I have an interesting scenario where 2 applications are listening to the same port. One on the loop-back address and one on the invalid address.
My understanding is that only one application can listen to a port at a time. So, how is this possible?
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:10006 0.0.0.0:0 LISTENING 1772
TCP 127.0.0.1:10006 0.0.0.0:0 LISTENING 3876
Both were started under the system account and both are running fine, but if I switch one to a local user then the that application fails to start. If I switch both to local user then both starts fine. It seems if both are in the same user context then both are able to run fine.
0.0.0.0 means all IPv4 addresses on the local machine. So if the machine has multiple network addresses, it will serve all of those.
The loopback is distinct from that, so it's legal to be listening on the same port but different adapters.
Related
I have enabled 1 port [8081] and it's accessible from the remote computer. but the same for other port [7500] not working?
I would like to know the meaning of the below line?
TCP [::]:8081 [::]:0 LISTENING
And how to enable the same for port [7500]?
Attached listening port status:
netstat -na outputs 4 columns of data:
Proto, Local Address, Foreign Address, and State.
When looking for port 8081, you find 2 entries - one for TCP on 0.0.0.0:8081 for IPv4, and one for TCP [::]:8081 for IPv6.
When looking for port 7500, you find 1 entry - one for TCP 0.0.0.0:7500 for IPv4 only.
In both cases, you have local sockets listening via wildcard IPs to all local network adapters, and there is no "Foriegn Address" assigned because a listening socket is not connected to any remote party. TCP sockets in the ESTABLISHED state have remote parties.
You have not shown any code, or explained your network setup, so nobody can really explain why you have 2 entries for port 8081 but only 1 entry for port 7500, or why remote computers can connect to port 8081 but not to port 7500. Maybe those clients are only using IPv6? Maybe your listening computer is behind a router that doesn't forward port 7500? We don't know.
I have a dedicated server that I use for Minecraft servers. On these servers, I have given them both their own IP address. Is it possible to have them both run on the same port?
If the Minecraft servers can be configured to bind to a particular IP address, and each one is configured for a different IP (but not "any" IP), then yes each one can listen on the same port. Doesn't matter if it's TCP or UDP.
I have implement a Client-Server application in java. The server can serve multiple clients, and I want to test that, but my knowledges on Networking is poor, and I need a way to test my application on my home.
I have a rooter, which are connected both of my computers. My "server" class in java uses as host the local host (127.0.0.1) on a given port.
How can I test my program if
The Server.java is running on the Computer A
Server.java is running on 127.0.0.1 on 3943 port
1st Client.java is running on the Computer A
1st Client.java is connected to 3943 port
2nd Client.java is running on the Computer B
2nd Client.java is connected to 3943 port
Any ideas?
Use unique ports for the clients and servers running on the same machine. In addition 127.0.0.1 is localhost (internal to that machine). Computer B cannot communicate with 127.0.0.1 on Computer A. Use 127.0.0.1 if all applications or on the same machine. Use the computers actual IP address if you want external machines to be able to communicate with the server.
When client and server, are on the same computer, what you are doing must be already working.
To connect from a different computer, you need to find the "real" ip address of your server.
If you are on Windows, open a command shell on your computer A, and run ipconfig. On unix/linux/mac, run ifconfig.
Look for a string, looking like an ip address, but not 127.0.0.1, there has to be another one if you are connected to a network, probably looks like 10.0.0. or 192.168.<0 or 1> ..
Use this address everywhere instead of 127.0.0.1
A full TCP connection consists of two different endpoints. The server side of the connection is one endpoint (it will be do a listen on that endpoint). When a client creates it's side of the connection (the client socket), it will do a connect to the server ip:port combo and get a number assigned from a range of so-called "ephemeral" ports.
The fact that both sides of the connection have the same IP address doesn't matter - the full connection is defined by two distinct elements (address:port combinations).
FirstClient's connection to the server will be ServerIP:ServerPort<->Client1_IP:Client1_Port, and SecondClient's connection will be ServerIP:ServerPort<->Client2_IP:Client2_Port. The network layer can differentiate between these (they are two different connection streams) and route traffic to the appropriate sender/receiver for that stream.
If you run the server bound to IP 127.0.0.1 you are not opening it to the network, only your own computer will be able to connect to it, acessing 127.0.0.1 (loopback IP address).
To open this server to the network, you must do one of the two things:
Bind it to the IP 0.0.0.0 so it will be acessible from all networks;
Bind it to a specific network IP address so that it will be available to that network only.
Its common practice to just bind it to 0.0.0.0, its easier.
Once its done, you will be able to connect from other computers to the server running on computer A, however, not through IP 127.0.0.1. Thats the loopback address and can only be used by a computer to connect to itself.
Computer A can use the IP 127.0.0.1 to connect to the server since the server is running on it, but other network computers will have to specify computer A's network IP address.
You can find your IP address on the network adapter details, or running the command ipconfig /all on a command prompt (Windows) or ifconfig (Linux).
I have a general question regarding binding and connecting to localhost. I am using a TCP client/server and on the server side I do sth of the form:
bind(localhost, 9999);
listen();
This is done on a unix host with a name e.g. host1
Now, the client is running on a separate Windows box, on the same network. In order to connect I tried to connect via hostname:port, hostIp:port but none of that succeeds.
Is this because binding to localhost is not visible across the network for other processes to connect to and is used for e.g. client/server running on the same machine?
If you are binding to localhost (i.e. 127.0.0.1), you can only accept connections from the localhost, not over the network.
If you need to accept remote connections over the network, you should either bind to one of the local IP addresses (e.g. 192.168.0.10) or all interfaces (i.e. 0.0.0.0).
This is due to the fact that 127.0.0.1 is always local loopback address, and as such never routed over the network.
I did a test of NFS service over Cisco ASA 5505 firewall.
With normal interface default ACL, which is "permit ip any any" on inside interface (Level 100), "deny ip any any" on outside interface (level 0). NFS server is connected to outside interface. Everything works great. By look at the the packets go through, I can see inside PC call NFS server's 111 port, negotiate a port using portmap. Finished this TCP connection. Then NFS server (outside PC) use the negotiated port to connect to inside PC and transfers data. Cisco ASA firewall keep TCP states very well and "remembered" the negotiated port, thus let outside PC using this port to talk to inside PC even the outside ACL is "deny ip any any". The firewall is fully stateful, every thing is great so far.
However, as long as I connected the NFS server (outside PC) to Cisco ASA firewall using VPN. Everything changed. By look at the packets, NFS can still go through firewall and negotiate a port by portmap. While after this TCP session is over. Firewall FORGET the negotiated port and block the outside PC using negotiated port to talk back to inside PC.
With or without VPN is the only change. There is just one ACL, on inside interface, permit ip any any. The NFS server is set to can be access from any subnet. There is no NAT and no service-policies setup on this firewall.
Can anyone please explain why Cisco Firewall rules is not "stateful" anymore over VPN? Is it designed to be? What is the best way to let NFS working over VPN without open a range of dynamical ports on outside interface?
One of the strong sides on NFSv4.0 is firewall friendly. No port map required. You need only single TCP port 2049 to be opened. All operations which have have a state on the server require client to send a heard bit, which is typically ~ 90 seconds. We you is in your firewalled setup and quite happy with it.