Introduction
This Tutorial is On Socket Programming In C Language for Linux. Instructions Give Below will only work On Linux System not in windows.
Socket API In windows is called Winsock and there we can discuss about that in another tutorial.
What is Socket?
Sockets are a method for communication between a client program and a server program in a network.
A socket is defined as "the endpoint in a connection." Sockets are created and used with a set of programming requests or "function calls" sometimes called the sockets application programming interface (API).
The most common sockets API is the Berkeley UNIX C interface for sockets.
Sockets can also be used for communication between processes within the same computer.
The overview on Socket Programming that will lead you how to program with a short example of programming which is in slide. With the help of this you can understand about network programming.
Overview of the Sun Remote Procedure Call (ONC RPC) technology
RPC allows a client application to call procedures in a different address space on the same or on a remote machine (= transfer of control and data to a different address space and process).
This means that RPC extends sockets with remote procedure call semantics. Thus RPC is an early approach for distributed applications.
Different flavors of RPC evolved over time. An early standard was set forth by Sun Microsystems with ONC RPC. It is defined in RFC1057 (protocol) and RFC4506 (XDR - data presentation).
The binder (formerly portmapper) is a central component of the RPC architecture. It is a deamon that serves as a registry for registering server procedures and allows a client to lookup procedures for being called remotely.
RPC defines three different call semantics. Maybe call semantics mean that a request may be lost without further notice by the RPC system. For applications requiring higher quality of service, at-least-once call semantics ensure that the call is successfully executed at least once. However, the call may be duplicated in case of packet loss. Exactly-once call semantics provide assurance that the call is executed at least and at most once.
Introduction
This Tutorial is On Socket Programming In C Language for Linux. Instructions Give Below will only work On Linux System not in windows.
Socket API In windows is called Winsock and there we can discuss about that in another tutorial.
What is Socket?
Sockets are a method for communication between a client program and a server program in a network.
A socket is defined as "the endpoint in a connection." Sockets are created and used with a set of programming requests or "function calls" sometimes called the sockets application programming interface (API).
The most common sockets API is the Berkeley UNIX C interface for sockets.
Sockets can also be used for communication between processes within the same computer.
The overview on Socket Programming that will lead you how to program with a short example of programming which is in slide. With the help of this you can understand about network programming.
Overview of the Sun Remote Procedure Call (ONC RPC) technology
RPC allows a client application to call procedures in a different address space on the same or on a remote machine (= transfer of control and data to a different address space and process).
This means that RPC extends sockets with remote procedure call semantics. Thus RPC is an early approach for distributed applications.
Different flavors of RPC evolved over time. An early standard was set forth by Sun Microsystems with ONC RPC. It is defined in RFC1057 (protocol) and RFC4506 (XDR - data presentation).
The binder (formerly portmapper) is a central component of the RPC architecture. It is a deamon that serves as a registry for registering server procedures and allows a client to lookup procedures for being called remotely.
RPC defines three different call semantics. Maybe call semantics mean that a request may be lost without further notice by the RPC system. For applications requiring higher quality of service, at-least-once call semantics ensure that the call is successfully executed at least once. However, the call may be duplicated in case of packet loss. Exactly-once call semantics provide assurance that the call is executed at least and at most once.
This tutorial gives very good understanding on Protocols.After completing this tutorial,You will find yourself at a moderate level of expertise in Protocols port Number.
Hunting for APT in network logs workshop presentationOlehLevytskyi1
Nonamecon 2021 presentation.
Network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.
Presentation topics:
- Netflow Mitre Matrix view
- Full packet captures vs Netflow
- Zeek
- Zeek packages
- RDP initial comprometation
- Empire Powershell and CobaltStrike or what to expect after initial loader execution.
