I'm trying to intercept application specific syslog log traffic from a custom UDP server in ubuntu. For testing purposes, I stopped the default syslogd daemon running in port 514 and configured a UDP server to listen to UDP traffic on port 514. I have faced the following questions in doing so:
The remote logging feature has to be enabled in /etc/default/syslogd file using SYSLOGD="-r". However, since I stopped the syslogd daemon and am running my own UDP server on port 514, is there any other way to enable remote logging (programmatically, etc.) without using syslog.conf file so that log traffic is sent to the port 514?
Is there a way to direct syslog log traffic to another port with the default port 514 (traffic must be sent to both ports)? If this is the case, I can easily run a custom UDP daemon in the second port and intercept log traffic.
Thanks.
You can't have two daemons listening on the same port. Set up your UDP test server (e.g. netcat) to listen on another port (e.g. 1514) and configure your ubuntu server to send logs to this port.
Related
I use WSAConnect to connect to a server whose site has the prefix http: \ That is, it seems like the remote server should connect only on port 80. But, in fact, I see that for some pages of this http site - WSAConnect completes successfully on port 443.
Is it okay? Is this allowed?
WSAConnect is for low-level socket communication, for example low-level TCP/IP sockets.
Web servers use HTTP for communication with clients, such as browsers. HTTP is an application protocol on top of TCP/IP.
By default web servers use port 80 for plain HTTP communication. Webservers can also support HTTP over a secure connection (HTTPS). The default port for this is 443.
So it is perfectly fine for a web server to be reachable on port 80 and 443.
In general, a single server can be reachable on any number of ports. Different ports are used for different protocols.
I'm creating my custom http server in C. sockaddr_in looks like this:
my_addr.sin_family = AF_INET;
my_addr.sin_port = htons(8080);
my_addr.sin_addr.s_addr = htol(INADDR_ANY);
And my question is how I can send my request without writing port after address.
For example 192.168.1.100 instead of 192.168.1.100:8080 or mydomain.loc instead of mydomain.loc:8080
how I can send my [HTTP] request without writing port after address[?]
You cannot communicate with a TCP endpoint without designating a specific port. Various kinds of services have conventional (default) ports, however, and oftentimes client software will use a service's conventional port if the user does not explicitly specify one.
The conventional port for the HTTP protocol is 80. If your server runs on that port, then it is likely that HTTP user agents such as web browsers will not require you to specify that port; instead they will silently insert it for you. You will need root / administrator privilege on the server machine to run the server software on port 80, or on any other port less than 1024.
If you want to access your custom server with any web browser then you must have to specify the listening port of your custom server because every browser will consider a server listening on port 80 on the address (URL) you provided.
how I can send my [HTTP] request without writing port after address[?]
And if you want to provide only the host IP address and using the 8080 port as default listening port of your server, you can make a simple custom client. Pass the host URL i.e. 192.168.1.100 to that client. In the body of client, connect the socket to 192.168.1.100 and 8080 address. Client will send query to your custom server and will save the reply in .html file. You can then open this file with browser.
I'm given to understand that the port number is actually a series of bits in the packet, so if say I have PostgreSQL listening on 5432 and nginx on 80, why does a packet that exits my database server "via" port 5432 (as per my firewall rules) get picked up by the webserver and forwarded to nginx (who is listening on 80)?
I'm trying to understand why my iptables file works with this omission when I didn't think it would.
I am trying to write a TCP proxy in c. The server only works with non-ephemeral ports. The proxy is trying to mount a file-system. So when I call the mount command by-passing the proxy it chooses an appropriate port and it connects. But when I try to connect via the proxy an appropriate port is selected for the connection between the client and the proxy, but the proxy uses an ephemeral port when it connects to the server.
I have read that it is not wise to specify a port, so I am looking to define a range of ports for it to choose from. Is this possible?
Any advice and help is appreciated. Thanks.
I figured it out. I needed to bind to a reserved port prior to running the connect to the server.
use bindresvport(3) with the server socket.
I have 4 different application running.so every application can send data to server. now i want to send data to paticular socket (server and client are done through socket programming)
from server side.
When you create a socket, first you establish a connection between a server and a client (using connect system call on the client side, and bind, listen, and accept system calls on the server side). You can have many such connections, from a server to different clients. The server can send data on any of these established connections.
The Sockets Tutorial can assist you in this case.
If you want multiple reads/writes by the server to happen at the same time, you have to use non-blocking sockets or multiple threads.
(Assuming you're using TCP/IP, or UDP).
A socket endpoint is the IP address and port number combined. So, on your host you would have your various servers listen on different port numbers. For example a web server may listen on port 80, ssh on a different port etc.