1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 99.2beta8 (1.46)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>26. TCP and UDP</TITLE>
<META NAME="description" CONTENT="26. TCP and UDP">
<META NAME="keywords" CONTENT="rute">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="LaTeX2HTML v99.2beta8">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="rute.css">
<LINK REL="next" HREF="node30.html">
<LINK REL="previous" HREF="node28.html">
<LINK REL="up" HREF="rute.html">
<LINK REL="next" HREF="node30.html">
</HEAD>
<BODY BGCOLOR=#FFFFFF >
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
<TR><TD align=left bgcolor="#000000">
<FONT COLOR=white>
<A HREF="http://www.icon.co.za/~psheer/rute-purchase.html"><FONT COLOR=white>Purchase</FONT></A>
</FONT>
</TD><TD align=center bgcolor="#000000">
<FONT COLOR=white>
Copyright © 2002 Paul Sheer. <A HREF="copying.html"><FONT COLOR=white>Click here for copying permissions.</FONT></A>
</FONT>
</TD><TD align=right bgcolor="#000000">
<FONT COLOR=white>
<A HREF="http://www.icon.co.za/~psheer/rute-home.html"><FONT COLOR=white>Home</FONT></A>
</FONT>
</TD></TR>
<TR><TD colspan=2 align=left bgcolor="#ECEBF4">
<IMG SRC="va-btn-small-light-60.png">
</TD><TD align=right bgcolor="#ECEBF4">
<IMG SRC="sflogo2-steel-60.png">
</TD></TR>
</TABLE><BR>
<!--Navigation Panel-->
<A NAME="tex2html2295"
HREF="node30.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html2291"
HREF="rute.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html2285"
HREF="node28.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html2293"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html2296"
HREF="node30.html">27. DNS and Name</A>
<B> Up:</B> <A NAME="tex2html2292"
HREF="rute.html">rute</A>
<B> Previous:</B> <A NAME="tex2html2286"
HREF="node28.html">25. Introduction to IP</A>
  <B> <A NAME="tex2html2294"
HREF="node1.html">Contents</A></B>
<BR>
<BR>
<!--End of Navigation Panel-->
<!--Table of Child-Links-->
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL>
<LI><A NAME="tex2html2297"
HREF="#SECTION002910000000000000000">26.1 The TCP Header</A>
<LI><A NAME="tex2html2298"
HREF="#SECTION002920000000000000000">26.2 A Sample TCP Session</A>
<LI><A NAME="tex2html2299"
HREF="#SECTION002930000000000000000">26.3 User Datagram Protocol (UDP)</A>
<LI><A NAME="tex2html2300"
HREF="#SECTION002940000000000000000">26.4 <TT>
<FONT COLOR="#0000ff">/etc/services</FONT></TT> File</A>
<LI><A NAME="tex2html2301"
HREF="#SECTION002950000000000000000">26.5 Encrypting and Forwarding TCP</A>
</UL>
<!--End of Table of Child-Links-->
<HR>
<H1><A NAME="SECTION002900000000000000000">
26. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)</A>
</H1>
<P>
<A NAME="chap:tcpudp"></A><A NAME="chap:tcp"></A>
<P>
In the previous chapter we talked about communication between
machines in a generic sense. However, when you have two
applications on opposite sides of the Atlantic Ocean, being able to
send a packet that may or may not reach the other side is not
sufficient. What you need is <I>reliable</I> communication.
<P>
Ideally, a programmer wants to be able to establish a link to a remote
machine and then feed bytes in one at a time and be sure that the bytes
are being read on the other end, and vice-versa. Such communication
is called <I>reliable stream</I> communication.
<P>
If your only tools are discrete, unreliable packets, implementing
a reliable, continuous stream is tricky. You can send single packets and then
wait for the remote machine to confirm receipt, but this approach
is inefficient (packets can take a long time to get to and from
their destination)--you really want to be able to send as many
packets as possible at once and then have some means of
negotiating with the remote machine when to resend packets
that were not received. What <I>TCP</I>
(<I>Transmission Control Protocol</I>) does is to send data packets
one way and then <I>acknowledgment packets</I> the other way,
saying how much of the stream has been properly received.
<P>
We therefore say that <I>TCP is implemented on top of IP</I>. This is
why Internet communication is sometimes called TCP/IP.
<P>
TCP communication has three stages: <I>negotiation</I>,
<I>transfer</I>, and
<I>detachment</I>. <FONT COLOR="#ffa500">[This is all my
own terminology. This is also somewhat of a schematic
representation.]</FONT>
<P>
<DL>
<DT><STRONG>Negotiation</STRONG></DT>
<DD>The <I>client</I> application (say, a web
browser) first initiates the connection by using a <B>C</B>
<TT>
<FONT COLOR="#0000ff">connect()</FONT></TT> (see <TT>
<FONT COLOR="#0000ff">connect</FONT></TT>(2)) function. This causes the kernel to send a
<I>SYN</I> (<I>SYN</I>chronization) packet to the remote
TCP server (in this case, a web server). The web server responds
with a <I>SYN-ACK</I> packet (<I>ACK</I>nowledge),
and
finally the client responds with a final SYN packet. This packet
negotiation is unbeknown to the programmer.
