Previous | Table of Contents | Next |
For any client/server service, youll want to be able to objectively check to see if the server is listening. This usually means trying to connect to it from a client machine. In order to try to connector verify a service on the server endyoull want to know the numeric value of the well-known services, as well as their names.
A list of services is available in C:\Windows\Services under Windows, /etc/services under UNIX, and SYS:ETC\Services under NetWare. You can also check out http://www.kashpureff.org/nic/rfcs/1300/rfc1340.txt.html for more than you ever wanted to know about standard service numbers, network numbers, and more.
Table 18.2 shows the numeric values of some of the services I work with a lot (and there are many more).
Service Name | Number | Comment |
---|---|---|
FTP | 21 | File Transfer Protocol (Internet) |
Telnet | 23 | Login service for UNIX (sometimes NT or Novell) |
SMTP | 25 | Internet-style server-to-server email |
Domain | 53 | DNS services (UDP and TCP) |
Gopher | 70 | Internet Gopher |
HTTP | 80 | Hypertext Transfer Protocol (the Web) |
POP2 | 109 | Post Office Protocol version 2 (user email) |
POP3 | 110 | Post Office Protocol version 3 (user email) |
NNTP | 119 | USENET news |
netbios-ns | 137 | NetBIOS Name Service |
netbios-dgm | 138 | NetBIOS datagram service (actual data) |
netbios-ssn | 139 | NetBIOS session service (Hi, how are you?) |
shell | 514 | Rlogin socket (UNIX or NT) |
printer | 515 | Line Printer Daemon (network printing for UNIX) |
socks | 1080 | Socks proxy server (Socks 4 and Socks 5) |
What if you dont know the socket number of a client/server program that youre using? Simplestop the server program and then run netstat -an. Print it out or save it to a file:netstat -an > socklist.txtThen start the server program and run netstat -an again. Compare the two lists. The new socket number that shows up in the second list is the socket number (or numbers) for your client/server program.
Connection-Oriented Versus Connectionless Sockets
As we discussed in Hour 15, Firewall and Proxy Server Basics, for our purposes, there are two types of sockets: UDP and TCP. When a program sends out a UDP packet, it has no way of knowing that the packet got there because its connectionless, rather like a message in a bottle. For our troubleshooting purposes, we hate UDP. Its a very irresponsible child. We like TCP best, because we can quickly tell whether a TCP socket is listening. Because a TCP socket is a connection-oriented socket, we can initiate a call on our own and see whether we get a busy signal or a connection.
One way to check whether the socket is being established is to use the client program itself and then check the workstations socket list. For example, heres how you can connect with an FTP service in one window and run netstat -an in another window:
C:\WINDOWS>netstat -an | find :21 TCP 192.168.10.5:1025 192.168.5.1:21 ESTABLISHED
Here you have an ESTABLISHED connection, so no matter how much your FTP client is complaining, you do have a bona fide socket. In this case, you might want to look at client configuration if youre experiencing problems.
Another way to check whether a remote socket is listening is to telnet to that socket. For example, lets perform a control experiment. You can run an FTP server on a PC and then use Telnet to go to it to see if its listening. Just so you dont even go to the outside network, use your loopback address (the loopback address in TCP/IP is always 127.0.0.1). You can see the results just by typing this (see Figure 18.5):
telnet 127.0.0.1 21
Figure 18.5 You can run a local FTP server on your PC and connect to it with Telnet by specifying the loopback address and socket 21.
As shown in Figure 18.5, the screen indicates that the FTP server is running. This is a really neat trick, and you can do it with any TCP service. Will you always get a response? No. Sometimes theres no prompt. However, the trick is whether or not you get an immediate CONNECT FAILED from the Telnet program. If you do, odds are that nothing is listening on the other end.
Because the version of Telnet provided with Windows is not very verbose about why a connection failed, sometimes I drop to a command prompt and run the character-based ftp command. You can specify a socket to it as well, and it returns the proper message when theres no server listening to that socket on the other end. For example, I know that I am not running a Telnet server on my PC; to prove it, Ill use ftp:C:\WINDOWS> ftp ftp> open 127.0.0.1 23 -> ftp: connect:Connection refusedI can do this to check the listening status of any TCP socket.
No matter what operating system youre running, the service number will be the same. For example, any Novell or NT server that gets a print job from a UNIX server is usually listening to the print socket (#515). If you telnet to server 515 and get a Connection refused message, its time to check the server program.
Be aware that not all UNIX printing is socket dependent. Theres a method of printing, called pass-through printing, that has nothing directly to do with the network. Its entirely dependent on your terminal program to react properly to certain invisible codes that are sent with the text. For instance, if your application on a UNIX host sends the Control-T code to your Wyse-60 terminal, your terminalor terminal emulatorwill start printing the text thats sent immediately following the code, rather than showing it on your screen. Another codefor example, Control-Rwill make things go back to normal. Just be aware of this; you might just save yourself some aggravating running around.
Previous | Table of Contents | Next |