- Empire powershell initial connection
- Beaconing. RITA
- Scanning detection
- Internal enumeration detection
- Lateral movement techniques widely used
- Kerberos attacks
- PSExec and fileless ways of delivering payloads in the network
- Zerologon detection
- Data exfiltration
- Data exfiltration over C2 channel
- Data exfiltration using time size limits (data chunks)
- DNS exfiltration
- Detecting ransomware in your network
- Real incident investigation
Authors:
Oleh Levytskyi (https://twitter.com/LeOleg97)
Bogdan Vennyk (https://twitter.com/bogdanvennyk)
Transport Layer Port or TCP/IP & UDP PortNetwax Lab
A port is an application-specific or process-specific software construct serving as a communications
endpoint in a computer's host operating system. The purpose of ports is to uniquely identify different
applications or processes running on a single computer and thereby enable them to share a single
physical connection to a packet-switched network like the Internet. In the context of the Internet
Protocol, a port is associated with an IP address of the host, as well as the type of protocol used for
communication.
MIPI DevCon 2016: Verification of Mobile SOC Design (UFS)MIPI Alliance
Verification of mobile SoC designs is extremely challenging due to the size of the designs, complexity of software and diversity of protocols. For example, protocols like MIPI CSI and DSI require long simulation runs to stream even a small number of video frames.
Utilizing HW/SW co-design methodology, MIPI CSI-3 and JEDEC UFS2 were developed where the UFS2/CSI-3 and UniPro (TL/NL/DME) layers are implemented in software while the UniPro (DL/PAL) and M-PHY layers are implemented in synthesizable Verilog RTL. The communication layer between the software and hardware parts of the UniPro solution is implemented using a transaction-based methodology based on SCE-MI 2.0.
The presentation by Mohamed Samy of Mentor Graphics will cover the co-design methodology and how the software and hardware were integrated together. It will also speak about the testing environment and the advanced debug capabilities enabled by the use of protocol analyzer.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
3. page 3November 12th-14th, 2003 HP Software Universe
Agenda
Why bother? What’s the problem?
DCE-daemonless communication (Volker Gaertner)
1. Current DCE RPC communication
2. DCE RPC communication without endpoint mapper
3. Configuration on managed nodes and management server(s)
4. Examples
Outbound-only communication (Stefan Bergstein)
1. The problem: no inbound connections allowed
2. SSH Functionality - concept of tunneling and port forwarding
3. OVO outbound-only using SSH tunnel
4. Configuring OVO - using SSH port forwarding
5. page 5November 12th-14th, 2003 HP Software Universe
Managed environment
OVO Sever
managed node
OVO Agent
managed node
OVO Agent
managed node
OVO Agent
Operator UI
managed node
OVO Agent
managed node
OVO Agent
managed node
OVO Agent
Firewall Firewall Firewall
outbound outbound
outbound
InternetDMZ
customer site
Intranet
1
2
3
4
5
Normally, OVO requires
inbound communication on
port 135 and other ports,
but this can be avoided
with the daemonless
communication and SSH
tunnels
inbound
135
inbound
135
attack on port 135
or DCE lookup and
then attack on
another port
6. page 6November 12th-14th, 2003 HP Software Universe
Current problems
• Recent virus attacks on port 135 (not only on Windows!)
– Customers don’t want to open port 135 on their firewall at all
– Shutdown the port mapper (dced) on system in the DMZ
• Inbound communication
– Current concept: message agent sends alarm/message
immediately to inform operator as fast as possible (no polling)
– Requires inbound communication (agent initiates communication)
8. page 8November 12th-14th, 2003 HP Software Universe
Current DCE RPC Communication
1. RPC server starts up.
Either the RPC server (via opcinfo
variable) or the OS selects the
port on which the RPC server will
be listening.
The RPC server registers itself with
this port at the local DCE
endpoint mapper*.
2. The endpoint mapper stores this
information in its database.
RPC
client
endpoint
mapper
(port 135)
RPC
server
1
2
* dced on Unix, RPC Service on Windows
endpoint
mapper DB
9. page 9November 12th-14th, 2003 HP Software Universe
Current DCE RPC Communication
3. The RPC clients starts and does
not know the server's port.
It queries the endpoint mapper
with
– the type of server it wants to
contact
– and some additional interface
specification uniquely
identifying the target server.
4. The endpoint mapper returns the
port number.