<P>
</DD>
<DT><STRONG>Transfer:</STRONG></DT>
<DD>The programmer will use the <TT>
<FONT COLOR="#0000ff">send()</FONT></TT> (<TT>
<FONT COLOR="#0000ff">send</FONT></TT>(2)) and
<TT>
<FONT COLOR="#0000ff">recv()</FONT></TT> (<TT>
<FONT COLOR="#0000ff">recv</FONT></TT>(2)) <B>C</B> function calls to send and
receive an actual stream of bytes. The stream of bytes will be
broken into packets, and the packets sent individually to the remote
application. In the case of the web server, the first bytes sent
would be the line <TT>
<FONT COLOR="#0000ff">GET /index.html
HTTP/1.0<CR><NL><CR><NL></FONT></TT>. On the remote side, reply
packets (also called ACK packets) are sent back as the data
arrives, indicating whether parts of the stream went missing and
require retransmission. Communication is
<I>full-duplex</I>--meaning that there are streams in both directions--both
data and acknowledge packets are going both ways
simultaneously.
<P>
</DD>
<DT><STRONG>Detachment:</STRONG></DT>
<DD>The programmer will use the <B>C</B> function call
<TT>
<FONT COLOR="#0000ff">shutdown()</FONT></TT> and <TT>
<FONT COLOR="#0000ff">close()</FONT></TT> (see <TT>
<FONT COLOR="#0000ff">shutdown() and
<TT>
<FONT COLOR="#0000ff">close</FONT></TT>(2))</FONT></TT> to terminate the connection. A <I>FIN</I> packet
will be sent and TCP communication will cease.
</DD>
</DL>
<P>
<H1><A NAME="SECTION002910000000000000000">
26.1 The TCP Header</A>
</H1>
<P>
TCP packets are obviously <I>encapsulated</I> within IP packets.
The TCP packet is inside the <B>Data begins at...</B>
part of the IP packet. A TCP packet has a header part and
a data part. The data part may sometimes be empty (such as in
the negotiation stage).
<P>
Table <A HREF="node29.html#tab:tcpheader">26.1</A> shows the full TCP/IP header.
<P>
<A NAME="42766"></A>
<TABLE CELLPADDING=1 BORDER="1">
<CAPTION><STRONG>Table 26.1:</STRONG>
Combined TCP and IP header</CAPTION>
<TR><TD ALIGN="LEFT"><A NAME="tab:tcpheader"></A><B>Bytes (IP)</B></TD>
<TH ALIGN="LEFT"><B>Description</B></TH>
</TR>
<TR><TD ALIGN="LEFT">0</TD>
<TD ALIGN="LEFT">Bits 0-3: Version, Bits 4-7: Internet Header Length (IHL)</TD>
</TR>
<TR><TD ALIGN="LEFT">1</TD>
<TD ALIGN="LEFT">Type of service (TOS)</TD>
</TR>
<TR><TD ALIGN="LEFT">2-3</TD>
<TD ALIGN="LEFT">Length</TD>
</TR>
<TR><TD ALIGN="LEFT">4-5</TD>
<TD ALIGN="LEFT">Identification</TD>
</TR>
<TR><TD ALIGN="LEFT">6-7</TD>
<TD ALIGN="LEFT">Bits 0-3: Flags, bits 4-15: Offset</TD>
</TR>
<TR><TD ALIGN="LEFT">8</TD>
<TD ALIGN="LEFT">Time to live (TTL)</TD>
</TR>
<TR><TD ALIGN="LEFT">9</TD>
<TD ALIGN="LEFT">Type</TD>
</TR>
<TR><TD ALIGN="LEFT">10-11</TD>
<TD ALIGN="LEFT">Checksum</TD>
</TR>
<TR><TD ALIGN="LEFT">12-15</TD>
<TD ALIGN="LEFT">Source IP address</TD>
</TR>
<TR><TD ALIGN="LEFT">16-19</TD>
<TD ALIGN="LEFT">Destination IP address</TD>
</TR>
<TR><TD ALIGN="LEFT">20-IHL*4-1</TD>
<TD ALIGN="LEFT">Options + padding to round up to four bytes</TD>
</TR>
<TR><TH ALIGN="LEFT"><B>Bytes (TCP)</B></TH>
<TD ALIGN="LEFT"><B>Description</B></TD>
</TR>
<TR><TD ALIGN="LEFT">0-1</TD>
<TD ALIGN="LEFT">Source port</TD>
</TR>
<TR><TD ALIGN="LEFT">2-3</TD>
<TD ALIGN="LEFT">Destination port</TD>
</TR>
<TR><TD ALIGN="LEFT">4-7</TD>
<TD ALIGN="LEFT">Sequence number</TD>
</TR>
<TR><TD ALIGN="LEFT">8-11</TD>
<TD ALIGN="LEFT">Acknowledgment number</TD>
</TR>
<TR><TD ALIGN="LEFT">12</TD>
<TD ALIGN="LEFT">Bits 0-3: number of bytes of additional TCP options / 4</TD>
</TR>
<TR><TD ALIGN="LEFT">13</TD>
