Jul 24, 2020
Fatcat — firewall testing tool
At my work, I constantly have to do firewall testing between our hosts (our production network is managed by a vendor who also manages our physical production servers inside Equinix datacenters)
There are cases where we cannot connect within our network to certain ports, or certain port ranges
I’ve been looking for a network testing tool that can open up a range of ports on one host, and then test that range from another host.
The usual network testing tools all lack some part of this basic requirement
- netcat — great tool that can do basic telnet test and open up port (plus other tricks like serve files or become a chat server), but does not allow a port range
- nmap — sniffs for open ports on a network or host (but cant open up ports)
- ss / netstat — shows all ports that are up on a host
- nping — advanced version of netcat with lots of options, but cannot open ports or port ranges
- iperf — can test network bandwidth but is only able to start up a single port, not portrange
- tcpdump — the bread and butter of network troubleshooting, does not bring up ports on a portrange
I couldn’t find any tool that would let me easily test a port range and allow me to bring up hundreds of ports at once and test them.
Fatcat
I wrote this for fun using Crystal lang, a relatively new but very fun language that has Ruby-like syntax, yet is very fast (almost as fast as C)
Fatcat lets your test your firewall connections easily,
for example to test firewall blockage from server web1 to server web2, for the following ports,
15000, 16500, 18000–18100
# start ports on web2, using "server" modeuser@web2> fcat -p 15000,16500,18000-18100
now test connection to them from web1
# fcat using "client" modeuser@web1> fcat conn -h web2 -p 15000,16500,18000-18100
Fcat will open up ports on given port range, if a port is already being used by another process, Fcat will give out a yellow warning and move on to the next port on the list
If Fcat cannot bring up a port (your user may not be able to create more ports than whats allowed in /etc/security/limits.conf), it will raise an error in red, and move on to next port on list
From the client side, Fcat will attempt a TCP connection to your ports and report success or Error.
This way you can easily test a large number of ports at once.
Source code and README
https://github.com/perfecto25/fcat
see Release page for binaries for your OS