5. The RPC client can now contact
the desired RPC server directly.
RPC
client
endpoint
mapper
(port 135)
RPC
server
3 4
endpoint
mapper DB
5
11. page 11November 12th-14th, 2003 HP Software Universe
DCE RPC Communication
w/o Endpoint Mapper
A. The RPC server starts up.
It reads its port from the opcinfo variable
(OVO agent) or registry key (OVO/W
management server)
OPC_COMM_PORT_RANGE.
It does not register anywhere and simply listens
at this port.
RPC
client
RPC
server
A
opcinfo
Win registry
12. page 12November 12th-14th, 2003 HP Software Universe
DCE RPC Communication
w/o Endpoint Mapper (cont.)
B. The RPC client determines from its local
configuration that the RPC server must be
contacted without an endpoint mapper
lookup.
It reads the name of the server port
specification file from opcinfo or the
registry
C. The RPC client reads the desired RPC
server port from the server port
specification file, based on the server
type and target node.
D. The RPC client now contacts the RPC
server directly.
RPC
client
RPC
server
D
opcinfo
Win registry
opcinfo
Win registry
port config
C
B
13. page 13November 12th-14th, 2003 HP Software Universe
OVOW deamonless communication
OVOW server
1
server
• message action server is using one
customer defined port
• message action server and the deployer
can communicate directly to agent
(without remote DCE lookup)
agent
• no endpoint mapper on agent
• control agent (opcctla) is using one
customer defined port
• control agent does not register at local
endpoint mapper
• message agent can communicate directly
to server (without remote DCE lookup)
Available remote functionality:
No change – everything is possible
1) start action, tools (apps),
start/stop/status of agent,
HPB via RPC only
2) deliver messages, action status,
annotations
3) remote policy/instrumentation
deployment
OVO agent
opcctla
msg/act
server
deployer
opcmsga
rpcd
2
Firewall inside
outside
port 135
policies,
act,cmd,
monitor
3
port 12001
port 12003port 135
rpcd
RPC Server
Endpoint mapper
RPC Client
14. page 14November 12th-14th, 2003 HP Software Universe
OVOU deamonless communication
OVOU server
RPC ServerEndpoint mapper RPC Client
1
server
• message receiver (opcmsgrd) is using one
customer defined inbound port
• distribution manager (opcmsgrd) is using one
customer defined inbound port
• request sender can communicate directly to
agent (without remote DCE lookup) using
only outbound ports
agent
• no endpoint mapper on agent
• control agent (opcctla) is using one customer
defined outbound port
• message and distribution agent can
communicate directly to server (without
remote DCE lookup) using each one inbound
port
Available remote functionality
No change – everything is possible
1) start action, tools (apps),
start/stop/status of agent,
HPB via RPC only
2) deliver messages, action status, annotations
3) remote policy/instrumentation deployment
(RPC only)
OVO agent
opcctla
opcmsgrdovoareqsdr
opcmsga
rpcd
2Firewall inside
outside
port 135
policies,
act,cmd,
monitor
3
port 12001
port 12003
opcdistm
opcdista
port 12002
port 135
rpcd
15. page 15November 12th-14th, 2003 HP Software Universe
OVOU deamonless communication
w/o deployment
OVOU server
RPC Server
Endpoint mapper
RPC Client
1
server
• message receiver (opcmsgrd) is using one
customer defined inbound port
• request sender can communicate directly to
agent (without remote DCE lookup) using
only outbound ports
agent
• no endpoint mapper on agent
• control agent (opcctla) is using one
customer defined outbound port
• message agent can communicate directly
to server (without remote DCE lookup)
using one inbound port