<TD ALIGN="LEFT">Control</TD>
</TR>
<TR><TD ALIGN="LEFT">14-15</TD>
<TD ALIGN="LEFT">Window</TD>
</TR>
<TR><TD ALIGN="LEFT">16-17</TD>
<TD ALIGN="LEFT">Checksum</TD>
</TR>
<TR><TD ALIGN="LEFT">18-19</TD>
<TD ALIGN="LEFT">Urgent pointer</TD>
</TR>
<TR><TD ALIGN="LEFT">20-(20 + options * 4)</TD>
<TD ALIGN="LEFT">Options + padding to round up to four bytes</TD>
</TR>
<TR><TD ALIGN="CENTER" COLSPAN=2>TCP data begins at IHL * 4 + 20 + options * 4 and ends at Length - 1</TD>
</TR>
</TABLE>
<P>
The minimum combined TCP/IP header is thus 40 bytes.
<P>
With Internet machines, several applications often
communicate simultaneously. The <B>Source port</B> and
<B>Destination port</B> fields identify and distinguish individual streams.
In the case of web communication, the destination port
(from the clients point of view) is port 80, and hence all outgoing
traffic will have the number 80 filled in this field. The source
port (from the client's point of view) is chosen randomly to any
unused port number above 1024 before the connection is
negotiated; these, too, are filled into outgoing packets. No
two streams have the same combinations of source and
destination port numbers. The kernel uses the port numbers on
incoming packets to determine which application requires those
packets, and similarly for the remote machine.
<P>
<B>Sequence number</B> is the offset within the stream that this
particular packet of data belongs to. The <B>Acknowledge
number</B> is the point in the stream up to which all data has been
received. <B>Control</B> is various other flag bits.
<B>Window</B> is the maximum amount that the receiver is
prepared to accept. <B>Checksum</B> is used to verify data integrity,
and <B>Urgent pointer</B> is for interrupting the stream. Data needed
by extensions to the protocol are appended after the header as
options.
<P>
<H1><A NAME="SECTION002920000000000000000">
26.2 A Sample TCP Session</A>
</H1>
<P>
<A NAME="sec:telnetcnn"></A>
<P>
It is easy to see TCP working by using <TT>
<FONT COLOR="#0000ff">telnet</FONT></TT>. You are probably
familiar with using <TT>
<FONT COLOR="#0000ff">telnet</FONT></TT> to log in to remote systems, but
<TT>
<FONT COLOR="#0000ff">telnet</FONT></TT> is actually a generic program to connect to <I>any</I>
TCP socket as we did in Chapter <A HREF="node13.html#chap:mailclient">10</A>. Here we will
try connect to <TT>
<FONT COLOR="#0000ff">cnn.com</FONT></TT>'s web page.
<P>
We first need to get an IP address of <TT>
<FONT COLOR="#0000ff">cnn.com</FONT></TT>:
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue>
<code>[root@cericon]# host <font color="navy"><B>cnn.com</B></font></code><br>
<code>cnn.com has address 207.25.71.20</code><br>
</FONT></TD></TR></TABLE><P>
<P>
Now, in one window we run
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red size="-1">
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue size="-1">
<code>[root@cericon]# <font color="navy"><B>tcpdump \</B></font></code><br>
<code><font color="navy"><B>'( src 192.168.3.9 and dst 207.25.71.20 ) or ( src 207.25.71.20 and dst 192.168.3.9 )'</B></font></code><br>
<code>Kernel filter, protocol ALL, datagram packet socket</code><br>
<code>tcpdump: listening on all devices</code><br>
</FONT></TD></TR></TABLE><P>
which says to list all packets having source (<TT>
<FONT COLOR="#0000ff">src</FONT></TT>)
or destination (<TT>
<FONT COLOR="#0000ff">dst</FONT></TT>) addresses of either us or CNN.
<P>
Then we use the HTTP protocol to grab the page.
