使用nc命令探测udp端口

分别探测udp 1123和123端口【Connected的探测结果并不准确，只代表可以开始发送信息了】：

$ nc -v -u 172.22.35.65 1123
Ncat: Version 6.40 ( [http://nmap.org/ncat](http://nmap.org/ncat) )
Ncat: Connected to 172.22.35.65:1123.

$ nc -v -u 172.22.35.65 123
Ncat: Version 6.40 ( [http://nmap.org/ncat](http://nmap.org/ncat) )
Ncat: Connected to 172.22.35.65:123.

经tcpdump抓包，发现显示“Connected”之后并没有发送报文，而是敲回车后，显示xterm-256color才开始抓到报文，结果如下：

09:07:08.196131 IP (tos 0x0, ttl 64, id 51436, offset 0, flags [DF], proto UDP (17), length 43)
    10.59.0.93.33385 > <$ip>.<$port>: [udp sum ok]  [|isakmp]
09:07:08.204326 IP (tos 0x0, ttl 249, id 20115, offset 0, flags [DF], proto UDP (17), length 68)
    <$ip>.<$port> > 10.59.0.93.33385: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 0000000000000000->0000000000000000: phase 1 ? inf:
    (n: doi=ipsec proto=isakmp type=PAYLOAD-MALFORMED)

命令改进，使nc能顺利发送udp报文：

[root@kvm-1 ~]$ echo "test" | nc -v -u <ip> <port>
Ncat: Version 7.91 ( https://nmap.org/ncat )
Ncat: Connected to <ip>:<port>.
Ncat: 3 bytes sent, 0 bytes received in 0.09 seconds.

以上命令并不能判断对端是否回包，需要另开一个窗口，配合抓包：
tcpdump -vv -nni <interface> host <host-ip>

其抓包结果为：
[root@kvm-1 ~]$ tcpdump -vv -nni <interface> host <ip>
09:18:41.374493 IP (tos 0x0, ttl 64, id 45392, offset 0, flags [DF], proto UDP (17), length 31)
    10.59.0.93.53806 > <$ip>.<$port>: [udp sum ok]  [|isakmp]
09:18:41.385507 IP (tos 0x0, ttl 249, id 38857, offset 0, flags [DF], proto UDP (17), length 68)
    <$ip>.<$port> > 10.59.0.93.53806: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 0000000000000000->0000000000000000: phase 1 ? inf:
    (n: doi=ipsec proto=isakmp type=PAYLOAD-MALFORMED)

长探测：

for i in {1..10}; do echo "test" | nc -u <ip> <port> && date +'%H:%M:%S' && echo "请抓包查看回包" && sleep 0.5 ; done