• manual policy/instrumentation deployment
(via opctmpldwn) [3]
Available remote functionality
1) start action, tools (apps),
start/stop/status of agent,
HPB via RPC only
2) deliver messages, action status,
annotations OVO agent
opcctla
opcmsgrdovoareqsdr
opcmsga
rpcd
2
Firewall inside
outside
port 135
policies,
act,cmd,
monitor
3
port 12001
port 135
rpcd
port 12003
17. page 17November 12th-14th, 2003 HP Software Universe
White papers
• Detailed configuration information can be found in the
corresponding white papers for OVOW and OVOX:
“DCE RPC Communication Without Endpoint Mapper”
• OVOW:
– http://openview.hp.com/sso/getdoc?doc=/500/products/oper
ations_for_windows/tech_whitepaper/ovowin72_twp_dce_comm
_jul03.pdf (channel web / ask your HP representative)
• OVOX:
– http://ovweb.external.hp.com/ovnsmdps/pdf/dce_em_unix_a07
15.pdf (or http://ovweb.external.hp.com/lpe/doc_serv )
18. page 18November 12th-14th, 2003 HP Software Universe
New configuration variables
try to contact the server’s endpoint mapper if no local configuration is foundKey Type Value Explanation
COMM_REGISTER_RPC_SRV String TRUE or
FALSE
Register/do not register RPC interfaces with endpoint
mapper
OPC_COMM_LOOKUP_RPC_SRV Bool TRUE or
FALSE
Contact/do not contact endpoint mapper (if no local
configuration is found)
OPC_COMM_PORT_MSGR Int One
number
Specifies at which port the message interface of the
Message Action Server is listening on the
Management Server(s).
OPC_COMM_PORT_DISTM Int One
number
Specifies at which port the distribution interface of the
Message Action Server is listening on the
Management Server(s).
OPC_COMM_RPC_PORT_FILE String Full path If set, it points to a port specification file with
dedicated ..msgrd, …distm and opcctla entries per
target
19. page 19November 12th-14th, 2003 HP Software Universe
• File syntax:
– Standard OVO patterns can be used.
– Empty lines are accepted.
– Comments start with “#” but must be the very first character
– Configuration data must be specified using 4 standard elements, separated
with white spaces:
– SelectionCriteria
NODE_NAME Node name pattern or exact match1
NODE_ADDRESS IP Addresses pattern or exact match1
– SrvType
opcctla Management Server contacting the Agent
opcmsgrd Message Agent contacting the Mgmt. Server
opcdistm Distribution Agent contacting the Mgmt. Server
– Port Port number to contact this RPC server
– Node Node name or address pattern for this rule.
Port Specification File - Syntax
21. page 21November 12th-14th, 2003 HP Software Universe
Port Specification File (Managed Node)
Example port specification file on a managed node:
#
# SelectionCriteria SrvType Port Node
# ----------------------------------------------------------------
NODE_NAME opcmsgrd 5000 primaryserver.hp.com
NODE_NAME opcdistm 5000 primaryserver.hp.com
NODE_NAME opcmsgrd 6000 backupserver.hp.com
NODE_NAME opcdistm 6001 backupserver.hp.com
Primaryserver.hp.com is an OVOW server where the distm and msgrd interface are using
the same port (5000)
Backupserver.hp.com is an OVOX server where the opcdistm process is listening on a
different port (6001) than the opcmsgrd (6000).
22. page 22November 12th-14th, 2003 HP Software Universe
Port Specification File (Server)
Example port specification file on the management server:
#
# SelectionCriteria SrvType Port Node
# ----------------------------------------------------------------
NODE_NAME opcctla 12345 <*>.hp.com
NODE_ADDRESS opcctla 12346 15.136.<*>
NODE_ADDRESS opcctla 12347 ^192.<1 -lt <#> -lt 10>.<*>
NODE_ADDRESS opcctla 12347 1.2.3.4
On all nodes ending with hp.com the opcctla can be found on port 12345.
