The list of known services and their relative ports is generally found in /etc/services. The official and associated is managed by the IANA(Internet Assigned Numbers Authority).
We will look at the output of portscans. Beware that unauthorised portscanning is illegal although many use them.
Here is the output of a portscan:
Port state Services
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
70/tcp open gopher
79/tcp open finger
80/tcp open http
This shows open ports, these are ports being used by an application.
the /etc/services main ports (examples):
ftp-data 20/tcp
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp
telnet 23/tcp
smtp 25/tcp mail
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
sunrpc 111/tcp portmapper # RPC 4.0 portmapper
sunrpc 111/udp portmapper
auth 113/tcp authentication tap ident
sftp 115/tcp
uucp-path 117/tcp
nntp 119/tcp readnews untp # USENET News Transfer Protocol
ntp 123/tcp
ntp 123/udp # Network Time Protocol
pwdgen 129/tcp # PWDGEN service
pwdgen 129/udp # PWDGEN service
loc-srv 135/tcp epmap # Location Service
loc-srv 135/udp epmap
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
imap2 143/tcp imap # Interim Mail Access P 2 and 4
imap2 143/udp imap
snmp 161/tcp # Simple Net Mgmt Protocol
snmp 161/udp # Simple Net Mgmt Protocol
snmp-trap 162/tcp snmptrap # Traps for SNMP
Ubuntu Countdown
Sunday, July 29, 2007
Monday, July 16, 2007
Easy Install Automatix2 on Ubuntu 7.04 (Feisty Fawn)
Automatix is collaborating with Technalign Inc. to bring a lot of new and exciting commercial software to Automatix users. Automatix2 now comes with Crossover Office Standard and Professional on Ubuntu 7.04 amd64 (which basically means you can run a ton of 32 bit windows software on Ubuntu 7.04 amd64).
These is the easy step to install Automatix2 on Ubuntu 7.04:
1. Go to this link http://www.getautomatix.com/wiki/index.php?title=Installation
2. Select your machine architecture. For this example, I choose 2.1 Ubuntu 7.04 (Feisty i386) because my machine is i386 base architecture.
3. Click on http://www.getautomatix.com/apt/dists/feisty/main/binary-i386/automatix2_1.1-4.11-7.04feisty_i386.deb
to download the software. See picture.
4. The package installer will pop up like picture below. Choose the default. Open with Gdebi Package Installer
5. Wait until finish. To open Automatix2, go to your desktop and click on Application --> System Tools --> Automatix
Thats all. Easy!
These is the easy step to install Automatix2 on Ubuntu 7.04:
1. Go to this link http://www.getautomatix.com/wiki/index.php?title=Installation
2. Select your machine architecture. For this example, I choose 2.1 Ubuntu 7.04 (Feisty i386) because my machine is i386 base architecture.
3. Click on http://www.getautomatix.com/apt/dists/feisty/main/binary-i386/automatix2_1.1-4.11-7.04feisty_i386.deb
to download the software. See picture.
4. The package installer will pop up like picture below. Choose the default. Open with Gdebi Package Installer
5. Wait until finish. To open Automatix2, go to your desktop and click on Application --> System Tools --> Automatix
Thats all. Easy!
Labels:
Automatix2,
Guides,
How to,
Softwares
Thursday, July 12, 2007
Linux Networking no.5: Round Robin DNS Load Balancing
How DNS load balancing works
When the request comes to the DNS server to resolve the domain name, it gives out one of the several canonical names in a rotated order. This redirects the request to one of the several servers in a server group. Once the BIND feature of DNS resolves the domain to one of the servers, subsequent requests from the same client are sent to the same server.
DNS load balancing implementation (Multiple CNAMES)
This approach works for BIND 4 name servers, where multiple CNAMES are not considered as a configuration error. Assuming there are 4 web servers in the cluster configured with IP addresses 192.168.1.[1-4], add all of them to the DNS with Address records (A Names) as below. The server[1-4] can be set to any name you want, such as foo[1-4], but should match the next step.
server1 IN A 192.168.1.1
server2 IN A 192.168.1.2
server3 IN A 192.168.1.3
server4 IN A 192.168.1.4
Add the following canonical names to resolve www.yourdomain.com to one of these servers.
www IN CNAME server1.yourdomain.com.
IN CNAME server2.domain.com.
IN CNAME server3.domain.com.
IN CNAME server4.domain.com.
The DNS server will resolve the www.yourdomain.com to one of the listed servers in a rotated manner. That will spread the requests over the group of servers.
Note: The requests sent to http://yourdomain.com (without 'www') should be forwarded to http://www.yourdomain.com in this case to work. For BIND 8 name servers, the above approach will throw an error for multiple CNAMES. This can be avoided by an explicit multiple CNAME configuration option as shown below.
options {
multiple-cnames yes;
};
DNS load balancing implementation (Multiple A Records)
This above approach with multiple CNAMES for one domain name is not a valid DNS server configuration for BIND 9 and above. In this case, multiple A records are used.
www.foodmalaysia.net. 60 IN A 192.168.1.1
www.foodmalaysia.net. 60 IN A 192.168.1.2
www.foodmalaysia.net. 60 IN A 192.168.1.3
www.foodmalaysia.net. 60 IN A 192.168.1.4
The TTL value (eg: 60) should be kept to a low value, so that the DNS cache is refreshed faster.
