I read on Ports WIKI page that "Ports are logical constructs which identifies a service or process", what service or process means here? It means protocol like HTTP, FTP etc. or software applications which are configured to listen on that port?
When it is said that application is listening on so and so... then does it listen for request to an IP address or a port, or listens on a combination of port and IP address? Application listen for a specific IP address and one or more ports are bound to it OR it listens for a combination of IP and port?
For example, I can have application configured for 7001 for HTTP requests and 7002 for HTTPS requests. So, would be listening on 7001 or what?
Applications/services such as a HTTP web server or an FTP server are assigned a port to use/listen on, usually in the config of the application. and they often use a standard port. HTTP for example usually uses port 80.
If an app/service is listening it listens to a port and has no relation to a specific IP address. This is because the IP address it is listening on is the IP address of the computer that the app/service it is running on.
Related
I configured tinyproxy with multiple ports and wireguard. I have a server with 2 IPs (bond). clients request to my server and my server request to another server as a client.
tinyproxy listens to 8888 and 9999. now I want to if traffics come in port 8888 use IP 1 and others use IP 2 (as source IP).
any idea?
I'm setting up 4 servers that each have RESTful APIs that go over HTTPS. Because we're in the early stages of a startup, I'm going to host these in my closet.
I have business-class Comcast service, so I can get a static IP address or a series of them. The IP addresses are $10/ea per month, so I can save about $30 if I get just one. I realize this sounds like I'm being super cheap, but we're pinching pennies until we get some customers.
We will probably use one server as a "tools" server that will allow us to reach the other servers via SSH; the other 3 servers will need to have HTTPS open to the internet on the LAN.
I'm considering getting one static IP address, and then using my router to forward HTTPS traffic to the various servers. The port forwarding would look something like:
WAN Port LAN Port Server
22 22 Tools
1443 443 Server 1 (API via SSL)
2443 443 Server 2 (API via SSL)
3443 443 Server 3 (API via SSL)
I would then set up A NAME records in my DNS that would be:
tools.mydomain.com -> <static IP address>:22
server1.mydomain.com -> <static IP address>:1443
server2.mydomain.com -> <static IP address>:2443
server3.mydomain.com -> <static IP address>:3443
Is this a reasonable approach? Will it work?
You cannot direct traffic to a specific TCP port with DNS records. You can only point at an IP-address. The client by default uses tcp port 80 for HTTP and port 443 for HTTPS (unless you explicitly name the port to use in the URL).
Furthermore you cannot have multiple HTTPS-based hosts using the same IP address unless they also use the same SSL certificate. That is because the SSL handshake takes place before the client reveals to the server which hostname it was trying to reach, so the server can only give out an SSL certificate based on the IP address (and port) that was connected to.
In this particular instance, if you have four servers that actually have the same domain, you can get a wildcard SSL certificate (i.e. it covers *.mydomain.com) and then you can actually get away with one single public IP address for all four servers. Just point all DNS records to the same IP address and then you have the server give out your wildcard certificate which is valid regardless of which hostname the client is using. After the SSL handshake is thus completed, the server can look at the Host: -header in the client request to determine which server the request was actually intended for, i.e. you have one server acting as the HTTPS-endpoint where all HTTPS-requests are received and then internally forwarding to unencrypted request to the correct server (or handle all servernames virtually by one physical server).
If you are using Apache HTTP server I suggest you read about name-based virtual hosts and proxy forwarding:
http://httpd.apache.org/docs/current/vhosts/name-based.html
http://httpd.apache.org/docs/current/rewrite/vhosts.html
http://httpd.apache.org/docs/current/rewrite/proxy.html
I'm running a game server on my Windows Server 2008 VPS. It uses ports 443 and 444.
Recently there are some suspicious activity from a user. I always have access to the users IP address. How to find out what requests are sent to these ports from that IP?
If you want to see packets that came in and goes out from you server you can install wireshark and capture all packets or filter them by specific ports.
On localhost a program is calling an external IP in a specific port. I'm monitoring this via wireshark. Standard TCP connection.
What's the easiest way to route the traffic to the external IP back to localhost on a specific port?
Thanks
Configure your network card to have a second IP address - the external one.
When the IP packet gets routed, it turns out that it needs to be delivered locally.
If you listen locally to any address, you'll pick it up.
Alternatively you can listen locally to the specific IP address.
I am new to TCP/IP and trying hard to learn basics. Well, I really wonder about inbound rules and outbound rules of Firewall and concept of source adress:port, destination adress:port.
For example I am investigating port 80. I know that http uses port 80. But when I try to listen the traffic I see that my browser doesn't use 80. As you see from the image only destination port 80 is used and "destination" should be the server that hosts web pages not my computer. And also there is no used port 80 on source port, "source" should be my computer.
My browser uses some other ports as source and goes to server port 80. From that, I understand that port 80 of my computer is not used for http, only server computers that host the web pages used port 80 but if I close port 80 or my computer from outbound rules the internet dooesn't work. But as I understood before from the image, port 80 is not used on my computer.
Really confused. Can anybody clarify it for me?
You are right : the communication goes from your computer (source port chosen "randomly") to a web server (destination port 80). And from a web server (source port 80) to your computer (destination port xxxxx) for the server's responses.
If you close port 80 in outbound rules, your computer will not be able to access any web server because this rule means that your firewall drops any packets which are send from your computer to a destination on port 80.
EDIT
Actually, the packets you send contains parameters such as :
Your_IP, Server_IP, Source_port (xxxxx), Destination port (80)
When your firewall sees that kind of packet, it applies the outbound rules (the one concerning the communication FROM your computer TO a web server). If your outbound rule is to close port 80 (which means to drop any packets whose destination port is 80) it is normal to see the packets you try to send to a web server getting dropped.
closing port 80 in outbound rules doesn't mean you close your computer's port 80. It means your firewall drops packets whose destination port is 80.