Monthly Archives: July 2017

Services

Remember the post where I mentioned /etc/services? Let’s talk more about that file. It’s a list of all possible services you could run on your Linux® system, it doesn’t mean that your system is running those.

What port do web services use? Well, web services are formally known as http, or HyperText Transport Protocol. We’ll just call it http. We can grep for http in /etc/services by:

Alpha:~ computerlamp$ grep http /etc/services

I got 105 lines back from that simple command. I know that because I did this command when the first one scrolled a lot:

Alpha:~ computerlamp$ grep http /etc/services | wc -l

That’s a lot of ports. Let’s pipe that command thorugh less and see what we get:

Alpha:~ computerlamp$ grep http /etc/services | less
#       http://www.iana.org/assignments/port-numbers
http             80/udp     www www-http # World Wide Web HTTP
http             80/tcp     www www-http # World Wide Web HTTP
http-mgmt       280/udp     # http-mgmt
http-mgmt       280/tcp     # http-mgmt
https           443/udp     # http protocol over TLS/SSL
https           443/tcp     # http protocol over TLS/SSL
gss-http        488/udp     # gss-http
gss-http        488/tcp     # gss-http
http-alt        591/udp     # FileMaker, Inc. - HTTP Alternate (see Port 80)
http-alt        591/tcp     # FileMaker, Inc. - HTTP Alternate (see Port 80)
http-rpc-epmap  593/udp     # HTTP RPC Ep Map
http-rpc-epmap  593/tcp     # HTTP RPC Ep Map
multiling-http  777/udp     # Multiling HTTP
multiling-http  777/tcp     # Multiling HTTP
netconfsoaphttp 832/tcp     # NETCONF for SOAP over HTTPS
netconfsoaphttp 832/udp     # NETCONF for SOAP over HTTPS
llsurfup-http   1183/udp    # LL Surfup HTTP
llsurfup-http   1183/tcp    # LL Surfup HTTP
llsurfup-https  1184/udp    # LL Surfup HTTPS
llsurfup-https  1184/tcp    # LL Surfup HTTPS
compaq-https    2381/udp    # Compaq HTTPS

The first line is a comment and that points us to the website that has all the registered ports.

The second line is the UDP port for HTTP, which is port 80. TCP uses the same port. That’s the basic port that all web traffic goes over, unless it is encrypted. If it’s encrypted, it uses port 443. That’s what this sentence means ‘http protocol over TLS/SSL’, it means ‘http traffic that’s encrypted’.

How TCP Really Works

Leave a reply

I talked about TCP and UDP in this post. Now we’re going to talk about how TCP really works, how it keeps that connection going. It’s how mail works, it’s how a lot of web traffic works, so how does that pipe keep going?

A pipe

Well, it isn’t a physical pipe like that picture. It isn’t a physical connection at all and it also isn’t a psychic connection, instead, it’s a virtual connection.

It starts by the two systems, let’s call them Captain America and Black Panther, negotiating a connection. The connection is called a handshake.

A handshake

Actually it’s called a three-way handshake and it works like this:

Captain America tells Black Panther, “Hey, I want to talk to you.”. He does this by sending a packet called a SYN packet.

Black Panther then tells Captain America, “Gotcha! Good idea, Let’s talk.” He does this by sending back a packet called an ACK. The three-way is because Captain America acknowledges Black Panther’s agreement to talk by sending back his own ACK.

The TCP connection uses these three packets to set the connection up, SYN, ACK and ACK.

So they’re talking away, but like in all conversations, sometimes there’s a lull where neither side says anything. Maybe they’re each getting a nice drink, maybe they’re each writing a note to themselves to make fun of Iron Man, maybe they’re just taking a nap. The connection sends back and forth KEEP ALIVE packets to say ‘Hey, you still there?’ and the other side acknowledges ‘Yup, still here. Taking a nap, be back to talking with you in a minute.’

All conversations eventually end, or at least take enough of a break that you hang up the phone and do something else for a while. When this happens, the TCP connection is shutdown, like when you hang up your phone. Your phone tells the other guy ‘yup, I’m done’ and shuts down the communication. Similarly, the one end of the TCP connection will tell the other ‘I’m outta here’, which ends the connection.

TCP and UDP the Backbone of Traffic

Leave a reply

In the previous post we talked about the /etc/services file and how that told the computer what ports to use for what traffic. In that file we saw lots of mentions of tcp and udp but there wasn’t anything that told you what those two abbreviations meant.

