TCP - Connection
Table of Contents
About
A TCP server may serve several clients concurrently with the same local socket address (ie local IP address and port number) by creating a child process for each client for each connection.
Articles Related
Id
Every connection is uniquely identified by an identifier called a socket.
Standard Stream
After having created a connection, an application sends a standard input (on a io level) to the host via the connection, and receive a standard output.
For instance, lets request the home page of this website via the below HTTP get request
GET / HTTP/1.1
Host: gerardnico.com
we can send it as standard input with echo to a connection created with netcat
For Https, you need to use another utility such as openssl because netcast does not support it.
echo -e "GET / HTTP/1.1\nHost: gerardnico.com\n" | nc gerardnico.com 80
and you should get a redirection response telling you that you need to go to https://gerardnico.com/
HTTP/1.1 301 Moved Permanently
Date: Mon, 13 Apr 2020 12:26:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 13 Apr 2020 13:26:26 GMT
Location: https://gerardnico.com/
Server: cloudflare
CF-RAY: 58352ceb1ba9bf78-AMS
Process
TCP connections process (how a TCP socket gets started)
- The server responds with a SYN/ACK packet (message)
- Finally, the client sends an ACK packet and starts sending data.
Duration: anywhere from 30-100ms to establish a connection and if you had SSL, there is more round trip.
Properties
State
During the lifetime of a TCP connection the local end-point undergoes a series of state changes:
Management
List
Powershell
Get-NetTCPConnection
- by state - Powershell get-nettcpconnection
# All listening port
Get-NetTCPConnection -State Listen
# One port
Get-NetTCPConnection -State Listen –LocalPort 1313
Netstat
On Unix-like and Microsoft Windows based operating systems the netstat command line tool may be used to list all currently established connection (ie sockets).
- Command line - Example: Count all tcp connection for a the web server nginx
netstat \
-all \
--programs \
-n \ # only numeric value (no host name, no port name)
--tcp \ # only tcp
| { IFS= read a; echo $a; grep nginx; } # capture and print the first line
Active Internet connections (servers and established)
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 15549/nginx: worker
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15549/nginx: worker
tcp 0 0 164.132.99.202:443 162.158.183.132:28246 ESTABLISHED 15549/nginx: worker
tcp 0 0 164.132.99.202:443 143.176.206.82:7414 ESTABLISHED 15549/nginx: worker
tcp 0 0 164.132.99.202:443 108.162.246.202:22880 ESTABLISHED 15549/nginx: worker
tcp 0 0 164.132.99.202:443 143.176.206.82:7410 ESTABLISHED 15550/nginx: worker
tcp 0 0 127.0.0.1:56812 127.0.0.1:19999 ESTABLISHED 15549/nginx: worker
tcp 0 0 164.132.99.202:443 162.158.183.172:54598 ESTABLISHED 15550/nginx: worker
tcp 0 0 127.0.0.1:57484 127.0.0.1:19999 ESTABLISHED 15549/nginx: worker
tcp 0 0 127.0.0.1:57482 127.0.0.1:19999 ESTABLISHED 15549/nginx: worker
tcp 0 0 127.0.0.1:80 127.0.0.1:44084 ESTABLISHED 15549/nginx: worker
tcp 0 0 164.132.99.202:443 173.245.54.88:41618 ESTABLISHED 15549/nginx: worker
tcp 0 0 164.132.99.202:443 143.176.206.82:6910 ESTABLISHED 15549/nginx: worker
tcp 0 0 164.132.99.202:443 172.69.63.26:25284 ESTABLISHED 15549/nginx: worker
tcp 0 0 164.132.99.202:443 143.176.206.82:7377 ESTABLISHED 15550/nginx: worker
tcp6 0 0 :::443 :::* LISTEN 15549/nginx: worker
- UI
Tcpview
Process Explorer
Get file
See Network File
Create
- On a utility level, the utility netcat create a TCP connection.
- On a library level, check the network package of your language.
Count
Count all TCP connection with netstat
Example for the nginx programs
netstat \
-all \
--programs \
--tcp \ # only tcp
| grep nginx
| wc
Test
You can test if a connection is possible with the netcat utility and it's z options that report connection status only.
- In case of a connection
nc -z localhost 80 && echo tcp connection is possible
- In case of no possible connection
nc -z localhost 80 || echo no tcp connection possible