On Solaris (or Unix), running lsof gives me a bunch of lines like this:
java 25375 foo 8161u IPv4 0xfffffeb1f6f523c0 0t0 TCP *:* (IDLE)
But the *:* puzzles me - I was expecting to see something like
hostname1:port1->ipaddress:port2 (IDLE)
What does the *:* mean?
I will quote this from here:
If the Foreign Address is *:* (and, with TCP sockets, the state is
LISTEN), a socket is usually waiting for some remote host to send the
first data. Typical examples: sshd (waits for somebody to open an ssh
connection), apache (waits for somebody to request a web page), cupsd
(waits for somebody to send a print job), and dhclient (waits for the
DHCP server to send, for example, a lease renewal).
Related
I know that ports 9779 and 9669 need to be opened to NebulaGraph Database. How to test that these ports are open and available?
Port:9779 has been opened for NebulaGraph Database. Is there a configuration sample for reference?
Interesting question, you could do this in many ways, I'll drop some of them:
Assuming you are on a linux machine, you could check all occupied ports with ss or netstats(depending on whether is modern or old) like:
$ ss -plunt | grep 9669
tcp LISTEN 0 4096 0.0.0.0:9669 0.0.0.0:*
tcp LISTEN 0 4096 [::]:9669 [::]:*
And this means 9669 is already occupied in all IPv6 and IPv4 interfaces.
Or, you could try to bind that port to see if it's possible like:
$ python3 -m http.server 9779
Serving HTTP on :: port 9779 (http://[::]:9779/) ...
And if the HTTP server can be listening in this port, it means you are free to use it, it's available!
Or you may use Telnet.
For example:
telnet 10.0.0.1 9669
Search it for detailed instructions.
Currently, I am trying to create a TCP Reset Attack on 3 docker containers: Attacker, Host01, Host02. My goal is trying to attack the TCP connection between Host01 and Host02 and the end result would be the TCP connection breaks when executing the TCP reset attack.
Here is my code:
My procedure of testing is that: First, I run the code below in Attacker container. Then, on the Host02, I execute "nc -lvp 1337 -e /bin/bash" and on Host01, I execute "nc 192.168.124.20 1337". The source IP is 192.168.124.10 and the destination is 192.168.124.20. Source port is 40967 and the destination port is 1337.
I didn't know why when the script ran, the TCP connection between Host01 and Host02 did not break since I could still enter some commands from Host01.
I used Wireshark to check if that RST packet was sent and actually it was sent(the red line):
Please help me on this, Huy Nguyen.
I am using Oracle VirtualBox on Windows. I've setup NAT and forwarded ports.
When some forwarded ports are accidentally conflicting with host machine's ones, no errors are shown and all forwarded ports are failing.
Is there any possibility to detect those conflicting ports? I have used VBoxManage tool and there are neither output messages, nor verbose mode for startvm command.
Thanks
I would recommend using a combination of netstat and VBoxManage and parse the output. You can easily replace the findstr command with grep on non-Windows hosts.
First, I would get a listing of NAT ports on the VM in question. The VBoxManage showvminfo command will output a bunch of info about the configuration which you can filter to look for just the NAT rules. You will want to look for the host port and protocol fields in the output (and possibly host ip if configured) as that is what you will be looking to see if it is already in use.
C:\>vboxmanage showvminfo Linux | findstr Rule
NIC 1 Rule(0): protocol=tcp, host ip=, host port=2222, guest ip=, guest port=22
Second, using the info from above I know I need to check if anything is listening on port TCP port 2222, so I can use the netstat command to show me all the listening sockets, filtered by my criteria:
C:\>netstat -an | findstr LISTENING | findstr TCP | findstr 2222
Proto Local Address Foreign Address State
TCP 0.0.0.0:2222 0.0.0.0:0 LISTENING
Because my guest is already running I can see that it has already grabbed a connection on TCP 2222. If you don't get any output then nothing is listening on that specific port and you are safe to start your VM.
I'm trying to send a broadcast message using netcat.
I have firewalls open and sending a regular message like this works for me:
host: nc -l 192.168.1.121 12101
client: echo "hello" | nc 192.168.1.121 12100
But I can't get something like this to work.
host: nc -lu 0.0.0.0 12101
client: echo "hello" | nc -u 255.255.255.255 12100
Am I using the right flags? Note, the host is on Mac and the client on Linux. Can you give me an example that works for broadcasting a message?
Thanks!
The GNU version of netcat might be broken. (I can't get to work under 0.7.1 anyway.) See http://sourceforge.net/p/netcat/bugs/8/
I've gotten socat to work. Code below does UDP broadcast to port 24000.
socat - UDP-DATAGRAM:255.255.255.255:24000,broadcast
(In socat-world "-" means "stdin".)
You're not saying you want to broadcast, which is done using the -b option to nc/netcat.
nc -h 2>&1 | grep -- -b
-b allow broadcasts
A simple example that works on Ubuntu. All the info in is in the other answers, but I had to piece it together, so thought I would share the result.
server
nc -luk 12101
client
echo -n "test data" | nc -u -b 255.255.255.255 12101
The client will hang until you do Ctrl-C
Sorry, if I am assuming wrong but you mentioned that you have your firewalls set up correctly so I am guessing that the host and client are not on the same subnet???
If that is the case and this firewall is also acting also as a router (or if the packet has to go through a router) then it is going to process that packet but it will not forward it out its other interfaces. If you wanted that to happen then you would need to send a directed broadcast. For example; for the subnet 192.168.1.0/24 the directed broadcast would be 192.168.1.255, the last IP in the subnet. Then the firewall, assuming it had a route to 192.168.1.0/24 and that it is set up to forward directed broadcast, would forward that broadcast out to the destination or next hop. Configuring your device to forward directed broadcast... you would need to reference its documentation. For Cisco IOS you would type in, under the interface, "ip directed-broadcast".
255.255.255.255 is a limited broadcast and is not going to get pass your routers regardless, it is solely intended for the layer 2 link that it resides.
As for how netcat is set up:
-l 0.0.0.0 12101, tells netcat to listen on port 12101 on all interfaces that are up and with an IP address assigned. The -u is not needed as it is telling netcat to listen on a unix domain socket, google IPC :) (this is the biggest reason that your scenario is not working.)
The below should work to get a broadcast forwarded to another network via netcat:
server: nc -l 0.0.0.0 12101
host: echo "hello" | nc 192.168.1.255 12101
Hope that helps, sorry if that was long winded or off from what you were looking for :)
Unix.....>>netstat -al | grep 8787 (will see packets on port 8787)
What is the nature of the question here? Are you trying to see packets on port 8787? Are you looking for services listening on port 8787? Most importantly, how is this a programming-related question?
Use the command
ifconfig -a
to determine the interface you want to listen on. Then use
tcpdump -npi eth0 port 8787
to listen on the port where eth0 is the interface you want to listen on that you identified from the ifconfig command.
If you want to see the actual packets then you need to use tcpdump.
Use the -s option to specify how much of the packet you want to see (0 means the whole packet) and the -X option to get a Hex and ASCII dump.