On nodes out of the IP-range 15.136.<*> it uses 12346.
etc…
23. page 23November 12th-14th, 2003 HP Software Universe
COMM_PORT_RANGE
"5000"
COMM_REGISTER_RPC_SRV
TRUE
COMM_LOOKUP_RPC_SRV
TRUE
OVO managed node “A” OVOW mgmt server “X”
registry
COMM_RPC_PORT_FILE
"/tmp/ports"
/tmp/ports
# Entry type Server Port Node
# -----------------------------------------------------
NODE_NAME opcctla 11111 A
NODE_NAME opcctla 22222 B
OVO managed node “B”
opcinfo
..RESTRICT_TO "opcctla"
..PORT_RANGE "11111"
..MGMT_SERVER "X"
..PORT_DISTM “5000"
..PORT_MSGR "5000"
opcdista
opcctla
opcmsga
OvEpMsg
ActSrv
Example A:
one OVOW mgmt server
..RESTRICT_TO "opcctla"
..PORT_RANGE “22222"
..MGMT_SERVER "X"
..PORT_DISTM “5000"
..PORT_MSGR "5000"
opcdista
opcctla
opcmsga
24. page 24November 12th-14th, 2003 HP Software Universe
Example B:
one OVOW, one OVOU mgmt server
opcmsga
opcdista
OVO managed node "A"
opcinfo..MGMT_SERVER "X"
OvEpMsg
ActSrv
COMM_PORT_RANGE
"5000"
registry
opcmsgrd
opcdistm
OVOU mgmt server "Y“
RESTRICT_TO "opcmsgrd"
PORT_RANGE "5555"
RESTRICT_TO "opcdistm"
PORT_RANGE "6000"
opcsvinfo
mgrconf
/tmp/svports
# Entry type Server Port Node
# -----------------------------------------------------
NODE_NAME opcmsgrd 5000 X
NODE_NAME opcmsgrd 5555 Y
NODE_NAME opcdistm 5000 X
NODE_NAME opcdistm 6000 Y
..PORT_FILE "/tmp/svports"
RESPMGRCONFIGS
SECONDARYMANAGER
NODE IP "0.0.0.0" X
SECONDARYMANAGER
NODE IP "0.0.0.0" Y
[...]
OVOW mgmt server "X"
25. page 25November 12th-14th, 2003 HP Software Universe
Required patches
Server side:
V HP-UX 11.0/11.11 PHSS_28962 05-MAY-03
V Solaris ITOSOL_00226 09-MAY-03
Agent side:
on HP-UX 11.0/11.11 server
V AIX PHSS_28949 14-MAY-03
V HP-UX 10.20 PHSS_28959 07-JUL-03
V HP-UX 11.0/11.11 PHSS_28958 06-MAY-03
V HP-UX 11.22 PHSS_28960 07-JUL-03
V Linux PHSS_28951 30-MAY-03
V NTIntel PHSS_28943 08-MAY-03
V Solaris PHSS_28948 12-MAY-03
V Tru64 PHSS_28950 30-MAY-03
on Solaris server
V AIX ITOSOL_00220 09-MAY-03
V HP-UX 10.20 ITOSOL_00224 04-AUG-03
R HP-UX 11.0/11.11 ITOSOL_00239 (planned)
V HP-UX 11.22 ITOSOL_00225 31-JUL-03
V Linux ITOSOL_00222 30-MAY-03
V NTIntel ITOSOL_00217 23-MAY-03
V Solaris ITOSOL_00219 09-MAY-03
V Tru64 ITOSOL_00221 30-MAY-03
Server side:
V Windows A.07.20
Agent side:
on Windows server
HP-UX agent A.07.20
Windows agent A.07.20
Solaris agent A.07.20
AIX agent OVOW_00035
26. page 26November 12th-14th, 2003 HP Software Universe
Outbound-only communication
using SSH port forwarding
- An advanced use case -
27. page 27November 12th-14th, 2003 HP Software Universe
Overview
• The Problem: No inbound connections allowed
• SSH Functionality and Benefits
• Concept of SSH tunneling and port forwarding
• OVO outbound-only using SSH tunnel
• Configuring OVO
• Using SSH port forwarding
• Summary and FAQ
28. page 28November 12th-14th, 2003 HP Software Universe
The Problem: No inbound connections allowed
OVO Sever
managed node
OVO Agent
managed node
OVO Agent
managed node
OVO Agent
Firewall Firewall
outbound outbound
DMZIntranet
managed node
OVO Agent
managed node
OVO Agent
managed node
OVO Agent
Internet
outbound only
• Some companies don’t allow any
inbound connections into their Intranet
• Firewall administrators don’t open any
inbound port.
