Information Technology Reference
In-Depth Information
•
What TCP or UDP port numbers are used by the protocol?
•
Does the protocol require any inbound TCP connections or inbound UDP packets?
•
Does the protocol embed IP addresses in the data portion of the packet?
•
Are you running a client or a server for the protocol?
If the protocol embeds IP addresses in the data portion of the packet and you have NAT configured
anywhere along the path of the packet, the NAT gateway will need to know how to deal with that
particular protocol, or the connection will fail. NAT gateways do not typically change information in the
data portion of a packet unless they have been specifically coded to do so. Some examples of protocols
that embed IP addresses in the data portion of the packet are FTP, SQLNet, and Microsoft WINs.
If there is a question whether a firewall or router is interfering with the flow of data for a particular
application or protocol, you can take several steps to see what exactly is happening. These steps may not
all be possible in all situations.
•
Move the client outside the firewall or address translation device.
•
Verify whether the client can talk to a server on the same subnet as the client.
•
Capture a network trace at the client's LAN and on the LAN closest to the server (or, preferably, on
the server's LAN, if possible).
•
If the service is ASCII-based, you can try Telnetting to the service's port from the router closest to
the server; then work backward into the network toward the client.
Hypertext Transport Protocol
HTTP is the protocol used to transfer the files that make up web pages. Although the HTTP specification
allows for data to be transferred on port 80 using either TCP or UDP, most implementations use TCP. A
secure version of the protocol, SHTTP, uses TCP port 443.
You can test HTTP connectivity using any Telnet application that allows a port number to be specified
by Telnetting to the IP address of the destination server on port 80. You should see a hello message,
which indicates that you have HTTP connectivity to the server.
FTP
FTP uses two or more TCP connections to accomplish data transfers. To start a session, the FTP client
opens a TCP connection to port 21 on the FTP server. This connection is called the
control connection
and is used to pass commands and results between the client and the server. No data, such as file transfers
or directory listings, is passed over the control connection; instead, data is transferred over a separate
TCP connection created specifically to fulfill that request. This
data connection
can be opened in several
different ways:
•
Traditional (or active)
—The FTP server opens a TCP connection back to the client's port 20. This
method will not work on a multiuser system because many users may make simultaneous FTP
requests, and the system will not be capable of matching incoming FTP data connections to the
appropriate user.
•
Multiuser traditional (or active)
—The FTP client instructs the FTP server to open a connection
on some random port in the range 1024 through 65535. This method creates a rather large security
hole because it requires system administrators to permit inbound TCP connections to all ports
greater than 1023. Although firewalls that monitor FTP traffic and dynamically allow inbound
