How to test UDP Connectivity ?

Sometimes we need to check the UDP Connectivity? A There are few free tools available in the net to test the UDP Connectivity but here we are going to describe about a utility called nmap, by which we will test the UDP Connectivity.

How would you be able to test and probe a port that listens for UDP connections? Or  how would you test a listening UDP port?

How to test a listening UDP port through nmap

If you have managed to create a daemonized service that opens port for UDP connections, here’s how to test that listening UDP port for UDP connections. Read on.

To test a listening UDP port, simply use nmap.

# nmap -p [port] -sU -P0 [host name | ip address]
# nmap -p 123 -sU -P0 example.com
# nmap -p 123 -sU -P0 123.123.123.123

From the command shown above, I am assuming that the host example.com is currently serving NTP service on UDP port 123.

Sample opened UDP port output:
~~~~~~~~~~~~~~~~~~~
Starting Nmap 4.52 ( http://insecure.org ) at 2008-04-29 10:56 WAT
Interesting ports on host.example.com (123.123.123.123):
PORT STATE SERVICE
123/udp open|filtered ntp
MAC Address: 00:02:A5:EC:00:8C (Compaq Computer)

Nmap done: 1 IP address (1 host up) scanned in 1.043 seconds
~~~~~~~~~~~~~~~~~~~

Not only you get to test and scan the UDP port, you also get the host’s current MAC address.

If you have a closed UDP port, you should be seeing similar lines as shown

~~~~~~~~~~~~~~~~~~~

Interesting ports on localhost (127.0.0.1):

PORT STATE SERVICE

123/udp closed ntp

~~~~~~~~~~~~~~~~~~~

How to test a listening TCP/UDP port through nc

Using the nc command you can scan a port or a range of ports to verify whether a UDP port is open

Netcat (nc) can also be used for a lot of other purposes.  It can also be used as a very fast basic port scanner:

To scan a range of UDP ports 1-1000

nc -zu destination_ip 1-1000

To scan a range of TCP ports 1-1000

 nc -z destination_ip 1-1000 

In order to get more information, you can add v, for more verbose

nc -vz destination_ip 1-1000

Why DNS works on both the protocols; TCP and UDP.

DNS and some other Services work on both the TCP and UDP Protocols. Two protocols are different from each other. TCP is a connection-oriented protocol whereas UDP is a connection-less protocol. TCP requires the data to be consistent at the destination and UDP does not require the data to be consistent or does not need to establish the connection with the host for data accuracy.

DNS uses TCP for Zone Transfer over Port: 53

It is necessary to maintain a consistent DNS database between DNS Servers. This is achieved by the TCP protocol. This communication happens between DNS Servers only. The Zone Transfer feature of DNS Server will always use TCP protocol. The connection is established between the DNS Server to transfer the zone data and Source and Destination DNS Servers will make sure that data is consistent by using TCP ACK bit.

DNS uses UDP for DNS Queries over Port: 53

A client computer will always send a DNS Query using UDP Protocol over Port 53. If a client computer does not get response from a DNS Server, it must re-transmit the DNS Query using the TCP after 3-5 seconds of interval.

UDP packets are smaller in size. Can't be greater then 512bytes. So any application needs data to be transfferedgreter than 512 bytes uses TCP We often discuss why services use both the protocols i.e.TCP and UDP. These services can also realy on TCP instead ofUDP because     TCP is a connection-oriented protocol whereasUDP is connection-less! then why use UDP?     For example, DNS uses both TCP and UDP for valid reasonsdescribed below. Note that UDP messages are not larger than512 Bytes and are trucncted when greater than this size. SoDNS uses TCP for Zone transfer and UDP for name querieseither regular (primary) or reverse.         UDP can be used toexchange small information whereas TCP must be used toexchange information larger than 512 bytes. If a clientdoesn't get response from DNS it must retransmit the datausing TCP after 3-5 seconds of interval.

What port does ping use..... ?

The article explains the reason as to why there are not ports associated with ping.

In the above diagram , there are two PC’s , PC1 and PC2. When PC1 initiates a ping to PC2, the ping packet is constructed on PC1. The source IP address of the IP header carrying the ping packet would be PC1′s IP address and destination IP address is that of PC2.

Ping uses ICMP at the network layer for communication. Ping does not use any transport layer protocols like TCP or UDP. It is a protocol which does not have a TCP or UDP header. ICMP does not use any port numbers unlike applications which use TCP or UDP. ICMP uses sequence numbers for tracking ICMP packets.

When PC1 pings PC2, the ICMP header generated by PC1 would contain sequence number, which would be used to track the packet. So when PC2 generates the response , the sequence number would be used and not port numbers.

Mail Server Complete Configuration on Centos or Redhat RHEL

Mail Server Configuration 

1)DNS

2)POSTFIX

3)DOVECOT

1)DNS CONFIGURATION

[root@cmj-itss-naveen ~]#yum install bind*

[root@cmj-itss-naveen ~]#vi /etc/sysconfig/network 

change host name to dns.mumbai.com

[root@cmj-itss-naveen ~]#vi /etc/resolv.conf

                                         domain mumbai.com

                                         search mumbai.com

                                         nameserver <IPADDRESS>

                                         nameserver 10.210.8.36

The main configuration file for dns server isnamed.conf.By default this file is not created in /var/named/chroot/etc/directory.

