
    <$ip>.<$port> > 10.59.0.93.33385: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 0000000000000000->0000000000000000: phase 1 ? inf:
    (n: doi=ipsec proto=isakmp type=PAYLOAD-MALFORMED)

命令改進，使nc能順利發送udp報文：

[root@kvm-1 ~]$ echo "test" | nc -v -u <ip> <port>
Ncat: Version 7.91 ( https://nmap.org/ncat )
Ncat: Connected to <ip>:<port>.
Ncat: 3 bytes sent, 0 bytes received in 0.09 seconds.

以上命令並不能判斷對端是否回包，需要另開一個窗口，配合抓包：
tcpdump -vv -nni <interface> host <host-ip>

其抓包結果為：
[root@kvm-1 ~]$ tcpdump -vv -nni <interface> host <ip>
09:18:41.374493 IP (tos 0x0, ttl 64, id 45392, offset 0, flags [DF], proto UDP (17), length 31)
    10.59.0.93.53806 > <$ip>.<$port>: [udp sum ok]  [|isakmp]
09:18:41.385507 IP (tos 0x0, ttl 249, id 38857, offset 0, flags [DF], proto UDP (17), length 68)
    <$ip>.<$port> > 10.59.0.93.53806: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 0000000000000000->0000000000000000: phase 1 ? inf:
    (n: doi=ipsec proto=isakmp type=PAYLOAD-MALFORMED)

長探測：

for i in {1..10}; do echo "test" | nc -u <ip> <port> && date +'%H:%M:%S' && echo "請抓包查看回包" && sleep 0.5 ; done