Home

More on Using Bash's Built-in /dev/tcp File (TCP/IP)

Sep 30, 2009  By Mitch Frazier
 in

If you saw yesterday's Tech Tip and were looking for more on using TCP/IP with bash's built-in /dev/tcp device file then read on. Here, we'll both read from, and write to a socket.

Before I go any further, let me state that this is based on something I discovered here on Dave Smith's Blog. All I've done here is added a few improvements based on the comments to the original post. I've also added a bit of additional explanation.

The following script fetches the front page from Google:

exec 3<>/dev/tcp/www.google.com/80
echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3
cat <&3

Pretty simple, just 3 lines. The first line may be a bit confusing if you haven't seen this type of thing before. This line causes file descriptor 3 to be opened for reading and writing on the specified TCP/IP socket. This is a special form of the exec statement. From the bash man page:

exec [-cl] [-a name] [command [arguments]]

... If command is not specified, any redirections take effect in the current shell, and the return status is 0.

So using exec without a command is a way to open files in the current shell.

After the socket is open we send our HTTP request out the socket with the echo ... >&3 command. The request consists of:

GET / HTTP/1.1
host: http://www.google.com
Connection: close

Each line is followed by a carriage-return and newline, and all the headers are followed by a blank line to signal the end of the request (this is all standard HTTP stuff).

Next we read the response out of the socket using cat <&3, which reads the response and prints it out. The response being the main HTML page from Google:

$ bash tcp.sh
HTTP/1.1 200 OK
Date: Wed, 30 Sep 2009 17:28:36 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=...
Set-Cookie: NID=27=...
Server: gws
X-XSS-Protection: 0
Transfer-Encoding: chunked
Connection: close

fef
<!doctype html><html><head><meta ...

And that's it, with just a few more lines of code you could have your own bash based browser... well maybe not.

______________________

Mitch Frazier is an Associate Editor for Linux Journal.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

By the time you're done improving the script....

ChronoFish's picture
Submitted by ChronoFish (not verified) on Fri, 10/02/2009 - 15:10.

You'll have re-built "wget". If you need the raw headers, a telnet script will work and have the added benefit of being shell independent... But cool none the less.

-CF

Host header

Anonymous's picture
Submitted by Anonymous (not verified) on Fri, 10/02/2009 - 13:14.

Great Article, but I'm going to point out something nitpicky:

The host header "host: http://www.google.com" should be changed to "Host: www.google.com" to be HTTP 1.1 compliant. Thanks!

Newlines and shebang

Benjie Gillam's picture
Submitted by Benjie Gillam (not verified) on Thu, 10/01/2009 - 04:56.

Technically you should either do "echo -en" or remove the last "\n" from the echo string, otherwise what is actually sent to Google is "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n\n" with two "\n"s at the end. This is of particular importance for POST requests (or other requests with a payload).

I'd also suggest you add the shebang #!/bin/bash to the top of the script - I think at least Ubuntu generally uses dash instead of bash for /bin/sh which may cause the "file" to appear missing even if supported by bash.

What version of bash brings /dev/tcp support? Neither Ubuntu Hardy (64bit) nor Ubuntu Jaunty (32bit) seem to support it out of the box. Unless it requires installing an additional package?

Echo

Mitch Frazier's picture
Submitted by Mitch Frazier on Thu, 10/01/2009 - 10:40.

Adding the -n to the echo command is a good idea. Removing the last newline would work also, though I think that would "look" confusing since there'd be a carriage return "hanging" out there in the middle of nowhere, so to speak.

Not sure which version of bash included this, but it's a compile time option and ubuntu (and debian) don't enable it. See the comments on the original tech tip.

Mitch Frazier is an Associate Editor for Linux Journal.

This doesn't work: exec

Anonymous's picture
Submitted by Anonymous (not verified) on Thu, 10/01/2009 - 03:21.

This doesn't work:

exec 3<>/dev/tcp/www.google.com/80
bash: /dev/tcp/www.google.com/80: No such file or directory

bash --version
GNU bash, version 3.2.48(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2007 Free Software Foundation, Inc.

See Tech Tip Comments

Mitch Frazier's picture
Submitted by Mitch Frazier on Thu, 10/01/2009 - 10:37.

This means your version of bash wasn't compiled with /dev/tcp support. See the comments attached to the original Tech Tip.

Mitch Frazier is an Associate Editor for Linux Journal.

what about closing the socket

piavlo's picture
Submitted by piavlo (not verified) on Thu, 10/01/2009 - 03:20.

you forgot to mention how to close the socket to avoid the CLOSE_WAIT :) - which would be "exec 3>&-"

shell> exec 3<>/dev/tcp/www.google.com/80
shell> netstat -anpt | grep 80 | grep bash
tcp 0 0 1.2.3.4:58463 209.85.129.99:80 ESTABLISHED7812/-bash
shell> echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3
shell> netstat -anpt | grep 80 | grep bash
tcp 833 0 1.2.3.4:58463 209.85.129.99:80 CLOSE_WAIT 7812/-bash
shell> cat <&3
HTTP/1.1 302 Found
Location: http://www.google.co.il/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=f8d725d8e4255cbd:TM=1254384103:LM=1254384103:S=U8mS08Olic23lpHx; expires=Sat, 01-Oct-2011 08:01:43 GMT; path=/; domain=.google.com
Set-Cookie: NID=27=BPe4nHbiomJwYiJ6f0YXwVcKrv9ffW8VcrnJJ_bNNWaWyH6nn6gGE1lh7nAUxEswSmFf9d59lX8a-3EbHf9_YrxhqCd9IBGF6hZjeKHtHtfG97be79Bq3mvf4tq8vfAY; expires=Fri, 02-Apr-2010 08:01:43 GMT; path=/; domain=.google.com; HttpOnly
Date: Thu, 01 Oct 2009 08:01:43 GMT
Server: gws
Content-Length: 221
X-XSS-Protection: 0
Connection: close

302 Moved
302 Moved
The document has moved
here.

shell> netstat -anpt | grep 80 | grep bash
tcp 0 0 1.2.3.4:58463 209.85.129.99:80 CLOSE_WAIT 7812/-bash
shell> exec 3>&-
shell> netstat -anpt | grep 80 | grep bash
shell>

Close Wait

Mitch Frazier's picture
Submitted by Mitch Frazier on Thu, 10/01/2009 - 10:41.

Another good addition.

Mitch Frazier is an Associate Editor for Linux Journal.

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions