On Windows, after process 628 (my app) has exited, tcpview shows:
Process PID Pro Local Address Local Port Remote Address Rem Port State
-------------- --- --- ------------- ---------- --------------- -------- -----------
<non-existent> 628 TCP 0.0.0.0 http 0.0.0.0 0 LISTENING
<non-existent> 628 TCP 0.0.0.0 https 0.0.0.0 0 LISTENING
<non-existent> 628 TCP 0.0.0.0 http x.x.x.x xxxxx ESTABLISHED
I was able to kill the ESTABLISHED connection with tcpview, but can't kill the LISTENING ones (as admin) with tcpview or CurrPorts. The LISTENING connections remained indefinitely (>24 hours), preventing the app from binding to port 80 and 443 when restarted ("[10048] Only one usage of each socket address (protocol/network address/port) is normally permitted").
When I added the SO_REUSEADDR option before binding the listening socket, the app still couldn't bind the ports, this time with "[10013] An attempt was made to access a socket in a way forbidden by its access permissions".
My Questions:
Does it make any sense for the listening socket to be kept after the owning process is gone? It's not in half-closed state, since no connection has been established.
Is it expected that a socket of a non-existent process will linger indefinitely?
Are these known bugs in Windows/Winsocks?
Thanks!
Related
***** Test which uses port 80 *****
===== Tested by command netstat filtered on port 80 =====
Test for TCP
Port 80 is not found associated with TCP protocol
Port 80 is not found associated with TCP protocol
===== Tested by attempting to open a socket on port 80 =====
Your port 80 seems not actually used.
Unable to initiate a socket connection
Error number: 10060 - Error string: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
--- Do you want to copy the results into Clipboard?
--- Press the Y key to confirm - Press ENTER to continue...
I went through all these error questions that I could find on SO and I've done everything that it appears I should do. Still, I get connection refused when I telnet to port 25
This is what is asked for in other questions:
netstat-an | grep LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53045 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::52266 :::* LISTEN
So, port 25 is listening. Next, can I telnet to 25 on localhost? Yes. No problem. I can do localhost and I can do it with 127.0.0.1 and I can do it with the proper IP address. As long as I am on the machine itself, I can telnet to port 25.
Next, the EC2 firewall. There are two levels, iptables and the EC2 security zone. I made sure iptables and ip6tables were shut down. Service shows that both are "Firewall is not running". I checked the EC2 security zone. It shows:
25 tcp 0.0.0.0/0
So, it is allowing all traffic to port 25.
Still, I get connection refused when I telnet to port 25.
I continued. I checked /etc/hosts.allow and /etc/hosts.deny. Both are empty.
I continued. I looked in the mail folder. The domain is in local-host-names (which doesn't matter since I never get to the point of entering a recipient email address). I don't see anything about blocking or allowing hosts. Perhaps there is something buried in the cryptic sendmail.cf file. So, I wanted to ensure that sendmail was definitely listening with
lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sendmail 11457 root 4u IPv4 830292 0t0 TCP *:smtp (LISTEN)
Same as netstat. Listening on all devices on port smtp (25).
So, I am at a loss. Why would I get connection refused on port 25? It isn't unable to reach server. It isn't that it is not listening. It is clearly that it is listening and refusing connections.
The problem here is that there are two issues:
1) Many ISPs block outbound port 25 requests. So, it is rather common that telnet somedomain.com 25 will fail and report something like "denied" or "unreachable."
2) Proper programs that go out on port 25 are mail programs. A mail program is designed to send email to your email service, which then uses the MX record for the domain name to deliver the email. What I found is that when you register a domain name with Network Solutions and set "All" IP addresses to be a certain address, they do NOT set the MX record address. That remains set to Network Solutions' mail server. So, if someone uses a proper email program to hit your domain name, it will go to mx.yourdomain.com, which may not be your server.
In my case, I had to manually set the IP address for the mx record with Network Solutions. Then, I magically started getting emails.
For those that don't know how to check MX records, in Linux, you can run dig domain.name MX. However, it isn't your MX record setting that matters. It is your mail server's setting. For example, if my computer says the mx record is 12.34.56.78 and I use GMail and Google says the mx record is p.ctmail.com, then sending email through GMail will fail.
I'm new to Riemann and also new to ruby and Clojure as well.