Type in the HTTP command <TT>
<FONT COLOR="#0000ff">GET / HTTP/1.0</FONT></TT> and then
press <IMG ALIGN=ABSMIDDLE BORDER=0 SRC="key-enter.png" ALT="Enter"> <I>twice</I> (as required by the HTTP protocol). The
first and last few lines of the sessions are shown below:
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red size="-1">
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>5</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>10</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>15</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>20</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>25</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>30</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue size="-1">
<code>[root@cericon root]# <font color="navy"><B>telnet 207.25.71.20 80</B></font></code><br>
<code>Trying 207.25.71.20...</code><br>
<code>Connected to 207.25.71.20.</code><br>
<code>Escape character is '^]'.</code><br>
<code><font color="navy"><B>GET / HTTP/1.0</B></font></code><br>
<code> </code><br>
<code>HTTP/1.0 200 OK</code><br>
<code>Server: Netscape-Enterprise/2.01</code><br>
<code>Date: Tue, 18 Apr 2000 10:55:14 GMT</code><br>
<code>Set-cookie: CNNid=cf19472c-23286-956055314-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; </code><br>
<code> path=/; domain=.cnn.com</code><br>
<code>Last-modified: Tue, 18 Apr 2000 10:55:14 GMT</code><br>
<code>Content-type: text/html</code><br>
<code> </code><br>
<code><HTML></code><br>
<code><HEAD></code><br>
<code> <TITLE>CNN.com</TITLE></code><br>
<code> <META http-equiv="REFRESH" content="1800"></code><br>
<code> </code><br>
<code> <!--CSSDATA:956055234--></code><br>
<code> <SCRIPT src="/virtual/2000/code/main.js" language="javascript"></SCRIPT></code><br>
<code> <LINK rel="stylesheet" href="/virtual/2000/style/main.css" type="text/css"></code><br>
<code> <SCRIPT language="javascript" type="text/javascript"></code><br>
<code> <!--//</code><br>
<code> if ((navigator.platform=='MacPPC')&&(navigator.ap</code><br>
<code> </code><br>
<code>..............</code><br>
<code>..............</code><br>
<code> </code><br>
<code></BODY></code><br>
<code></HTML></code><br>
<code>Connection closed by foreign host.</code><br>
</FONT></TD></TR></TABLE><P>
<P>
The above commands produce the front page of CNN's web site in raw HTML. This is easy
to paste into a file and view off-line.
<P>
In the other window, <TT>
<FONT COLOR="#0000ff">tcpdump</FONT></TT> is showing
us what packets are being exchanged. <TT>
<FONT COLOR="#0000ff">tcpdump</FONT></TT> nicely
shows us host names instead of IP addresses and the letters <TT>
<FONT COLOR="#0000ff">www</FONT></TT>
instead of the port number 80. The local ``random'' port in this
case was <TT>
<FONT COLOR="#0000ff">4064</FONT></TT><A NAME="page:tcpsession"></A>.
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red size="-1">
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>5</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>10</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>15</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>20</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>25</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>30</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>35</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>40</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>45</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>50</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>55</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>60</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-2"><code>65</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue size="-1">
<code>[root@cericon]# <font color="navy"><B>tcpdump \</B></font></code><br>
<code><font color="navy"><B>'( src 192.168.3.9 and dst 207.25.71.20 ) or ( src 207.25.71.20 and dst 192.168.3.9 )'</B></font></code><br>
<code>Kernel filter, protocol ALL, datagram packet socket</code><br>
<code>tcpdump: listening on all devices</code><br>
<code>12:52:35.467121 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> S 2463192134:2463192134(0) win 32120 <mss 1460,sackOK,timestamp 154031689 0,nop,wscale 0</code><br>
<code>12:52:35.964703 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> S 4182178234:4182178234(0) ack 2463192135 win 10136 <nop,nop,timestamp 1075172823 154031</code><br>
<code>12:52:35.964791 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 1:1(0) ack 1 win 32120 <nop,nop,timestamp 154031739 1075172823> (DF)</code><br>
<code>12:52:46.413043 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> P 1:17(16) ack 1 win 32120 <nop,nop,timestamp 154032784 1075172823> (DF)</code><br>
<code>12:52:46.908156 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 1:1(0) ack 17 win 10136 <nop,nop,timestamp 1075173916 154032784></code><br>
<code>12:52:49.259870 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> P 17:19(2) ack 1 win 32120 <nop,nop,timestamp 154033068 1075173916> (DF)</code><br>
