Identify connections for sending/receiving service requests/request responses

Applications IP Networking
1

Good afternoon, I need your help please:

Im just trying to identify connections for sending/receiving service requests/request responses for an Extended API

By Definition on documentation it says:
Extended API is an interface between the OSS/BSS and ProvisiontLink that is used for sending service requests to the network

Extended API is based on TCP/IP sockets. The interface is asynchronous: an OSS/BSS opens two socket connections to ProvisiontLink. One connection is for sending
service requests and the other one for receiving request responses.
There can be up to 250 simultaneous OSS/BSS connection pairs to ProvisiontLink

I found The ProvisiontLink process as this 24080:

CLPROCONCAP033:/app/nokia/ilink> lsof -i tcp:7110
COMMAND  PID  USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
java    24080 ilink   64u  IPv6 747229605      0t0  TCP CLPROCONCAP034.nh.inet:55072->prov_osb.domain:7110 (ESTABLISHED)
java    24080 ilink  129u  IPv6 747244195      0t0  TCP CLPROCONCAP034.nh.inet:55074->prov_osb.domain:7110 (ESTABLISHED)

I filtered (7110) bcz its a kind of weblogic using osb (Oracle Service bus)

CLPROCONCAP033:/app/nokia/ilink> netstat -an|grep 7110

tcp6       0      0 10.203.200.40:56878     10.203.109.251:7110     ESTABLISHED
tcp6       0      0 10.203.200.40:56876     10.203.109.251:7110     ESTABLISHED
tcp6       0      0 10.203.200.40:56552     10.203.109.251:7110     TIME_WAIT 
tcp6       0      0 10.203.200.40:56686     10.203.109.251:7110     TIME_WAIT 
tcp6       0      0 10.203.200.40:56856     10.203.109.251:7110     TIME_WAIT 
tcp6       0      0 10.203.200.40:56732     10.203.109.251:7110     TIME_WAIT 
tcp6       0      0 10.203.200.40:56762     10.203.109.251:7110     TIME_WAIT 
tcp6       0      0 10.203.200.40:56908     10.203.109.251:7110     ESTABLISHED
tcp6       0      0 10.203.200.40:56684     10.203.109.251:7110     TIME_WAIT

This is the log:

CLPROCONCAP033:/app/nokia/ilink/install/sas/ws/logs> tail -f access_log.2023-04-24
10.203.200.10 - - [24/Apr/2023:00:07:11 -0500] "POST /ilws/ProvisionSOA HTTP/1.1" 200 557
10.203.200.11 - - [24/Apr/2023:00:07:14 -0500] "GET /ilws/ProvisionSOA?wsdl HTTP/1.1" 200 4943
10.203.200.12 - - [24/Apr/2023:00:07:15 -0500] "GET /ilws/ProvisionSOA?wsdl HTTP/1.1" 200 4943

These are the sockets for LISTEN state:

LPROCONCAP033:/app/nokia/ilink/install/sas/ws/logs> lsof -p 24080|grep LISTEN

java    24080 ilink   26u     IPv6         1078557627       0t0        TCP *:49979 (LISTEN)
java    24080 ilink   27u     IPv6         1078557628       0t0        TCP *:44010 (LISTEN)
java    24080 ilink   30u     IPv6         1078557629       0t0        TCP *:55819 (LISTEN)
java    24080 ilink   68u     IPv6         1078557630       0t0        TCP *:44006 (LISTEN)
java    24080 ilink   80u     IPv6         1078557636       0t0        TCP localhost:44007 (LISTEN)

These are for ESTABLISHED state:

CLPROCONCAP033:/app/nokia/ilink/install/sas/ws/logs> lsof -p 24080|grep ESTABLISHED

