The Apache webserver uses port 80 to listen for incoming requests and replies over port 80. Firefox uses port 80 to send requests to webservers and then listens on port 80 for the response from the webserver. I have run Apache and Firefox simultaneously before and am just wondering how two different programs can share the same port.
Each side of a TCP network connection is defined by a touple of (ipaddress, port #). When a packet leaves your system all it knows is that it needs to find ip address 192.168.1.1 and go the whoever has a socket bound to port 80.
A server socket is going to be defined by the address on which Apache is listening and port 80. The client socket open by Firefox will have the same ip address but a different randomly assign port number which you normally do not see.
You can see it using netstat or tcpview (Windows)
For example when I run netstat right now I see:
tcp4 0 0 x.x.x.x.62993 stackoverflow.co.https ESTABLISHED
where x.x.x.x is my laptops ip address and 62993 is the random port number assigned to my web browser.
Firefox isn't listening to port 80. It's making a request to a server port and handling the response.
Related
I am running Kali Linux on VMware. The host operating system is windows 7, and I'm using NAT for connectivity.
In my metasploit console, when I typed 'exploit' at the msf prompt,(where I am using windows/meterpreter/reverse_tcp as the payload) it showed me the error
Handler failed to bind to My IP:4444
(My IP is my external IP address.)
So in the VMware virtual network editor, I have port forwarded port 4444 of host PC to port 4444 of the virtual PC. Then I allowed inbound packets in the firewall of the host PC, for port 4444 of the host PC.
To ensure that everything is alright, I set up an apache server on the virtual PC, that serves a webpage when accessed via port 4444. The server served flawlessly when I accessed it with an external browser. Satisfied, I shut down the server.
But guess what? Metasploit console has thrown up the same error when I typed 'exploit' again in the msf prompt.
What to do now?
What did it say the reason for failing was.
I'm assuming the full error was failed to bind to port 4444 port is already in use.
You can not run a server on the same port you are trying to bind to.
The correct way to do this is to port forward through your router. Open your router settings and port forward port 4444 to your machines local ip.
I have a Ubuntu Server 16.04 running on a machine in my local network.
The machine has static assigned IP and running apache2. There is no problem in connecting to it from my local network.
I have port-forwarding for ports 22 and 80 setup on my router to the IP address of the machine.
When I check the ports with my public IP address on sites like http://www.canyouseeme.org/ the result is that the ports are open. When I try to connect using my public IP address and using those ports the connections are refused.
I tried disabling firewall in the router and also on the machine, no result.
What else should I try? It seems that the server is getting no incoming connection when I check with netstat.
Just for troubleshooting purposes:
Setup port forwarding on port 22 and try to ssh into your server using the public IP? If it works, it means apache is refusing the connections and not your router or ISP
On your router, setup the server on the DMZ temporarily and check if it works
Add another port forwarding rule on your router to redirect all http requests on port 8000,for example, to port 80 internally, then try to access your server with http://[public_ip]:8000
Have you changed anything on the apache2.conf file? Also, explain how you are testing the connection, internally using the public IP or from the Internet?
I open IE explorer & Chrome in my computer and type localhost:80 and I get the index page.
Here I think my machine's IP is same to both connections (IE explorer & Chrome) and ports are too (80).
Note: Source port will be different (as destination is same: localhost IP), this is my second question.
So how webserver (lets say apache) handles this port 80 connections without failing? Does it port forwarding? In OS level even I tried with addr re-use, port re-use parameters and it is all same we cannot make multiple connection with same IPs & ports.
Now, probably you have came up with a solution: although source ports and IPs are same, destination port is different in package: <protocol>, <src addr>, <src port>, <dest addr>, <dest port>.
A. I got 49483~50004 ports as you can see on image. How client knows which destination port (49483~50004) is bound by webserver? If it is random between 0 and 65355 the webserver always binds all ports, it is very resource consuming. How webservers avoid from this?
Look at this image: command prompt-> netstat
If this question is related with low level sources it is OK, I understand Embedded TCP/IP/UDP, Phy MAC communication and package structures.
You have this all back to front.
All the port numbers at the server are the same: 80. So the client only has to know port 80.
All the port numbers at the client are different: 49483-50004 etc. So there is no ambiguity in the connection, because the 4-tuple you mentioned is unique.
All http request by default call to servers in the port 80, because servers listen by default in that port. So you only give an IP or hostname and the web browser add the default port (80). You can give a custom port if you web server is listenning in another port (usually Tomcat listen by default in 8080) for example you call it in: http://www.youamazingweb.com:8080.
A good example is see the IP as the home and the port is the door where clients enter to consume some resource hosted in server.
When I connect to SSH I use port 22 as destination, but when the reply comes back, does it come in on port 22 as well? Or is the client source port randomly assigned as in other TCP communication?
If set up a firewall allowing outbound traffic to port 22 - Do I also need to allow incoming traffic on port 22?
The client SSH port is randomly assigned, as in most client/server systems over TCP/IP.
Were the client port fixed, you would not be able to open multiple SSH connections from the same client IP address, as the connections would be indistinguishable on an IP protocol level. The client port number is the only piece that makes the connection unique (client IP, server IP and server port being the same).
You do not need to allow the incoming traffic though. There is only one outgoing connection in SSH (the responses from the server come over an existing connection).
I have to set up a Virtual Machine on vBox that works as a server for my app. Now, the app sends data to http://x.y.w.z:4567. I run apache server on host and wireshark confirms that the packet is received. Guest is behind NAT and is set up to forward TCPs from any IP port 4567 to port 443 on guest. I tried various versions of setting and not setting IP. Guest also has apache running, but it receives no packets. What should I do?
Please check the log that your port-forward rule is active. Also that your guest/host firewalls doesn't drop packets.