Network Services - bhecker.com • Index page

Download Report

Transcript Network Services - bhecker.com • Index page 

Network Services
1
Section Overview
Client-Server Model
Network Ports, Services and Daemons
Network Protocols
Viewing Active Ports
Common Server Daemons
2
TCP/IP Protocol Stack
Application (FTP, HTTP, DNS)
Transport Layer (TCP,UDP)
Network Layer (IP)
Link Layer (Device Drivers)
Physical Layer (media)
3
Client-Server Model
Server
Client
Makes a request
Request fulfilled
Listens for
incoming
requests
4
Network Ports
Enables processes to communicate with
each other across a network
64K possible ports
Privileged ports



< 1024 reserved for system use only
Correspond to well-known services
/etc/services
5
/etc/services
Service-name port/protocol aliases
Examples:
ssh
smtp
www
imaps
syslog
22/tcp
25/tcp
mail
80/tcp
http www-http
993/tcp
514/udp
6
Running Network Servers
Stand-alone Daemon




Each started via rc script
Always running
Listens (binds) to the service port
Uses resources even when idle
inetd “Super-daemon”




Listens to many ports
Starts daemon when request is received
Daemon shuts down when finished
/etc/inetd.conf
7
/etc/inetd.conf
service_name: Service name
sock_type:



stream (tcp)
dgram (udp)
raw (direct IP)
proto: protocol used (/etc/protocol)
flags: wait, nowait
user: User to run daemon as
server_path: Full path to daemon program
args: Command line arguments to daemon
8
Xinetd
Replacement for inetd
Enhancements



Access Control
Resource based limits
Logging (Success and Failure)
Default: /etc/xinetd.conf
Service Specific: /etc/xinetd.d
9
/etc/xinetd.conf
defaults
{
instances
log_type
log_on_success
log_on_failure
cps
}
=
=
=
=
=
60
SYSLOG authpriv
HOST PID
HOST
25 30
includedir /etc/xinetd.d
10
Example xinetd service
/etc/xinetd.d/imaps:
service imaps
{
disable
socket_type
wait
user
server
groups
flags
}
=
=
=
=
=
=
=
no
stream
no
root
/usr/local/sbin/imapd
yes
REUSE IPv6
11
Windows Service Management
Microkernel – Everything a service
Administrative tools -> Services
Service Options




Startup Type: Automatic, Manual, Disabled
Log On: Which user to run service as
Recovery: What to do on failure
Dependencies: Which services does this
one depend upon
12
Windows Service Recovery
Settings for:



First Failure
Second Failure
Subsequent
Failures
Counter Reset
(Days)
Options:




Take no Action
Restart the
Service
Run a program
Restart the
Computer
13
Network Protocols
Service request/response syntax
Often uses English commands
Request For Comments (RFC)



Documentation for protocols and practices
Each revision its own number
May have a second classification
 For Your Information (FYI)
 Best Common Practices (BCP)
 Standards (STD)
14
Viewing Active Ports
netstat –a – Ports in use



Source/destination addresses and ports
Protocol used
State
 LISTEN
 ESTABLISHED
lsof –i :service – Process using port
tcpdump – View network traffic
15
Resource Sharing Daemons
Network File System (NFS)


nfsd
mountd
Line Printing Daemon (lpd)
Samba


smbd – Microsoft file and print sharing
nmbd – Microsoft name resolution
16
Internet Daemons
telnetd – Remote Access
ftpd – File transfer
Berkeley-R Daemons
sshd – Secure Shell
Electronic Mail


sendmail/postfix – Receiving email
imapd, popd – Remote email access
httpd – Web
17
Infrastructure Daemons
named – DNS
dhcpd – Dynamic Host Config Protocol
nisd/ldapd – Directory Services
fingerd – User information
xntpd – System time synchronization
routed/gated – Routing
Firewall
18