On Linux, when I connect from telnet from one server (client telnet) to another (there isn't telnet server) I can connect on port, which I specify (not default for telnet 23 port). I get:
Connected to myserver (ip adress).
Escape character is '^]'.
Why, despite I haven't telnet server, I can connect with telnet client?
You can telnet to any opening TCP port, because that only means a normal TCP connection initiation work has done.
And your input will be treated as raw data, what happens to the data depends on the program which opened that TCP port, normally as soon as it determined the client side is not sending correct data it will disconnect.
Related
I'm trying to use telnet to check if the port of an application is open.
But i'm receiving the following error:
Connecting To 192.168.1.10...Could not open connection to the host, on port 3001: Connect failed
I assume the port is closed, but is it also possible the port is being in use by another program? Hence why i'm not able to test using telnet?
Now if this is the case, how come some ports allow simultaneous connections from clients and some don't?
All ports allow simultaneous connections from clients when some program is listing on that port. Connect failed means that the port is not listening or a firewall interfered.
You can find out if that port is open by using netstat or on Windows tcpview.
One way to quickly test the first-order functionality of a web server is to use the application layer tool Telnet, e.g. How to send an HTTP request using Telnet.
This is the usage I am most familiar with, but today I learned there is such a thing as a Telnet server: https://askubuntu.com/questions/668725/how-can-the-telnet-service-on-ubuntu-server-14-04-lts-be-enabled, which listens on the well-known port 23 and can be used (though not usually, due to its lack of security) as a remote shell.
I am trying to understand if a Telnet server is necessary if I use it to connect to an HTTP server on port 80, e.g.,
telnet 192.168.0.5 80
Does the Telnet client first connect to the telnet server on port 23, then somehow the server's Telnet process then establish a connection to port 80 on localhost? Or does the client directly connect to the HTTP server (or some other TCP/IP server, for that matter) on 80, without need the Telnet server to be present at all?
I could not immediately find a piece of Telnet documentation that explains how Telnet works in this regard; their scarcity might be attributed to Telnet's lack of security...
When I connect to SSH I use port 22 as destination, but when the reply comes back, does it come in on port 22 as well? Or is the client source port randomly assigned as in other TCP communication?
If set up a firewall allowing outbound traffic to port 22 - Do I also need to allow incoming traffic on port 22?
The client SSH port is randomly assigned, as in most client/server systems over TCP/IP.
Were the client port fixed, you would not be able to open multiple SSH connections from the same client IP address, as the connections would be indistinguishable on an IP protocol level. The client port number is the only piece that makes the connection unique (client IP, server IP and server port being the same).
You do not need to allow the incoming traffic though. There is only one outgoing connection in SSH (the responses from the server come over an existing connection).
I'm having a little problem with the ssh server running on an ubuntu server. I'm using key-pair authentication, and i'm able to connect just fine, but the problem is that i can connect on any port (using a tunnel), even though "Port 22" is defined in sshd_config. Why am i able to connect on any port? How can i stop ssh from listening to ports other than port 22?
In your screenshot Local Address column tells that you are listening on all interfaces at port 22 (e.g. 0.0.0.0:22). The Foreign Address column tells that anyone can connect from any ip from any port (e.g 0.0.0.0:*). And below the same for IPV6.
The connections are normally started from some random free high number port so it's ok to have wildcard in Foreign address. The only thing you care about is that there is a listener at local port 22. Just as you wanted.
You are connecting the port 22 first (as you don't specify anything else with -p switch) and then ssh directs data from port 54321 of one machine to 80 of the other. So, the path of the data is something like:
Machine A, port 54321 -> Machine A, port random -> Machine B, port 22, Machine B, port 80.
So the thing is, when not defined, it will connect to the ssh server on the default port 22. you can explicitly define the port using "-p xxxx" where xxxx is the ssh server port you want to connect to. When tunneling, the "local port" is the port on your computer you will connect to, and "remote port" is the port on the remote computer that the connection will end on. so its like this:
(localport->randomport)->->->->(sshport->remoteport)
sshport is defined by -p, and the default when not defined is port 22
I want to setup a reverse udp tunnel, because I need to connect to my openvpn server from remote and the openvpn server is behind a NAT. For this I use socat and ssh. The tcp tunnel command:
socat exec:"ssh removeserver \"socat tcp-listen:10000,fork -\"" tcp-connect:localhost:22
does work correctly and I'm then able to buildup a ssh connection to remoteserver:10000.
But when I want to do the same with udp:
socat exec:"ssh removeserver \"socat udp-listen:10000,fork -\"" udp-connect:localhost:1194
and then try to buildup the openvpn connection, I get the following error:
2011/12/23 13:27:43 socat[28241] E read(3, 0x80c3b08, 8192): Connection refused
The tunnel at first seems to work, becaues both logfiles (server and client) have entries for the connection attempt. But the connection can't be established.
I have just tried this and I believe the reason it fails is because the ssh part of the tunnel doesn't preserve the UDP datagram sizes. Ie. a 14 byte datagram and a 22 byte datagram get combined on the other end into a 26 byte datagram. Openvpn doesn't work in this scenario.
I have had proof-of-concept success with a similar construct as this, but where there is a program which reads the UDP datagrams and turns them into tcp stream with 16-bit length prefixes (i.e. a stream of length,bytes,length,bytes etc) and obviously does the reverse as well.
With this I was able to tunnel openvpn .