OVO agent
• message agent sends messages,
annotations, actions status, etc to the
management server
• distribution agent requests
configurations (templates, actions,
cmds, etc) from to the management
server
• both are inbound connections because
the agent initiates the communication
objective
• get rid of the inbound connection with
the DCE daemon-less feature and SSH
port forwarding
• full functional agent
29. page 29November 12th-14th, 2003 HP Software Universe
SSH Functionality and Benefits
SSH Functionality:
• SSH secure command shells
• SSH port forwarding
• Secure file transfer protocol
The Benefits of SSH:
• Network security
• Strong authentication
• Public key cryptography
• Password authentication
• Host authentication
• Data encryption
30. page 30November 12th-14th, 2003 HP Software Universe
The Features of SSH
The major features of SSH are:
• Customization: Can be customized to meet network or user requirements.
• Authentication: Provides strong authentication by using rhosts combined with RSA.
• X11 Sessions: Secures X11 sessions.
• Encryption: Encrypts data being transferred across the network. SSH uses various
types of ciphers, such as IDEA, DES, and triple−DES for encrypting data.
• Secures the network against various attacks, such as spoofing and packet sniffing.
• Arbitrary TCP/IP ports: Redirects ports through the encrypted channel in both
directions.
• Replacing traditional rlogin, rsh, and rcp services
• Replacing insecure programs
• Provides improved privacy encryption of all communications.
• User and Host authentication key: Uses 1024−bit host authentication keys.
31. page 31November 12th-14th, 2003 HP Software Universe
mypc
Concept of SSH tunneling and port forwarding
8880
50123
SSH
tunnel
#
#ssh -n –N -R 50123:hello:8880 mypc
Example with a web server and browser:
WWW Server
hello.com:8880
http://hello.com:8880
http://hello.com:8880
http://localhost:50123
http://localhost:50123
32. page 32November 12th-14th, 2003 HP Software Universe
OVO outbound-only using SSH tunnel
OVOU server
RPC ServerEndpoint mapper RPC Client
1
server
• message receiver (opcmsgrd) is using one
customer defined port
• distribution manager (opcdistm) is using one
customer defined port
• request sender can communicate directly to
agent (without remote DCE lookup) using
only outbound ports
ssh tunnel
• message receiver and distribution manager
port are forwarded to the managed node
• tunnel is imitated from the server (outbound)
agent
• no endpoint mapper on agent needed
• control agent (opcctla) is using one customer
defined outbound port
• message and distribution agent communicate
to localhost (127.0.0.1)
OVO agent
opcctla
opcmsgrdovoareqsdr
opcmsga
rpcd
2
Firewall inside
outside
port 135
3
port 12001
port 12003
opcdistm
opcdista
port 12002
port 135
rpcdport 12001port 12002
Outbound
SSH tunnel
33. page 33November 12th-14th, 2003 HP Software Universe
Configuring OVO
OVO Sever
DMZ
Intranet
Firewall outbound
Firewall
outbound
Internet
privpub
managed node
OVO Agent pub
managed node
OVO Agent pub
ssh tunnel OPC_RESOLVE_IP 127.0.0.1
OPC_DIST_MODE DIST_RPC
OPC_COMM_LOOKUP_RPC_SRV FALSE
OPC_COMM_PORT_MSGR 5000
OPC_COMM_PORT_DISTM 5002
OPC_RESTRICT_TO_PROCS opcctla
OPC_COMM_PORT_RANGE 12345
opcinfo
ACTIONALLOWMANAGERS
NODE IP ip_adr_of_mgr ““
mgrconf
OPC_RESTRICT_TO_PROCS opcdistm
OPC_COMM_PORT_RANGE 5002
OPC_COMM_REGISTER_RPC_SRV TRUE
OPC_RESTRICT_TO_PROCS opcmsgrd
OPC_COMM_PORT_RANGE 5000
OPC_COMM_REGISTER_RPC_SRV TRUE
opcsvinfo
for all nodes in DMZ
ssh –n –N
–R 5000:ovoserver:5000
–R 5002:ovoserver:5002
node
34. page 34November 12th-14th, 2003 HP Software Universe
Using SSH port forwarding
• SSH2 must be installed and configured on all systems
• Port forwarding is initiated on the OVO server. E.g.,
# ssh -R 5000:mgmt_srv:5000 -R 5002:mgmt_srv:5002 managed_node
• Tunnel must be started for each node in DMZ.