Other considerations
The DNS based load balancing method shown above does not take care of various potential issues such as unavailable servers (if one server goes down), or DNS caching by other name servers. The DNS server does not have any knowledge of the server availability and will continue to point to an unavailable server. It can only differentiate by IP address, but not by server port. The IP address can also be cached by other nameservers, hence requests may not be sent to the load balancing DNS server.
Considering the functionality, the round robin DNS is not a load balancing mechanism but a load distribution option. Some of these drawbacks can be overcome by implementing an advanced version of the DNS load balancer using Perl scripts.
Some other variety of load balancing can be performed by using a proxy server, where one of the web servers, is solely used for re-routing of traffic to the other servers. If Apache is used as a web server, the mod_rewrite feature of Apache can be used for this purpose as detailed in this Apache website article.
When the request comes to the DNS server to resolve the domain name, it gives out one of the several canonical names in a rotated order. This redirects the request to one of the several servers in a server group. Once the BIND feature of DNS resolves the domain to one of the servers, subsequent requests from the same client are sent to the same server.
DNS load balancing implementation (Multiple CNAMES)
This approach works for BIND 4 name servers, where multiple CNAMES are not considered as a configuration error. Assuming there are 4 web servers in the cluster configured with IP addresses 192.168.1.[1-4], add all of them to the DNS with Address records (A Names) as below. The server[1-4] can be set to any name you want, such as foo[1-4], but should match the next step.
server1 IN A 192.168.1.1
server2 IN A 192.168.1.2
server3 IN A 192.168.1.3
server4 IN A 192.168.1.4
Add the following canonical names to resolve www.yourdomain.com to one of these servers.
www IN CNAME server1.yourdomain.com.
IN CNAME server2.domain.com.
IN CNAME server3.domain.com.
IN CNAME server4.domain.com.
The DNS server will resolve the www.yourdomain.com to one of the listed servers in a rotated manner. That will spread the requests over the group of servers.
Note: The requests sent to http://yourdomain.com (without 'www') should be forwarded to http://www.yourdomain.com in this case to work. For BIND 8 name servers, the above approach will throw an error for multiple CNAMES. This can be avoided by an explicit multiple CNAME configuration option as shown below.
options {
multiple-cnames yes;
};
DNS load balancing implementation (Multiple A Records)
This above approach with multiple CNAMES for one domain name is not a valid DNS server configuration for BIND 9 and above. In this case, multiple A records are used.
www.foodmalaysia.net. 60 IN A 192.168.1.1
www.foodmalaysia.net. 60 IN A 192.168.1.2
www.foodmalaysia.net. 60 IN A 192.168.1.3
www.foodmalaysia.net. 60 IN A 192.168.1.4
The TTL value (eg: 60) should be kept to a low value, so that the DNS cache is refreshed faster.
Other considerations
The DNS based load balancing method shown above does not take care of various potential issues such as unavailable servers (if one server goes down), or DNS caching by other name servers. The DNS server does not have any knowledge of the server availability and will continue to point to an unavailable server. It can only differentiate by IP address, but not by server port. The IP address can also be cached by other nameservers, hence requests may not be sent to the load balancing DNS server.
Considering the functionality, the round robin DNS is not a load balancing mechanism but a load distribution option. Some of these drawbacks can be overcome by implementing an advanced version of the DNS load balancer using Perl scripts.
Some other variety of load balancing can be performed by using a proxy server, where one of the web servers, is solely used for re-routing of traffic to the other servers. If Apache is used as a web server, the mod_rewrite feature of Apache can be used for this purpose as detailed in this Apache website article.
Labels:
DNS,
Guides,
Linux Networking,
Tips
Friday, July 6, 2007
Linux Networking no.4: Common Network Tools
Here is a short list of tools helpful when trouble shouting network connections.
1. ping:
This tools sends and ICMP ECHO_REQUEST datagram to a host and expects an ICMP ECHO_RESPONSE.
Options for ping
-b ping a broadcast address
-c send N packets
-q quiet mode: Display only start and end messages
2. tcpdump:
This is a tool used to analyse network traffic by capturing network packets. The following commands illustrate some options:
Let tcpdump autodetect network interface
tcpdump
Specify a network interface to capture packets from
tcpdump -i wlan0 (wlan0 is your network interface card)
Give an expression to match
tcpdump host 192.168.10.1 and port 80
3. netstat
Get information on current network connections, the routing table or interface statistics depending on the options used.