<code>12:52:49.886846 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> P 1:278(277) ack 19 win 10136 <nop,nop,timestamp 1075174200 154033068></code><br>
<code>12:52:49.887039 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 19:19(0) ack 278 win 31856 <nop,nop,timestamp 154033131 1075174200> (DF)</code><br>
<code>12:52:50.053628 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 278:1176(898) ack 19 win 10136 <nop,nop,timestamp 1075174202 154033068></code><br>
<code>12:52:50.160740 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> P 1176:1972(796) ack 19 win 10136 <nop,nop,timestamp 1075174202 154033068></code><br>
<code>12:52:50.220067 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 19:19(0) ack 1972 win 31856 <nop,nop,timestamp 154033165 1075174202> (DF)</code><br>
<code>12:52:50.824143 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 1972:3420(1448) ack 19 win 10136 <nop,nop,timestamp 1075174262 154033131></code><br>
<code>12:52:51.021465 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 3420:4868(1448) ack 19 win 10136 <nop,nop,timestamp 1075174295 154033165></code><br>
<code> </code><br>
<code>..............</code><br>
<code>..............</code><br>
<code> </code><br>
<code>12:53:13.856919 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 19:19(0) ack 53204 win 30408 <nop,nop,timestamp 154035528 1075176560> (DF)</code><br>
<code>12:53:14.722584 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 53204:54652(1448) ack 19 win 10136 <nop,nop,timestamp 1075176659 154035528></code><br>
<code>12:53:14.722738 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 19:19(0) ack 54652 win 30408 <nop,nop,timestamp 154035615 1075176659> (DF)</code><br>
<code>12:53:14.912561 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 54652:56100(1448) ack 19 win 10136 <nop,nop,timestamp 1075176659 154035528></code><br>
<code>12:53:14.912706 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 19:19(0) ack 58500 win 30408 <nop,nop,timestamp 154035634 1075176659> (DF)</code><br>
<code>12:53:15.706463 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 58500:59948(1448) ack 19 win 10136 <nop,nop,timestamp 1075176765 154035634></code><br>
<code>12:53:15.896639 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 59948:61396(1448) ack 19 win 10136 <nop,nop,timestamp 1075176765 154035634></code><br>
<code>12:53:15.896791 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 19:19(0) ack 61396 win 31856 <nop,nop,timestamp 154035732 1075176765> (DF)</code><br>
<code>12:53:16.678439 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 61396:62844(1448) ack 19 win 10136 <nop,nop,timestamp 1075176864 154035732></code><br>
<code>12:53:16.867963 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 62844:64292(1448) ack 19 win 10136 <nop,nop,timestamp 1075176864 154035732></code><br>
<code>12:53:16.868095 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 19:19(0) ack 64292 win 31856 <nop,nop,timestamp 154035829 1075176864> (DF)</code><br>
<code>12:53:17.521019 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> FP 64292:65200(908) ack 19 win 10136 <nop,nop,timestamp 1075176960 154035829></code><br>
<code>12:53:17.521154 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> . 19:19(0) ack 65201 win 31856 <nop,nop,timestamp 154035895 1075176960> (DF)</code><br>
<code>12:53:17.523243 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> F 19:19(0) ack 65201 win 31856 <nop,nop,timestamp 154035895 1075176960> (DF)</code><br>
<code>12:53:20.410092 eth0 > cericon.cranzgot.co.za.4064 > www1.cnn.com.www:</code><br>
<code> F 19:19(0) ack 65201 win 31856 <nop,nop,timestamp 154036184 1075176960> (DF)</code><br>
<code>12:53:20.940833 eth0 < www1.cnn.com.www > cericon.cranzgot.co.za.4064:</code><br>
<code> . 65201:65201(0) ack 20 win 10136 <nop,nop,timestamp 1075177315 154035895></code><br>
<code> </code><br>
<code>103 packets received by filter</code><br>
</FONT></TD></TR></TABLE><P>
<P>
The preceding output requires some explanation: Line 5, 7, and 9
are the negotiation stage. <TT>
<FONT COLOR="#0000ff">tcpdump</FONT></TT> uses the format
<TT>
<FONT COLOR="#0000ff"><Sequence number>:<Sequence number + data
length>(<data length>)</FONT></TT> on each line to show the context of the
packet within the stream. <B>Sequence number</B>, however, is
chosen randomly at the outset, so <TT>
<FONT COLOR="#0000ff">tcpdump</FONT></TT> prints the
relative sequence number after the first two packets to make it
clearer what the actual position is within the stream. Line
11 is where I pressed <I>Enter</I> the first time, and Line 15 was
<I>Enter</I> with an empty line. The
``<TT>
<FONT COLOR="#0000ff">ack 19</FONT></TT>''s indicates the point to which CNN's web server has
received incoming data; in this case we only ever typed in 19
bytes, hence the web server sets this value in every one of its
outgoing packets, while our own outgoing packets are mostly
empty of data.
<P>
Lines 61 and 63 are the detachment stage.
<P>
More information about the <TT>
<FONT COLOR="#0000ff">tcpdump</FONT></TT> output
can be had from <TT>
<FONT COLOR="#0000ff">tcpdump</FONT></TT>(8) under the section
<B>TCP Packets</B>.