When I implementation of the riemann command:
riemann-health
The error message is
Riemann::Client::TcpSocket::Error Could not connect to 127.0.0.1:5555:Errno::ECONNREFUSED: Connection refused - connect(2)
/var/lib/gems/1.9.1/gems/riemann-client-0.2.5/lib/riemann/client/tcp_socket.rb:233:in `connect_nonblock'
My develop environment is:
Ubuntu 14.04.2 LTS
riemann version is 0.2.10.
java version "1.8.0_45"
ruby 1.9.3p484
I'm assuming that you are running Riemann and riemann-dash on the same computer and not using docker for either of these:
Riemann listens to
port 5555 udp for events
port 5555 tcp for events
port 5556 tcp for queries
so there are several combinations of possible problems:
riemann is not running at all
riemann started up, and then fell over and died.
this happens when it has no config file for instance.
riemann is not listening on 5555 tcp
riemann is not listening on 5555 udp
riemann is listening to the incorrect interface (aka "bind address")
If riemann where configured to listen to 1.2.3.4:5555 then it would not respond to connections from localhost (127.0.0.1)
the connection is being blocked by some firewall (no, don't turn your firewall off)
riemann is listening on udp and you are sending tcp (or the other way around)
once you have convinced yourself that the riemann process is still running run
sudo netstat -nlp | grep 5555
and be sure you can see that riemann is infact listening to port 5555 both tcp and udp. Then install netcat and make sure you can connect to those ports with
nc -v localhost:5555
and
nc -uvv localhost:5555
asdfasfd
(yes you need to type some gobbeldy to get the second example to actually send a packet.
If you still havent got a connection install etherial or tcpdump and start sniffing.
If you are running docker, and using riemann in UDP then there are a whole other set of things to check.
I am writing a Ruby script that deploys a server on port 8000 in the background, and then in the foreground I issue queries to the server. After I've issued my queries I kill the server, however when I kill the server, it seems to be switching ports.
I am doing it the following way in the ruby script:
To see PID that is running on port 8000:
lsof -i:8000 -t
Result:
RUNNING ON PORT 8000: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 26364 user1 84u IPv6 199069 0t0 TCP *:8000 (LISTEN)
To kill the server I issue the command:
kill 26364
I then see if anything is running on port 8000:
# check if killed
lsof -i:8000 -t
Result:
RUNNING ON PORT 8000: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ruby 25560 user1 58u IPv4 199123 0t0 TCP localhost:45789->localhost:8000 (ESTABLISHED)
java 26364 user1 84u IPv6 199069 0t0 TCP *:8000 (LISTEN)
java 26364 user1 85u IPv6 199124 0t0 TCP localhost:8000->localhost:45789 (ESTABLISHED)
I only want to kill the process that is listening on port 8000,
and keep my ruby script running.
Can someone please tell me what is going on? Why is it switching ports? How can I only kill my server port?
It doesn't look to me like it's switching ports; it's still listening on port 8000. It looks to me like two things are happening:
The java process (PID 26364) is catching or ignoring the kill signal (SIGTERM), and continuing to listen on port 8000.
A ruby process (PID 25560) is making a connection to localhost:8000 (from port 45789, which was probably dynamically allocated). That is, ruby is making a normal connection to the server on port 8000.
Note that the java process owns the port 8000 end of the localhost:8000<->localhost:45789 TCP session, and the ruby process owns the port 45789 end.
Whether the ruby process's connection is somehow a result of the kill signal, or just something it happened to do at about the same time, I couldn't tell you.
I'm attempting to debug the startup of a service using the IFEO method (which I've successfully done on server versions prior to Windows 2012 on scenarios other than startup). The Debugger reg value is c:\debuggers-x64\cdb.exe -server tcp:port=1234. I then start the service and verify that cdb.exe is listening using netstat -na | findstr 1234 (I verified nothing was listening on this port prior to starting the service). Then I attempt to connect to the debugging server like this windbg.exe -remote tcp:server=localhost,port=1234 but it hangs for maybe 15-30 seconds and then fails. I try again and while it's hanging I run netstat -na | findstr 1234 again and it shows cdb.exe listening on port 1234 and it also shows a SYN_SENT to 127.0.0.1 on port 1234 (presumably sent by windbg.exe). It remains in the SYN_SENT state until windbg.exe reports a failure to connect.
So TCP connection establishment never completes. I checked the firewall and it's turned off. I also tried using the IP address of the network adapter (as opposed to localhost) but I get the same behavior. I also tried having cdb.exe listen on a port > 5000 but that also has the same behavior.
Does anyone know if there's new security introduced in Server 2012 for accessing TCP ports?
thanks