Unix.....>>netstat -al | grep 8787 (will see packets on port 8787)
What is the nature of the question here? Are you trying to see packets on port 8787? Are you looking for services listening on port 8787? Most importantly, how is this a programming-related question?
Use the command
ifconfig -a
to determine the interface you want to listen on. Then use
tcpdump -npi eth0 port 8787
to listen on the port where eth0 is the interface you want to listen on that you identified from the ifconfig command.
If you want to see the actual packets then you need to use tcpdump.
Use the -s option to specify how much of the packet you want to see (0 means the whole packet) and the -X option to get a Hex and ASCII dump.
Related
I know that ports 9779 and 9669 need to be opened to NebulaGraph Database. How to test that these ports are open and available?
Port:9779 has been opened for NebulaGraph Database. Is there a configuration sample for reference?
Interesting question, you could do this in many ways, I'll drop some of them:
Assuming you are on a linux machine, you could check all occupied ports with ss or netstats(depending on whether is modern or old) like:
$ ss -plunt | grep 9669
tcp LISTEN 0 4096 0.0.0.0:9669 0.0.0.0:*
tcp LISTEN 0 4096 [::]:9669 [::]:*
And this means 9669 is already occupied in all IPv6 and IPv4 interfaces.
Or, you could try to bind that port to see if it's possible like:
$ python3 -m http.server 9779
Serving HTTP on :: port 9779 (http://[::]:9779/) ...
And if the HTTP server can be listening in this port, it means you are free to use it, it's available!
Or you may use Telnet.
For example:
telnet 10.0.0.1 9669
Search it for detailed instructions.
Is there a way to make Nginx 1.11 bind to a specific interface regardless of the IP address?
I've got a home gateway to an ISP provider; it uses DHCP client to obtain its dynamic IP address. I do not know what that IP address is at NGINX configuration time.
Surely, there must be a way to make such a fine HTTP server bind to a specific network interface? I know that Apache can.
Edit your startup sequence to run a command or script that captures the interface's IP address and writes it to a file in the format listen <ip>:80 or whatever port you want:
echo "listen $(ip -o -4 a s eth0 | awk '{ print $4 }' | cut -d/ -f1):80;" > /path/to/some/file
Then just have your nginx config include that file:
include /path/to/some/file;
Obviously, you'll need to make sure the IP capture occurs before the nginx startup does.
How do you filter external connections to a specific service, running on Docker? Specifically, how do you filter incoming requests down to a static list of whitelisted IPs?
This answer assumes that:
The container will always listen on the same host:port.
The container will always be bound on the same network card interface, if ever several are available. This is easily done by using the option -p hostIp:hostPort:containerPort within the docker run command.
Stemming from these two assumptions, it can then be assumed that the service running in the container will always listen on the same host socket defined as hostIp:hostPort.
Now, all you have to do is firewalling which is independent from docker.
I am not an expert and did not test theses lines! Be warned before executing them.
# DROP every packets coming from every sources sent to the port $PORT
iptables -A INPUT -p tcp --dport $PORT -j DROP
# ACCEPT every packets coming from source xx.xx.xx.xx sent to port $PORT
iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport $PORT -j ACCEPT
# Repeat the last command if needed, you can also specify a network, such as 192.30.252.0/22 instead of xx.xx.xx.xx
These rules are to be set in this precise order. A whitelist can be likened to a blacklist with expection.
On Solaris (or Unix), running lsof gives me a bunch of lines like this:
java 25375 foo 8161u IPv4 0xfffffeb1f6f523c0 0t0 TCP *:* (IDLE)
But the *:* puzzles me - I was expecting to see something like
hostname1:port1->ipaddress:port2 (IDLE)
What does the *:* mean?
I will quote this from here:
If the Foreign Address is *:* (and, with TCP sockets, the state is
LISTEN), a socket is usually waiting for some remote host to send the
first data. Typical examples: sshd (waits for somebody to open an ssh
connection), apache (waits for somebody to request a web page), cupsd
(waits for somebody to send a print job), and dhclient (waits for the
DHCP server to send, for example, a lease renewal).
I'm trying to send a broadcast message using netcat.
I have firewalls open and sending a regular message like this works for me:
host: nc -l 192.168.1.121 12101
client: echo "hello" | nc 192.168.1.121 12100
But I can't get something like this to work.
host: nc -lu 0.0.0.0 12101
client: echo "hello" | nc -u 255.255.255.255 12100
Am I using the right flags? Note, the host is on Mac and the client on Linux. Can you give me an example that works for broadcasting a message?
Thanks!
The GNU version of netcat might be broken. (I can't get to work under 0.7.1 anyway.) See http://sourceforge.net/p/netcat/bugs/8/
I've gotten socat to work. Code below does UDP broadcast to port 24000.
socat - UDP-DATAGRAM:255.255.255.255:24000,broadcast
(In socat-world "-" means "stdin".)
You're not saying you want to broadcast, which is done using the -b option to nc/netcat.
nc -h 2>&1 | grep -- -b
-b allow broadcasts
A simple example that works on Ubuntu. All the info in is in the other answers, but I had to piece it together, so thought I would share the result.
server
nc -luk 12101
client
echo -n "test data" | nc -u -b 255.255.255.255 12101
The client will hang until you do Ctrl-C
Sorry, if I am assuming wrong but you mentioned that you have your firewalls set up correctly so I am guessing that the host and client are not on the same subnet???
If that is the case and this firewall is also acting also as a router (or if the packet has to go through a router) then it is going to process that packet but it will not forward it out its other interfaces. If you wanted that to happen then you would need to send a directed broadcast. For example; for the subnet 192.168.1.0/24 the directed broadcast would be 192.168.1.255, the last IP in the subnet. Then the firewall, assuming it had a route to 192.168.1.0/24 and that it is set up to forward directed broadcast, would forward that broadcast out to the destination or next hop. Configuring your device to forward directed broadcast... you would need to reference its documentation. For Cisco IOS you would type in, under the interface, "ip directed-broadcast".
255.255.255.255 is a limited broadcast and is not going to get pass your routers regardless, it is solely intended for the layer 2 link that it resides.
As for how netcat is set up:
-l 0.0.0.0 12101, tells netcat to listen on port 12101 on all interfaces that are up and with an IP address assigned. The -u is not needed as it is telling netcat to listen on a unix domain socket, google IPC :) (this is the biggest reason that your scenario is not working.)
The below should work to get a broadcast forwarded to another network via netcat:
server: nc -l 0.0.0.0 12101
host: echo "hello" | nc 192.168.1.255 12101
Hope that helps, sorry if that was long winded or off from what you were looking for :)