• Useful ssh options:
-v : Verbose mode. ssh prints debugging messages.
-l login_name : user to log in as on the remote machine.
-N : Do not execute a remote command. Just forwarding ports.
-n : Redirects stdin from /dev/null. This must be used when ssh is
run in the background.
Note, don’t use –g. This allows remote hosts to connect to
forwarded ports.
• Public key of ‘server user’ shall be installed on managed
nodes, so that login without password can be done.
35. page 35November 12th-14th, 2003 HP Software Universe
Create and exchange SSH user keys
Create and exchange user keys so that the management server can login into the
managed node without entering a password:
• Create on the management server user keys:
# ssh-keygen -t rsa
# ssh-keygen -t dsa
• Copy public keys to agent:
# cd ~/.ssh/
# scp *.pub agent
if needed, accept fingerprint this will add the agent in ~/.ssh/known_hosts
• Add public keys on agent:
# ssh agent
# cat id_rsa.pub >> .ssh/authorized_keys
# cat id_dsa.pub >> .ssh/authorized_keys
# rm id_rsa.pub id_dsa.pub
# exit
• You should now be able to connect from "server" to "agent" without a
password prompt.
36. page 36November 12th-14th, 2003 HP Software Universe
OVO SSH tunneling at a Glance
The major benefits are:
• Outbound-only communication
• All standard agent features are available like on any other system.
• Customization on agent and server uses ordinary OVO Firewall and DCE
daemon-less features.
• Additional buffering and encoding of messages etc is not required.
Prerequisites to use this solution:
• SSH2 on all participating systems
• Certain custom code to start, stop, and monitor your SSH tunnels is
required
• Firewall must allow outbound SSH communication
37. page 37November 12th-14th, 2003 HP Software Universe
FAQ (1)
• Does this work also with OVOW?
Since the DCE Daemon-less works equally, you can do this with OVOW, but you
have to consider that policy deployment works differently. Furthermore, the
Service Discovery agent has additional in-inbound connection.
• Is outbound-only communication with SSH port forwarding a supported
OVO feature?
This is not a feature. It is an use case of the DCE Daemon-less functionality. All
shown OVO keys and parameters are well-known features. OVO neither bundles
nor deliver any SSH. HP OpenView does not provide any support for SSH itself.
• Does OVO provide any functionality to manage the SSH keys?
No. You have to configure, run, and maintain your SSH by your own.
• Is there any SSH recommended for this use case?
No, but tests were successful with:
HP-UX 11.0 T1471AA A.03.50.000 HP-UX Secure Shell
HP-UX 11.11 T1471AA A.03.50.000 HP-UX Secure Shell
Win 2000 OpenSSH for Win 3.6.2p1 (Cygwin)
38. page 38November 12th-14th, 2003 HP Software Universe
FAQ (2)
• Can I use port forwarding for M2M messages forwarding?
Yes. Note that you have to configure on the source server an
OPC_COMM_RPC_PORT_FILE with NODE_NAME opcmsgrd 5000 localhost.
• How is the scalability and performance of this use case?
Be aware that you have to start for each managed node a ssh client on the
management server. The ssh client does not need much resources, but you have
to manage these processes by your own.
• Do I have to run the tunnels under root/Administrator? No.
• Where can I find further information about SSH?
E.g., OpenSSH Manual pages: http://www.openssh.org/manual.html
• Where can I find further information about used OVO parameters?
– OVO DCE RPC Communication without Endpoint Mapper White Paper
– OVO Firewall Configuration White Paper