<P>
<H1><A NAME="SECTION002930000000000000000">
26.3 User Datagram Protocol (UDP)</A>
</H1>
<P>
You don't <I>always</I> need reliable communication.
<P>
Sometimes you want to directly control packets for efficiency,
or because you don't really mind if
packets get lost. Two examples are name server communications,
for which single packet transmissions are desired, or voice
transmissions for which reducing lag time is more important than
data integrity. Another is NFS (Network File System), which uses
UDP to implement exclusively high bandwidth data transfer.
<P>
With UDP the programmer sends and receives
individual packets, again encapsulated within IP. Ports are used
in the same way as with TCP, but these are merely identifiers and
there is no concept of a stream. The full UDP/IP header is listed in
Table <A HREF="node29.html#tab:udpinip">26.2</A>.
<P>
<A NAME="42885"></A>
<TABLE CELLPADDING=1 BORDER="1">
<CAPTION><STRONG>Table 26.2:</STRONG>
Combined UDP and IP header</CAPTION>
<TR><TD ALIGN="LEFT"><A NAME="tab:udpinip"></A><B>Bytes (IP)</B></TD>
<TH ALIGN="LEFT"><B>Description</B></TH>
</TR>
<TR><TD ALIGN="LEFT">0</TD>
<TD ALIGN="LEFT">bits 0-3: Version, bits 4-7: Internet Header Length (IHL)</TD>
</TR>
<TR><TD ALIGN="LEFT">1</TD>
<TD ALIGN="LEFT">Type of service (TOS)</TD>
</TR>
<TR><TD ALIGN="LEFT">2-3</TD>
<TD ALIGN="LEFT">Length</TD>
</TR>
<TR><TD ALIGN="LEFT">4-5</TD>
<TD ALIGN="LEFT">Identification</TD>
</TR>
<TR><TD ALIGN="LEFT">6-7</TD>
<TD ALIGN="LEFT">bits 0-3: Flags, bits 4-15: Offset</TD>
</TR>
<TR><TD ALIGN="LEFT">8</TD>
<TD ALIGN="LEFT">Time to live (TTL)</TD>
</TR>
<TR><TD ALIGN="LEFT">9</TD>
<TD ALIGN="LEFT">Type</TD>
</TR>
<TR><TD ALIGN="LEFT">10-11</TD>
<TD ALIGN="LEFT">Checksum</TD>
</TR>
<TR><TD ALIGN="LEFT">12-15</TD>
<TD ALIGN="LEFT">Source IP address</TD>
</TR>
<TR><TD ALIGN="LEFT">16-19</TD>
<TD ALIGN="LEFT">Destination IP address</TD>
</TR>
<TR><TD ALIGN="LEFT">20-(IHL * 4 - 1)</TD>
<TD ALIGN="LEFT">Options + padding to round up to four bytes</TD>
</TR>
<TR><TH ALIGN="LEFT"><B>Bytes (UDP)</B></TH>
<TD ALIGN="LEFT"><B>Description</B></TD>
</TR>
<TR><TD ALIGN="LEFT">0-1</TD>
<TD ALIGN="LEFT">Source port</TD>
</TR>
<TR><TD ALIGN="LEFT">2-3</TD>
<TD ALIGN="LEFT">Destination port</TD>
</TR>
<TR><TD ALIGN="LEFT">4-5</TD>
<TD ALIGN="LEFT">Length</TD>
</TR>
<TR><TD ALIGN="LEFT">6-7</TD>
<TD ALIGN="LEFT">Checksum</TD>
</TR>
<TR><TD ALIGN="CENTER" COLSPAN=2>UDP data begins at IHL * 4 + 8 and ends at Length - 1</TD>
</TR>
</TABLE>
<P>
<H1><A NAME="SECTION002940000000000000000">
26.4 <TT>
<FONT COLOR="#0000ff">/etc/services</FONT></TT> File</A>
</H1>
<P>
<A NAME="sec:etcservices"></A>
<P>
Various
standard port numbers are used exclusively
for particular types of services. Port 80 is for web as shown
earlier. Port numbers 1 through 1023 are reserved for such
standard services and each is given a convenient textual name.
<P>
All services are defined for both TCP as well as
UDP, even though there is, for example, no such thing as
UDP FTP access.
<P>
Port numbers below 1024 are used exclusively for
<TT>
<FONT COLOR="#0000ff">root</FONT></TT> uid programs such as mail, DNS, and web services.
Programs of ordinary users are not allowed to <I>bind</I> to
ports below 1024. <FONT COLOR="#ffa500">[Port binding is where a program reserves a
port for listening for an incoming connection, as do all network
services. Web servers, for example, <I>bind</I> to port 80.]</FONT>The place where these ports are defined is in the
<TT>
<FONT COLOR="#0000ff">/etc/services</FONT></TT> file. These mappings
are mostly for descriptive purposes--programs can look up
port names from numbers and visa versa. <I>The <TT>
<FONT COLOR="#0000ff">/etc/services</FONT></TT>
file has nothing to do with the availability of a service.</I>
<P>
Here is an extract of the <TT>
<FONT COLOR="#0000ff">/etc/services</FONT></TT>.