[root@cmj-itss-naveen ~]# vi /var/named/chroot/etc/named.conf

options{ 

            

                       //listen-on {127.0.0.1; 10.210.8.36};

                       isten-on port 53 { 127.0.0.1;10.210.8.36;};

                        directory  "/var/named/"; 

                        recursion no;

                         //allow-query     { localhost;any; };

                         //forwarders { 8.8.8.8 };

                       //allow-transfer { 10.210.8.1 ; };

        

}; 

zone "mumbai.com" { 

                                type master; 

                                file "mumbai.com-fw"; 

 }; 

zone "8.210.10.in-addr.arpa" { 

                               type master; 

                               file "8.210.10.in-addr.arpa.zone"; 

}; 

[root@cmj-itss-naveen ~]# vi /var/named/chroot/var/named/mumbai.com-fw

; Forward resolution for mumbai.com

; 

@       IN      SOA     dns.mumbai.com  root.dns.mumbai.com ( 

                                        2000031601 ; serial number 

                                        7200 ; refresh (2hrs) 

                                        3600 ; retry (1hr) 

                                        151200 ; expire (1 week) 

                                        86400 ) ; default TTL 

; define our name servers: 

                        NS      dns.mumbai.com. 

; define our mail severs: 

                        MX 10   mail.mumbai.com. 

; define the contact information for this domain: 

;                       TXT     "Contact: Jim Smith" 

;                       TXT     "Great Guru of Linux" 

;                       RP      admin.mumbai.com. ;EMAIL ID 

; define addresses and aliases: 

dns                     A       10.210.8.36 
gw                      A                       10.210.8.1

ns                      CNAME           dns 

mail                   CNAME         dns 

www                  CNAME            dns

                                  

[root@cmj-itss-naveen ~]# vi /var/named/chroot/var/named/8.210.10.in-addr.arpa.zone 

; Reverse resolution for mumbai.com

; 

@       IN      SOA     dns.mumbai.com  root.dns.mumbai.com ( 

                                                2000031601 ; serial number 

                                                7200 ; refresh (2hrs) 

                                                3600 ; retry (1hr) 

                                                151200 ; expire (1 week) 

                                                86400 ) ; default TTL 

; define our name servers: 

                         NS              dns.mumbai.com. 
1                       PTR            gw

36               PTR            dns 

36                    PTR            ns 

36                     PTR            mail 

36                     PTR            www

[root@cmj-itss-naveen ~]# /etc/init.d/named restart 

Stopping named: .                                          [  OK  ] 

Starting named:                                              [  OK  ] 

check on http://www.techrepublic.com/article/setting-up-a-dns-server-under-linux-part-1-the-configuration/1052952

2)POSTFIX CONFIGURATION

[root@cmj-itss-naveen ~]#vi /etc/postfix/mail.cf

# line 75: uncomment and specify hostname

                                       myhostname =mail.mumbai.com

# line 83: uncomment and specify domain name

                                       mydomain =mumbai.com

# line 99: uncomment

                                        myorigin = $mydomain

# line 116: change

i                                        net_interfaces =all

# line 119: change if you use only IPv4

                                         inet_protocols =ipv4

# line 164: add

                                         mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# line 264: uncomment and specify your LAN

                                         mynetworks = 127.0.0.0/8,10.0.0.0/24

# line 419: uncomment (use Maildir)

                                         home_mailbox = Maildir/

# line 545: uncomment, line 546: add

                                         header_checks = regexp:/etc/postfix/header_checks

                                         body_checks = regexp:/etc/postfix/body_checks

# line 571: add

                                        smtpd_banner = $myhostname ESMTP

# add at the last line

# limit an email size 10M

                                        message_size_limit = 10485760

# limit mailbox 1G

                                         mailbox_size_limit = 1073741824

# for SMTP-Auth settings

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

smtpd_client_restrictions = permit_mynetworks,reject_unknown_client,permit

smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject

[root@cmj-itss-naveen ~]#vi/etc/postfix/header_checks

# add at the head

# reject if email address is empty

/^From:.*<#.*@.*>/ REJECT

/^Return-Path:.*<#.*@.*>/ REJECT

[root@cmj-itss-naveen ~]#vi /etc/postfix/body_checks

# reject if includes 'example.com' in mail body

/^(|[^>].*)example.com/ REJECT

[root@cmj-itss-naveen ~]#/etc/rc.d/init.d/postfix start

[ OK]

[root@cmj-itss-naveen ~]#chkconfig postfix on

check on http://www.server-world.info/en/note?os=CentOS_6&p=mail

3)DOVECOT CONFIGURATION

[root@cmj-itss-naveen ~]#yum-y install dovecot

[root@cmj-itss-naveen ~]#vi /etc/dovecot/dovecot.conf

# line 31: change ( if not use IPv6 )

listen =*

[root@cmj-itss-naveen ~]#vi /etc/dovecot/conf.d/10-auth.conf

# line 9: uncomment and change ( allow plain text auth )

disable_plaintext_auth =no

# line 97: add

auth_mechanisms = plain login

[root@cmj-itss-naveen ~]# vi /etc/dovecot/conf.d/10-mail.conf

# line 30: uncomment and add

mail_location =maildir:~/Maildir

[root@cmj-itss-naveen ~]#vi /etc/dovecot/conf.d/10-master.conf

# line 84-86: uncomment and add

# Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0666

user = postfix  # add

group = postfix # add

}

[root@cmj-itss-naveen ~]# /etc/rc.d/init.d/dovecot start

Starting Dovecot Imap:

[ OK ]

[root@cmj-itss-naveen ~]# chkconfigdovecot on

check on http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=2

http://k2-rnd.blogspot.in/2012/04/how-to-setup-postfix-dovecot-mail.html

http://www.wtuto.com/redhat/postfix-r6.html

http://www.cyberciti.biz/faq/linux-unix-bsd-postfix-forward-email-to-another-account/