Some useful tips about /dev/tcp

Just some simple tips that I found very useful.

Bash supports read/write operations on a pseudo-device file /dev/tcp/[host]/[port] [1].
Writing to this special file makes bash open a tcp connection to host:port, and this feature may be used for some useful purposes, for example:

Query an NTP server

this command:

cat </dev/tcp/

reads the time in Daytime Protocol from the NIST Internet Time Service server.

Fetch a web page

this script

exec 3<>/dev/tcp/
echo -e "GET / HTTP/1.1\r\nhost:\r\nConnection: close\r\n\r\n" >&3
cat <&3

fetches the front page from

Perform a port scan

In case you are not enabled to install any software on your linux box, using the same special file, you can check if a tcp port is open: if writing to the port succeeds, the port is open, else the port is closed.

So, you can perform a basic port scan, for example of an entire subnet, using a simple script like

for ip in {1..254};
  do for port in {22,80,443,3306,3389};
    do (echo >/dev/tcp/192.168.1.|$ip/$port) >& /dev/null && echo "192.168.1.$ip:$port is open";

You can customize the script changing the involved subnet.

Download a file

wget ()
  IFS=/ read proto z host query <<< "$1"
  exec 3< /dev/tcp/$host/80
    echo GET /$query HTTP/1.1
    echo connection: close
    echo host: $host
  } >&3
  sed '1,/^$/d' <&3 > $(basename $1)




Related posts

  1. How to extract forensic artifacts from Linux swap
  2. Technology Roundup #18
  3. Linux Forensics: Memory Capture and Analysis
  4. Cybersecurity Roundup #15
  5. Why Huawei USB stick setup on linux adds a strange “Huawei Autorun” script in system start?