How to Test Network Connectivity Between Two Hosts for a Specific Port (e.g. 1433)


2 views

When troubleshooting network applications or database connections, verifying route availability between hosts for specific ports is crucial. This goes beyond basic ping tests, requiring port-level validation.

The most efficient methods combine traditional network tools with scripting:

# Using telnet (cross-platform)
telnet target_host 1433

# Linux/macOS alternative with netcat:
nc -zv target_host 1433

# Windows PowerShell equivalent:
Test-NetConnection target_host -Port 1433

For programmatic checks in automation scripts:

import socket

def check_port(host, port, timeout=3):
    try:
        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
            s.settimeout(timeout)
            return s.connect_ex((host, port)) == 0
    except socket.error:
        return False

# Usage example:
if check_port("db-server.example.com", 1433):
    print("SQL Server port accessible")
else:
    print("Connection failed")

Standard traceroute shows path but not port availability. For TCP-aware tracing:

# Linux:
tcptraceroute db-server.example.com 1433

# Windows alternative:
tracert -d -T -p 1433 db-server.example.com

Remember that intermediate firewalls may block probes. For accurate testing:

  • Use the same protocol as your application (TCP/UDP)
  • Test from the actual source host where the application runs
  • Verify both inbound and outbound rules

For production environments, consider setting up monitoring with tools like:

# Nagios check command example
define command {
    command_name check_tcp_port
    command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$
}

When troubleshooting network issues between servers, databases, or microservices, verifying connectivity on specific ports is more precise than basic ping tests. Unlike ICMP (used by ping), port checks validate whether the application-layer communication path exists.

1. Telnet (Quick Check):

telnet target_host 1433
# Success: Blank screen or server banner
# Failure: "Could not open connection" or timeout

2. Netcat (Advanced Testing):

nc -zv target_host 1433
# -z: Zero-I/O mode (scan only)
# -v: Verbose output
# Sample output:
# Connection to 192.168.1.100 1433 port [tcp/ms-sql-s] succeeded!
Test-NetConnection -ComputerName db-server -Port 1433
# Returns detailed object with properties:
# ComputerName, RemoteAddress, RemotePort, InterfaceAlias, SourceAddress, TcpTestSucceeded

For programmatic checks in automation scripts:

import socket

def check_port(host, port, timeout=3):
    try:
        with socket.create_connection((host, port), timeout=timeout):
            return True
    except (socket.timeout, ConnectionRefusedError):
        return False

# Usage:
if check_port("sql-server.prod", 1433):
    print("MS SQL port is accessible")
else:
    print("Connection failed")

Traceroute with Port Specification:

# Linux:
traceroute -T -p 1433 destination_host

# Windows:
tracert destination_host
# Note: Traditional traceroute doesn't support ports, combine with port tests

Firewall Rule Verification:

# Linux:
sudo iptables -L -n | grep 1433

# Windows:
netsh advfirewall firewall show rule name=all | find "1433"

Scenario: SQL Server connection failures between app-server and db-server:

  1. First verify basic network reachability
  2. Test port 1433 connectivity from source to destination
  3. Check reverse connectivity (firewalls often block asymmetrically)
  4. Verify SQL Server is listening: netstat -ano | findstr 1433
  5. Inspect Windows Firewall: Get-NetFirewallRule | Where-Object { $_.LocalPort -eq 1433 }

For AWS/Azure/GCP environments:

  • Check Security Groups and NACLs (AWS)
  • Verify NSG rules (Azure)
  • Confirm VPC peering or transit gateway configurations
  • Test both private and public IPs if applicable