Difference between revisions of "Server Basics"

From docwiki
Jump to: navigation, search
(netcat, nc, ncat)
(Units)
 
(5 intermediate revisions by the same user not shown)
Line 6: Line 6:
 
Linux is an ideal operating sytstem for servers. From a small Raspberry Pi that controls some IoT devices to the big data centers. Linux is everywhere. Here we will only cover some of the more common server services. You can also learn some basics that are useful for many server applications.
 
Linux is an ideal operating sytstem for servers. From a small Raspberry Pi that controls some IoT devices to the big data centers. Linux is everywhere. Here we will only cover some of the more common server services. You can also learn some basics that are useful for many server applications.
   
== Listen Sockets ==
+
== Units ==
   
  +
* [[Listen Sockets, Ports and Telnet]]
When programs connect via the network, they use the system libraries to open so called <q>sockets<q>. Sockets are like similar to files: You can open and close them and read and write from them. For services where other clients connect to we have so called <q>listen sockets</q>.
 
  +
* [[inetd, tcpwrapper]]
 
  +
* [[Apache Basics and simple CGI scripts]]
Linux offers so called <q>unix domain sockets</q> which are look like files but are actually connections between programs. Similar to that there are <q>named pipes</q> which are can be even opened with regular file operations. But these 2 are only useful for communication between processes on the same machine.
 
  +
* [[openssl]]
 
  +
* [[Security of Web Applications]]
For network connections there are network sockets. A server chooses to open a network port and tells the operation system that it wants to listen there for incoming calls. Once the kernel receives packets form the network that the connection is established and the server can communicate with the other end. Most servers then fork off some process that handles the communication and the main program continues to listen for additional connections.
 
  +
* [[mysql, samba, other servers]]
 
For IP packets there are 16bit port numbers and the most used protocols are TCP (for end-to-end connections where the server program only wants a data-stream and is not interested in the details of the connection - e.g. a weeb server) and UDP which consists of small <q>datagram</q> packets. The server is responsible there to deal with issues like lost packets and even packets received in different order.
 
 
{| class="wikitable"
 
! Port Number
 
! Protocol
 
! Service
 
|-
 
| 22 || TCP || SSH - secure shell
 
|-
 
| 25 || TCP || SMTP - sending mails between server
 
|-
 
| 80 || TCP || HTTP - un-encrypted web.
 
|-
 
| 443 || TCP || HTTPS - encrypted web
 
|-
 
| 53 || UDP || DNS - Domain Name Service
 
|}
 
 
 
== CLI Tools for Opening Connections ==
 
 
 
=== telnet ===
 
 
The classical tool to open a TCP connection is '''telnet'''. Telnet was initially used in the same way we use SSH today - but it had no encryption. But instead of connection to a telnet server port the telnet tool can connect to any TCP port.
 
 
E.g. You could connect to the port of a web server and pretend to be a browser:
 
 
<pre>
 
$ telnet www.orf.at 80
 
Trying 194.232.104.142...
 
Connected to www.orf.at.
 
Escape character is '^]'.
 
HEAD /
 
HTTP/1.1 400 Bad Request
 
Date: Sun, 29 Mar 2020 19:25:49 GMT
 
Server: Apache
 
Connection: close
 
Content-Type: text/html; charset=iso-8859-1
 
 
Connection closed by foreign host.
 
</pre>.
 
You need to type the '''HEAD /'''. If you ever connect where you do not know how to close the connection: You can type Ctrl-] and then type '''quit'''.
 
 
Of course we can connect to services on our own host. Often all we want to know if someone takes the connection or not. E.g.:
 
 
<pre>
 
$ telnet 127.0.0.1 1234
 
Trying 127.0.0.1...
 
telnet: Unable to connect to remote host: Connection refused
 
</pre>
 
 
Above we try to connect to our own server and port 1234.
 
 
If you can not connect you either get the connection refused. (If the remote end tells you that there is no service) or you are just waiting and waiting (If the there e.g. is a firewall that drops packets to that port).
 
 
=== netcat, nc, ncat ===
 
 
netcat is kind of a swiss-army knife tool for network connections. There are 3 different versions which are sometimes installed with the same name.
 
 
You can find out which of those exist by trying the option '''-h''' with the above command. In my case i have install ncat with comes from the nmap tools (usefull to scan networks for hosts that answer).
 
On my machine all 3 command: netcat nc and ncat are aliases to ncat.
 
 
So I will show you the ncat version of nc:
 
 
Here we connect but use the pipe to directly send the "HEAD /" to get response from the server:
 
<pre>
 
$echo HEAD / | ncat www.orf.at 80
 
HTTP/1.1 400 Bad Request
 
Date: Sun, 29 Mar 2020 19:42:34 GMT
 
Server: Apache
 
Content-Length: 226
 
Connection: close
 
Content-Type: text/html; charset=iso-8859-1
 
...
 
</pre>
 
 
With nc, netcat, ncat we can also create a '''listen socket''':
 
 
<pre>
 
$ ncat -4 -l 1234
 
</pre>
 
 
The above opens a listen socket on port 1234 (for IPv4 only). If we want to connect to this service we can open telnet connection in an other terminal windows:
 
 
<pre>
 
$ telnet localhost 1234
 
</pre>
 
 
What you type here will show up on in the terminal where you run the ncat command.
 

Latest revision as of 17:46, 1 April 2020


Motivation

Linux is an ideal operating sytstem for servers. From a small Raspberry Pi that controls some IoT devices to the big data centers. Linux is everywhere. Here we will only cover some of the more common server services. You can also learn some basics that are useful for many server applications.

Units