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>5</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>10</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>15</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>20</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>25</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>30</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>35</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue>
<code>tcpmux 1/tcp # TCP port service multiplexer</code><br>
<code>echo 7/tcp</code><br>
<code>echo 7/udp</code><br>
<code>discard 9/tcp sink null</code><br>
<code>discard 9/udp sink null</code><br>
<code>systat 11/tcp users</code><br>
<code>daytime 13/tcp</code><br>
<code>daytime 13/udp</code><br>
<code>netstat 15/tcp</code><br>
<code>qotd 17/tcp quote</code><br>
<code>msp 18/tcp # message send protocol</code><br>
<code>msp 18/udp # message send protocol</code><br>
<code>ftp-data 20/tcp</code><br>
<code>ftp 21/tcp</code><br>
<code>fsp 21/udp fspd</code><br>
<code>ssh 22/tcp # SSH Remote Login Protocol</code><br>
<code>ssh 22/udp # SSH Remote Login Protocol</code><br>
<code>telnet 23/tcp</code><br>
<code>smtp 25/tcp mail</code><br>
<code>time 37/tcp timserver</code><br>
<code>time 37/udp timserver</code><br>
<code>rlp 39/udp resource # resource location</code><br>
<code>nameserver 42/tcp name # IEN 116</code><br>
<code>whois 43/tcp nicname</code><br>
<code>domain 53/tcp nameserver # name-domain server</code><br>
<code>domain 53/udp nameserver</code><br>
<code>mtp 57/tcp # deprecated</code><br>
<code>bootps 67/tcp # BOOTP server</code><br>
<code>bootps 67/udp</code><br>
<code>bootpc 68/tcp # BOOTP client</code><br>
<code>bootpc 68/udp</code><br>
<code>tftp 69/udp</code><br>
<code>gopher 70/tcp # Internet Gopher</code><br>
<code>gopher 70/udp</code><br>
<code>rje 77/tcp netrjs</code><br>
<code>finger 79/tcp</code><br>
<code>www 80/tcp http # WorldWideWeb HTTP</code><br>
<code>www 80/udp # HyperText Transfer Protocol</code><br>
</FONT></TD></TR></TABLE><P>
<P>
<H1><A NAME="SECTION002950000000000000000">
26.5 Encrypting and Forwarding TCP</A>
</H1>
<P>
The TCP stream can easily be reconstructed by anyone listening on
a wire who happens to see your network traffic, so TCP is known as
an inherently insecure service. We would like to
encrypt our data so that anything captured between the client and server
will appear garbled. Such an encrypted stream should have several
properties:
<OL>
<LI>It should ensure that the connecting client <I>really</I> is
connecting to the server in question. In other words it should
authenticate the server to ensure that the server is not a Trojan.
</LI>
<LI>It should prevent any information being gained by a snooper.
This means that any traffic read should appear cryptographically
garbled.
</LI>
<LI>It should be impossible for a listener to modify the traffic
without detection.
</LI>
</OL>
<P>
The above is relatively easily accomplished with at least two packages.
Take the example where we would like to use POP3 to retrieve mail
from a remote machine. First, we can verify that POP3 is working
by logging in on the POP3 server. Run a <TT>
<FONT COLOR="#0000ff">telnet</FONT></TT> to port 110
(i.e., the POP3 service) as follows:
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>5</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue>
<code>telnet localhost 110</code><br>
<code>Connected to localhost.localdomain.</code><br>
<code>Escape character is '^]'.</code><br>
<code>+OK POP3 localhost.localdomain v7.64 server ready</code><br>
<code>QUIT</code><br>
<code>+OK Sayonara</code><br>
<code>Connection closed by foreign host.</code><br>
</FONT></TD></TR></TABLE><P>
<P>
For our first example, we use the OpenSSH package.
We can initialize and run the <TT>
<FONT COLOR="#0000ff">sshd</FONT></TT> Secure Shell daemon if it
has not been initialized before. The following commands would be run
on the POP3 server:
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red>
<code> </code><br>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue>
<code>ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -q -N ''</code><br>
<code>ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -q -N ''</code><br>
<code>sshd</code><br>
</FONT></TD></TR></TABLE><P>
<P>
To create an encrypted channel shown in Figure <A HREF="node29.html#fig:popforward">26.1</A>,
we use the <TT>
<FONT COLOR="#0000ff">ssh</FONT></TT> client login program in a special way.
