For medium to large size projects the network setup can be quite complex, especially if it involves several external partners or third-party networks (VPN, MPLS etc).
Normally network changes are done by network engineers that do not have access to the servers and therefore cannot verify the changes they make.
When I have to verify a network change, firewall opening, NATing etc, I have in the past often used telnet.
This is very simple and works fine.
[root@wintermute ~]# telnet oracle.com 80 Trying 18.104.22.168... Connected to oracle.com.
But nmap is a better tool for this kind of testing.
If telnet cannot connect to a port you will get a “Connection refused” error. You will get this error both if there is a firewall problem and if the is no application listening on the port.
nmap on the other hand will tell you if you can reach the port and if something is listening.
[root@wintermute ~]# nmap -P0 -p 80,443 10.10.10.10 | grep -A 2 PORT PORT STATE SERVICE 80/tcp open http 443/tcp closed https
“open” means that an application is listening on the port. “closed” means packets reach the port but no application is listening.
Here is a description of all the 6 port states nmap will report.
Notice that it is possible to scan several ports at once.
If the port is block by a firewall nmap will return “filtered”.
[root@wintermute ~]# nmap -P0 -p 7013 10.10.10.10 | grep -A 1 PORT PORT STATE SERVICE 7013/tcp filtered unknown
nmap can do a lot of other things but this is what I mostly use it for.
If you are using Windows you can download nmap here.