TCP - Connection

About

Network - Connection in TCP

A TCP server may serve several clients concurrently with the same local socket address (ie local IP address and port number) by creating a child process for each client for each connection.

Id

Every connection is uniquely identified by an identifier called a socket.

Standard Stream

After having created a connection, an application sends a standard input (on a io level) to the host via the connection, and receive a standard output.

For instance, lets request the home page of this website via the below HTTP get request

GET / HTTP/1.1
Host: gerardnico.com

we can send it as standard input with echo to a connection created with netcat

For Https, you need to use another utility such as openssl because netcast does not support it.

echo -e "GET / HTTP/1.1\nHost: gerardnico.com\n" | nc gerardnico.com 80

and you should get a redirection response telling you that you need to go to https://gerardnico.com/

HTTP/1.1 301 Moved Permanently
Date: Mon, 13 Apr 2020 12:26:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 13 Apr 2020 13:26:26 GMT
Location: https://gerardnico.com/
Server: cloudflare
CF-RAY: 58352ceb1ba9bf78-AMS

Process

TCP connections process (how a TCP socket gets started)

Duration: anywhere from 30-100ms to establish a connection and if you had SSL, there is more round trip.

Properties

State

During the lifetime of a TCP connection the local end-point undergoes a series of state changes:

Management

List

Powershell

Get-NetTCPConnection
# All listening port
Get-NetTCPConnection -State Listen
# One port
Get-NetTCPConnection -State Listen –LocalPort 1313

Netstat

On Unix-like and Microsoft Windows based operating systems the netstat command line tool may be used to list all currently established connection (ie sockets).

  • Command line - Example: Count all tcp connection for a the web server nginx
netstat \
  -all \
  --programs \
  -n \ # only numeric value (no host name, no port name)
  --tcp \ # only tcp 
  |  { IFS= read a; echo $a; grep nginx; } # capture and print the first line
Active Internet connections (servers and established)
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      15549/nginx: worker
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      15549/nginx: worker
tcp        0      0 164.132.99.202:443      162.158.183.132:28246   ESTABLISHED 15549/nginx: worker
tcp        0      0 164.132.99.202:443      143.176.206.82:7414     ESTABLISHED 15549/nginx: worker
tcp        0      0 164.132.99.202:443      108.162.246.202:22880   ESTABLISHED 15549/nginx: worker
tcp        0      0 164.132.99.202:443      143.176.206.82:7410     ESTABLISHED 15550/nginx: worker
tcp        0      0 127.0.0.1:56812         127.0.0.1:19999         ESTABLISHED 15549/nginx: worker
tcp        0      0 164.132.99.202:443      162.158.183.172:54598   ESTABLISHED 15550/nginx: worker
tcp        0      0 127.0.0.1:57484         127.0.0.1:19999         ESTABLISHED 15549/nginx: worker
tcp        0      0 127.0.0.1:57482         127.0.0.1:19999         ESTABLISHED 15549/nginx: worker
tcp        0      0 127.0.0.1:80            127.0.0.1:44084         ESTABLISHED 15549/nginx: worker
tcp        0      0 164.132.99.202:443      173.245.54.88:41618     ESTABLISHED 15549/nginx: worker
tcp        0      0 164.132.99.202:443      143.176.206.82:6910     ESTABLISHED 15549/nginx: worker
tcp        0      0 164.132.99.202:443      172.69.63.26:25284      ESTABLISHED 15549/nginx: worker
tcp        0      0 164.132.99.202:443      143.176.206.82:7377     ESTABLISHED 15550/nginx: worker
tcp6       0      0 :::443                  :::*                    LISTEN      15549/nginx: worker
  • UI

_

Tcpview

Process Explorer

Get file

Create

  • On a utility level, the utility netcat create a TCP connection.
  • On a library level, check the network package of your language.

Count

Count all TCP connection with netstat

Example for the nginx programs

netstat \
  -all \
  --programs \
  --tcp \ # only tcp 
  | grep nginx
  | wc

Test

You can test if a connection is possible with the netcat utility and it's z options that report connection status only.

  • In case of a connection
nc -z localhost 80 && echo tcp connection is possible
  • In case of no possible connection
nc -z localhost 80 || echo no tcp connection possible

Documentation / Reference


Powered by ComboStrap