We would like it to listen on a particular
TCP port and then encrypt and forward all traffic to the remote TCP port
on the server. This is known as <I>(encrypted) port
forwarding</I>. On the client machine we choose an arbitrary unused port to
listen on, in this case <TT>
<FONT COLOR="#0000ff">12345</FONT></TT>:
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue>
<code>ssh -C -c arcfour -N -n -2 -L 12345:<pop3-server.doma.in>:110 \</code><br>
<code> <pop3-server.doma.in> -l <user> -v</code><br>
</FONT></TD></TR></TABLE><P>
where <TT>
<FONT COLOR="#0000ff"><user></FONT></TT> is the name of a shell account on the POP3 server.
Finally, also on the client machine, we run:
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<code> </code><br>
<font size="-1"><code>5</code></font><code> </code><br>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue>
<code>telnet localhost 12345</code><br>
<code>Connected to localhost.localdomain.</code><br>
<code>Escape character is '^]'.</code><br>
<code>+OK POP3 localhost.localdomain v7.64 server ready</code><br>
<code>QUIT</code><br>
<code>+OK Sayonara</code><br>
<code>Connection closed by foreign host.</code><br>
</FONT></TD></TR></TABLE><P>
Here we get results identical to those above, because, as far as the
server is concerned, the POP3 connection comes from a client on the server
machine itself, unknowing of the fact that it has originated from
<TT>
<FONT COLOR="#0000ff">sshd</FONT></TT>, which in turn is forwarding from a remote <TT>
<FONT COLOR="#0000ff">ssh</FONT></TT> client.
In addition, the <TT>
<FONT COLOR="#0000ff">-C</FONT></TT> option compresses all data (useful for low-speed
connections). Also note that you should generally never use any encryption
besides <TT>
<FONT COLOR="#0000ff">arcfour</FONT></TT> and SSH
Protocol 2 (option <TT>
<FONT COLOR="#0000ff">-2</FONT></TT>).
<P>
<P></P>
<DIV ALIGN="CENTER"><A NAME="fig:popforward"></A><A NAME="43031"></A>
<TABLE>
<CAPTION ALIGN="BOTTOM"><STRONG>Figure 26.1:</STRONG>
Forwarding between two machines</CAPTION>
<TR><TD><IMG
BORDER="0"
SRC="frwrdbtwn.png"
ALT="\begin{figure}\begin{center}
\setlength{\unitlength}{0.00075in}\begin{picture}(4...
...otect\leavevmode{\color{blue}{ipop3d}}})}}
\end{picture}\end{center}\end{figure}"></TD></TR>
</TABLE>
</DIV><P></P>
<P>
The second method is the
<TT>
<FONT COLOR="#0000ff">forward</FONT></TT> program of the <TT>
<FONT COLOR="#0000ff">mirrordir</FONT></TT>
package. It has a unique encryption protocol
that does much of what OpenSSH can, although the protocol has not been
validated by the community at large (and therefore should be used with
caution). On the server machine you can just
type <TT>
<FONT COLOR="#0000ff">secure-mcserv</FONT></TT>. On the client run
<P><TABLE nowrap="1" width="100%" border="0" cellspacing="0" cellpadding="0">
<TR>
<TD valign="top" class="source" width="2%"><FONT color=red>
<code> </code><br>
<code> </code><br>
</FONT></TD><TD valign="top" class="source" bgcolor="#FFE0C0"><FONT color=blue>
<code>forward <user>@<pop3-server.doma.in> <pop3-server.doma.in>:110 \</code><br>
<code> 12345 --secure -z -K 1024</code><br>
</FONT></TD></TR></TABLE><P>
and then run <TT>
<FONT COLOR="#0000ff">telnet 12345</FONT></TT> to test as before.
<P>
With forwarding enabled you can use any POP3 client as you normally would. Be sure,
though, to set your host and port addresses to <TT>
<FONT COLOR="#0000ff">localhost</FONT></TT> and
<TT>
<FONT COLOR="#0000ff">12345</FONT></TT> within your POP3 client.
<P>
This example can, of course, be applied to <I>almost</I> any service.
Some services will not work if they do special things like create
reverse TCP connections back to the client (for example, FTP). Your
luck may vary.
<P>
<P>
<HR>
<!--Navigation Panel-->
<A NAME="tex2html2295"
HREF="node30.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html2291"
HREF="rute.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html2285"
HREF="node28.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html2293"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html2296"
HREF="node30.html">27. DNS and Name</A>
<B> Up:</B> <A NAME="tex2html2292"
HREF="rute.html">rute</A>
<B> Previous:</B> <A NAME="tex2html2286"
HREF="node28.html">25. Introduction to IP</A>
  <B> <A NAME="tex2html2294"
HREF="node1.html">Contents</A></B>
<!--End of Navigation Panel-->
</BODY>
</HTML>
|