In the Internet, there’s different destinations for traffic and there’s also different kinds of traffic. They’re designed for two different things.

When you send a letter by snail mail, you open up the mailbox, drop your letter in, and hope it gets there. It usually makes it to its destination, but you have no way of making sure it does.

Mailbox

On the other hand, when you make a phone call, you know it connects (because you’re talking to the other guy) and it works until either you hang up or the connection cuts off for some reason. You don’t always know why it got interrupted, just that something cut it off.

Telephone

We can communicate two ways, each of them designed for some specific reason.

In the Internet, udp traffic is like the mailbox. Its traffic that just flows across the Internet with no verification that it made it. It’s used in case when it’s not really a huge deal if the connection doesn’t work. Network Time Protocol is an example of udp traffic. It isn’t great if the time update doesn’t make it, but it isn’t the end of the world either.

On the other hand, tcp traffic is like the telephone call. In tcp traffic, a connection is created between two systems and it is kept alive as long as they need it. It’s for when you really want your traffic to make it from one system to another. E-mail uses tcp, because as I said before, people really want their email.

Network Traffic

Leave a reply

You’re on the network, surfing away on the web, and there’s data just flowing to your box. Even right now, when you’re looking at this web page, there’s data heading to your system. It’s network traffic and if you think of it as a pipe, your system has that flowing in all the time. Imagine it as a water pipe, like this picture:

Leaky Pipe

We’ll pretend our pipe isn’t leaking, since that would mean we’re losing network traffic. Our pipe brings us all kinds of traffic as we surf away, some of which we want and some of which we don’t.

How does the computer know what kind of traffic the pipe is bringing it? Computers are mostly stupid, if you put legs on one and told it to walk off a cliff, it would happily do that. We have to tell the computer what kind of traffic to expect, either DNS or web traffic or email, or other kinds of traffic we’re not mentioning here.

Back to our pipe analogy because it’s a really useful way to think about the traffic. If before the pipe connects to us, it separates itself into different types of traffic, that would work, right?

Many Pipes

We can attach those little pipes to the pipe in the first picture and that would separate out the traffic.

The way modern operating systems (Linux© included) handle this is with ports. The pipe connecting you to the network has labeled ports and the different kinds of traffic go to the different ports. Web traffic goes to port 80, e-mail to port 25, DNS to port 53, and there’s more. Each machine has 65,535 ports on it for traffic to use.

I know you’re asking the next question: How does the computer know what kinds of port do what kind of traffic? Well, there’s a file for that. It’s called /etc/services. If you more it, you can find see people reserve ports for different kinds of applications.

There’s also a website that keeps track of assigned ports.

Next time we’ll talk about what tcp and udp in the /etc/services file mean.

MUA and MTA

Leave a reply

In the last two posts, we’ve talked about how email is handled in DNS. It’s an important first step, you can’t send email if you don’t know where it’s going to go. Now we’re going to talk about two parts of the email system called the MUA and MTA.

The MUA is the Mail User Agent. How’s that for a boring term? It means that program you (the user) are using to send and read email. That page in your web browser, that application on your phone, whatever you’re using, that’s called a MUA. I’ll list a few examples:

elm (REALLY OLD)
pine (Not as old as elm, but OLD)
outlook (Microsoft’s flagship!)
your web browser of choice
thunderbird (OLD)
mail (aka that app on your Mac)

That’s just a few of the programs that can send and read email. Your system doesn’t actually receive it though, that’s the job of the MTA. Your MUA doesn’t do the real job of sending it either, it hands that off to the MTA as well.

So what’s an MTA? An MTA is a Mail Transfer Agent. It’s the computer program that actually sends and receives your email. You don’t see it work, it’s like when you send your email you drop it into a box:

A box

the MTA picks it up and sends it along, like a postman:

Postal Van

And it lands in the other person’s Inbox:

Inbox

Of course, that’s not what your inbox looks like, but it’s a pretty picture. Your inbox is actually a file whose format depends on the MTA and most MTAs have their own format.

There’s many different MTAs available. Your system uses whatever the system administrator set up, so you don’t have to worry about it. A few of them are:

sendmail (one of the originals!)
exim (not as old as sendmail)
qmail (older than exim but not as old as sendmail)

You don’t have to worry about the set up and management of these systems, someone else does that. If you want to learn, there’s books (and books and books) on the subject.

ComputerLamp

Lighting the way to Linux®

Monthly Archives: July 2017

Services

How TCP Really Works

TCP and UDP the Backbone of Traffic

Network Traffic

MUA and MTA