java    24080 ilink   81u     IPv6         1078599582       0t0        TCP CLPROCONCAP033.nh.inet:63388->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   82u     IPv6         1078575676       0t0        TCP CLPROCONCAP033.nh.inet:55310->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   83u     IPv6         1079354296       0t0        TCP CLPROCONCAP033.nh.inet:64694->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   85u     IPv6         1078571938       0t0        TCP CLPROCONCAP033.nh.inet:55312->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   87u     IPv6         1090091151       0t0        TCP CLPROCONCAP033.nh.inet:44006->10.203.200.10:19385 (ESTABLISHED)
java    24080 ilink   91u     IPv6         1078618223       0t0        TCP CLPROCONCAP033.nh.inet:51050->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   92u     IPv6         1078621194       0t0        TCP CLPROCONCAP033.nh.inet:51052->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   93u     IPv6         1078589426       0t0        TCP CLPROCONCAP033.nh.inet:51054->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   94u     IPv6         1078593026       0t0        TCP CLPROCONCAP033.nh.inet:51056->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   95u     IPv6         1078621195       0t0        TCP CLPROCONCAP033.nh.inet:51058->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink   96u     IPv6         1079639163       0t0        TCP CLPROCONCAP033.nh.inet:56926->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  106u     IPv6         1078589919       0t0        TCP CLPROCONCAP033.nh.inet:54986->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  108u     IPv6         1078557632       0t0        TCP CLPROCONCAP033.nh.inet:54988->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  109u     IPv6         1078589920       0t0        TCP CLPROCONCAP033.nh.inet:54990->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  110u     IPv6         1078589921       0t0        TCP CLPROCONCAP033.nh.inet:54992->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  111u     IPv6         1078571910       0t0        TCP CLPROCONCAP033.nh.inet:54994->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  133u     IPv6         1078570845       0t0        TCP CLPROCONCAP033.nh.inet:54906->imdb-soa.nh.inet:search (ESTABLISHED)
java    24080 ilink  137u     IPv6         1078607012       0t0        TCP CLPROCONCAP033.nh.inet:64356->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  138u     IPv6         1090103663       0t0        TCP CLPROCONCAP033.nh.inet:53286->pro_osb_fs.nh.inet:7110 (ESTABLISHED)
java    24080 ilink  140u     IPv6         1090053117       0t0        TCP CLPROCONCAP033.nh.inet:44006->10.203.200.10:29456 (ESTABLISHED)
java    24080 ilink  141u     IPv6         1078558504       0t0        TCP CLPROCONCAP033.nh.inet:51046->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  142u     IPv6         1078621193       0t0        TCP CLPROCONCAP033.nh.inet:51048->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  143u     IPv6         1078655576       0t0        TCP CLPROCONCAP033.nh.inet:54520->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  144u     IPv6         1090101798       0t0        TCP CLPROCONCAP033.nh.inet:44006->10.203.200.10:19405 (ESTABLISHED)
java    24080 ilink  145u     IPv6         1090077045       0t0        TCP CLPROCONCAP033.nh.inet:53290->pro_osb_fs.nh.inet:7110 (ESTABLISHED)
java    24080 ilink  146u     IPv6         1089851378       0t0        TCP CLPROCONCAP033.nh.inet:49979->10.203.200.21:58092 (ESTABLISHED)
java    24080 ilink  147u     IPv6         1078721512       0t0        TCP CLPROCONCAP033.nh.inet:63438->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  152u     IPv6         1079917831       0t0        TCP CLPROCONCAP033.nh.inet:49530->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)
java    24080 ilink  173u     IPv6         1085621325       0t0        TCP CLPROCONCAP033.nh.inet:59110->CLPROCONCAP033.nh.inet:44008 (ESTABLISHED)

On the connecttions above I can't identify connection for sending and receiving request responses.
Im not sure if ports 44006 and 44007 are?

CLPROCONCAP033:/app/nokia/ilink> netstat -an|grep 44007
tcp6       0      0 127.0.0.1:44007         :::*                    LISTEN    
CLPROCONCAP033:/app/nokia/ilink>
CLPROCONCAP033:/app/nokia/ilink> netstat -an|grep 44006
tcp6       0      0 :::44006                :::*                    LISTEN    
tcp6       0      0 10.203.200.40:44006     10.203.200.10:29676     ESTABLISHED
tcp6       0      0 10.203.200.40:44006     10.203.200.10:61104     ESTABLISHED
tcp6       0      0 10.203.200.40:44006     10.203.200.10:61094     ESTABLISHED
tcp6       0      0 10.203.200.40:44006     10.203.200.10:35041     ESTABLISHED

I appreciate your help in advanced

2

Hello,

I'm not familiar with this particular server process, but I think this is more a matter of how to think about network traffic and sockets, more than anything else.

For a server process that takes inbound connections, there will always be at least one port in a LISTENING state to accept those inbound connections. Clients that wish to connect to the server will establish connections from their unprivileged outbound ports (so ports numbered between 1024 and 65,535 by default) to that listening port on the server.

So from the server's perspective, you'll see two sets of things:

  • A port or ports in a LISTENING state, which are open to accept incoming connections
  • A connection in an ESTABLISHED state between a listening port on the server and an output port on the client, when a client is actively communicating with the server

In other words then: for a given process that listens on a given port, you will always see established connections going back from the server to that client from that listening port on the server, to a random high-numbered unprivileged output port on the client. It is the client that establishes the connection to the server in all cases, and so it is the listening server port that will always be the open port for the session from the server's perspective.

So for a given piece of server software, the port it will answer connection requests from the clients on will be the same port that they have connected to. There can be unusual exceptions to this for some protocols and services, particularly those that use callbacks or some other kind of out-of-band communication (rlogin and FTP come to mind), but for most server services the setup will work as described above.

Hope this helps !

1 Like
3

THanks you very much drysdalk for your explanation, your time and support, that is I wanted to understand in detail
by finishing I know there are tons of information about sockets and network traffic, but dou you know a specific link to study in order to understand how web applicattions work in netwoork traffic and socket perspective?

Thanks you once again for your support

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.