Option for netstat:
-r same as /sbin/route
-l display list of interface
-n don't resolve IP address
-p returns the PID and names of programs (only for root)
-v verbose
-c continuous update
4. arp:
Display the kernel address resolution cache.
5. traceroute:
Displays the route taken from the local host to the distination host. Traceroute forces intermediate routers to send back error messages (ICMP TIME_EXCEEDED) by deliberately setting the ttl(time to live) value too low. After each TIME_EXCEEDED notification traceroute increment the ttl value, forcing the next packet to travel further, until it reaches its' destination.
Option for traceroute:
-f ttl change the initial time to live value to ttl instead of 1
-n do not resolve IP numbers
-v verbose
-w sec set the timeout on returned packet to sec
Thats all.
1. ping:
This tools sends and ICMP ECHO_REQUEST datagram to a host and expects an ICMP ECHO_RESPONSE.
Options for ping
-b ping a broadcast address
-c send N packets
-q quiet mode: Display only start and end messages
2. tcpdump:
This is a tool used to analyse network traffic by capturing network packets. The following commands illustrate some options:
Let tcpdump autodetect network interface
tcpdump
Specify a network interface to capture packets from
tcpdump -i wlan0 (wlan0 is your network interface card)
Give an expression to match
tcpdump host 192.168.10.1 and port 80
3. netstat
Get information on current network connections, the routing table or interface statistics depending on the options used.
Option for netstat:
-r same as /sbin/route
-l display list of interface
-n don't resolve IP address
-p returns the PID and names of programs (only for root)
-v verbose
-c continuous update
4. arp:
Display the kernel address resolution cache.
5. traceroute:
Displays the route taken from the local host to the distination host. Traceroute forces intermediate routers to send back error messages (ICMP TIME_EXCEEDED) by deliberately setting the ttl(time to live) value too low. After each TIME_EXCEEDED notification traceroute increment the ttl value, forcing the next packet to travel further, until it reaches its' destination.
Option for traceroute:
-f ttl change the initial time to live value to ttl instead of 1
-n do not resolve IP numbers
-v verbose
-w sec set the timeout on returned packet to sec
Thats all.
Labels:
Guides,
Linux Networking,
Tips
Linux Networking no.3: Stop and Start Networking
Stop and start networking in Linux is quite defference with windows. Some peoples like to start and stop their networking with this command:
1. To start on Ubuntu Linux (network script):
/etc/init.d/networking start
2. To stop
/etc/init.d/networking stop
On Debian similar commands are used as above.
but
Do you know other command?
The others command is:
To start :
ifup eth0 (eth0 is your network card name)
To stop:
ifdown eth0
That all.
1. To start on Ubuntu Linux (network script):
/etc/init.d/networking start
2. To stop
/etc/init.d/networking stop
On Debian similar commands are used as above.
but
Do you know other command?
The others command is:
To start :
ifup eth0 (eth0 is your network card name)
To stop:
ifdown eth0
That all.
Labels:
Guides,
Linux Networking,
Tips
Monday, July 2, 2007
Linux Networking no.2 : DNS Resolve with Dig
Using dig command on your terminal to resolve a domain.
1. Open terminal and type dig foodmalaysia.net. See picture below for sample result.
2. To check your local webserver is responsible for this domain, use the following command:
dig @localhost foodmalaysia.net
3. Use also this command to check your mailserver responsibelity
dig MX foodmalaysia.net
4. To get all available command, run this command:
dig --help
5. A more detailed and description, type this command for linux manpage:
man dig
To quit in this manpage, press button Q on your keyboard.
1. Open terminal and type dig foodmalaysia.net. See picture below for sample result.
2. To check your local webserver is responsible for this domain, use the following command:
dig @localhost foodmalaysia.net
3. Use also this command to check your mailserver responsibelity
dig MX foodmalaysia.net
4. To get all available command, run this command:
dig --help
5. A more detailed and description, type this command for linux manpage:
man dig
To quit in this manpage, press button Q on your keyboard.
Labels:
Guides,
Linux Networking,
Tips
Linux Networking no.1: IP Address classes
Internet protocol (IP) defines the structure of packet of data (datagrams) that are exchanged over the network.
IP address classes have a following range:
Class A: 0.0.0.0 to 127.255.255.255
Class B: 128.0.0.0 to 192.255.255.255
Class C: 192.0.0.0 to 223.255.255.255
Class D: 224.0.0.0 to 239.255.255.255
Class E: 240.0.0.0 to 247.255.255.255
Run ifconfig at your terminal to see you IP and refer back in this article for classes.
IP address classes have a following range:
Class A: 0.0.0.0 to 127.255.255.255
Class B: 128.0.0.0 to 192.255.255.255
Class C: 192.0.0.0 to 223.255.255.255
Class D: 224.0.0.0 to 239.255.255.255
Class E: 240.0.0.0 to 247.255.255.255
Run ifconfig at your terminal to see you IP and refer back in this article for classes.
Labels:
Guides,
Linux Networking,
Tips
Subscribe to:
Posts (Atom)