UDP Connectivity Testing: Building a Telnet-Like Tool for UDP Port Checking


2 views

While working with UDP-based services like OpenVPN, DNS, or VoIP systems, administrators often need to verify connectivity through firewalls. Unlike TCP's telnet which provides immediate feedback, UDP requires alternative approaches due to its connectionless nature.

For quick UDP connectivity checks, several tools can be used:


# Using netcat (nc) for UDP testing
nc -u -z -v example.com 1194  # Test OpenVPN port

However, netcat has limitations in providing detailed response analysis. For more sophisticated testing, we can create a custom Python solution.

Here's a simple UDP tester that mimics telnet's interactive nature:


import socket
import time

def udp_probe(target, send_port, receive_port, timeout=3):
    send_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    recv_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    recv_sock.bind(('0.0.0.0', receive_port))
    recv_sock.settimeout(timeout)
    
    send_sock.sendto(b'PROBE', (target, send_port))
    print(f"Sent UDP probe to {target}:{send_port}")
    
    try:
        data, addr = recv_sock.recvfrom(1024)
        print(f"Received response from {addr[0]}:{addr[1]}")
        return True
    except socket.timeout:
        print("No response received within timeout period")
        return False

For more control over packet crafting:


from scapy.all import *

def scapy_udp_test(dst_ip, dst_port, src_port, retries=3):
    for i in range(retries):
        pkt = IP(dst=dst_ip)/UDP(sport=src_port,dport=dst_port)/Raw(load="TEST")
        reply = sr1(pkt, timeout=2, verbose=0)
        if reply:
            print(f"Response received from {dst_ip}")
            return True
    print("No response after multiple attempts")
    return False

Testing OpenVPN UDP port (1194):


$ python3 udp_tester.py vpn.example.com 1194 1194
Sent UDP probe to vpn.example.com:1194
Received response from 203.0.113.1:1194

For firewall testing with different source/destination ports:


$ python3 udp_tester.py firewall-test.example.com 500 4500
Sent UDP probe to firewall-test.example.com:500
No response received within timeout period

Unlike TCP which has dedicated tools like Telnet for connection testing, UDP's connectionless nature makes testing more challenging. When debugging OpenVPN or other UDP-based services, we often need to verify if:

  1. UDP packets can traverse firewalls
  2. Ports are correctly forwarded
  3. Services are responsive

The most versatile solution is netcat (nc), available on most Unix-like systems. For UDP testing specifically:


# Basic UDP listener (server side)
nc -ul -p 1194

# UDP client test (client side)
echo "test" | nc -u 192.168.1.100 1194

Let's simulate testing OpenVPN UDP port 1194 connectivity:


# On VPN server (listener mode)
nc -ul -p 1194 -v

# On client (testing mode)
echo "OPENVPN_TEST" | nc -u vpn.example.com 1194 -w 3

The -w 3 sets a 3-second timeout. If the packet reaches the server, you'll see the message appear in the server's terminal.

For more specialized testing:

  • socat: More powerful than netcat for complex scenarios
  • nmap: UDP port scanning with -sU flag
  • hping3: Advanced packet crafting

Here's a bash script to test UDP connectivity repeatedly:


#!/bin/bash
SERVER="vpn.example.com"
PORT=1194
INTERVAL=5

while true; do
  if echo "PING $(date)" | nc -u $SERVER $PORT -w 1; then
    echo "$(date): Connection successful"
  else
    echo "$(date): Connection failed"
  fi
  sleep $INTERVAL
done