Thursday, July 30, 2009

How to Rename Start Button in XP

From: http://digi-soft.blogspot.com/....button-in-xp.html

Posted by Shailendra

You can rename your Windows XP 'start' button through registry or explorer.exe by changing some values. But there is lots of efforts to rename 'start' button through it.


There is a new and simple way to do that without playing with registry or explorer.exe.

A utility called StartBtn Renamer will do it for you.

just download the utility, type the text( you want to give to the start button) in New Lable section and click on 'Rename It!'.

Your 'start' button text has been changed.

Wednesday, July 29, 2009

เรียน AJAX live online ฟรีครับ

  • http://rongrean.com/ajaxRegister.jsp
  • สอนหลายอย่างด้วยแหละไม่ได้มีแค่ AJAX อย่างเดียวอ่ะ
  • มีสอนภาษาอังกฤษด้วยแฮะ
  • ขอบคุณท่านวิทยากรล่วงหน้าครับ

Tuesday, July 28, 2009

Setup ADSL Router TP-LINK

ติดตั้ง ADSL Router ตัวใหม่ แทน ADSL Router TOT ของเดิมเค้า

  • อันนี้เป็นการตั้งค่าให้ ADSL Router TP-LINK
  • ซึ่งตัวที่ใช้อยู่เป็น ADSL Router ของ TOT package gold 3 MB 590 บาท
  • คือ ถ้าใครใช้ก็จะรุ้ว่า router ที่เค้ามีให้เราใช้จะมีแค่ port เดียวสำหรับต่อ LAN (รุ่นที่เป็น wireless router ด้วย เห็นเค้าว่า เสียตังค์ซื้อประมาณ 1500 เหมือนกันแฮะ)
  • เราก็อยากให้ notebook เราใช้ internet ได้ด้วย
  • เลยไปลอง survey ที่ พันธ์ทิพย์ ประตูน้ำ
  • ได้เจอ TP-LINK ที่ร้านๆ หนึ่งตอนแรกว่าจะเอา D-LINK Switch hub น่ะแหละ ไม่มีพอร์ต RJ11 คือเป็น Router ไม่ได้นั่นเอง
  • หรือว่าจะเอา ADSL Router D-LINK ดี อันนี้เค้ารับประกัน 3 ปี
  • คิดไปคิดมา คนขายเค้าแนะนำอีกตัวคือTP-LINK
  • รุ่นเนี๋ย TD-W8901G 54M Wireless ADSL2+ Router
  • เพราะรุ่นเนี๋ยเค้ารับประกันตลอดอายุการใช้งานอ่ะนะ เลยสอยซะเลย
  • ก็ราคาเท่า D-LINK ตัวนั้นเลยอ่ะ จำไม่ได้ความเร็วเท่ากันปะ แต่ได้ประกันตลอดอายุ
  • ราคา 1,500 บาท หน่อยๆ วันก่อนเนี๋ยนะ

TP-LINK รุ่น TD-W8901G 54M Wireless ADSL2+ Router
ก่อนเริ่ม
  • อย่าพึ่งถอด ADSL Router ตัวเดิมออก
  • ให้เราเปิด browser และ เข้าไปดูค่าต่างๆ ไว้ก่อน (ที่แอดเดสบาร์พิมพ์ 192.168.1.1 ) ว่าเค้าตั้งไว้ไงบ้าง ก็อปทุกอย่างที่ขวางหน้า อย่าลืมต่อแลนด์
  • เตรียม username และ password ที่เราต้องได้จากผู้ให้บริการอินเทอร์เน็ตเรา (ISP)

ขั้นตอนก็มีประมาณเนี๋ย

1. เมื่อเราทำการ เสียบสายทุกอย่างเรียบร้อย ให้เราเปิด browser ซักตัว พิมพ์ 192.168.1.1 จะขึ้นหน้าให้กรอก username ใส่เป็น admin และ password ก็ admin เสร็จแล้วจะเข้าหน้าเนี๋ย ให้เรามองหาคำว่า Quick Start คลิกซะ จากนั้นก็ใช้ ค่า default และ Next ไปเรื่อยๆ


2. เลือก time zone ซะ มองหา bangkok ประมาณนี้


3. เลือกประเภทการเชื่อมต่อซึ่งเราใช้ ADSL ก็จะเป็น PPP0E/PPPoA


4. พอมาถึงหน้าเนี๋ย ให้ใส่ username และ password ที่เราได้จาก TOT อ่ะนะ ถ้าลืมก็ลองโทรหา call center เค้าเลย ส่วน VPI ค่าเริ่มต้นจะเป็น 0 ให้เราแก้ใหม่เป็น 1 ส่วน VCI ค่าเริ่มต้นจะเป็น 33 ให้เราแก้ใหม่เป็น 32 และ Connection Type เป็น PPPoE LLC ส่วนค่าที่เราแก้ไขใหม่เนี๋ยได้จากการตรวจสอบตอนเราเข้า 192.168.1.1 ของ ADSL Router ตัวเดิมอ่ะนะ ก็ของเดิมเป็นค่าแบบนี้ ก็ต้องใส่แบบเค้าหรือ จะดูค่าจากเว็บนี้ก็ได้เช่นเดียวกัน เลือก ISP ให้ถูกแค่เนี๋ย หรือ ค่าต่างๆ อยู่ในคู่มือในกล่อง ADSL Router นั่นแหละ


* หรือจะลองถาม call center tot ที่ให้บริการ internet เรื่องค่าต่างๆ ดูเค้าน่าจะช่วยเราได้เหมือนกัน

5. ส่วนตรงนี้เป็นการตั้งค่า Wireless LAN เลือก Autentication Type เป็น WPA2 เนี๋ยแหละ และอย่าลืมใส่ pass key ซะด้วย (PSK ย่อมาจาก Pre-shared Key)


6. จบครับพี่น้อง

Note
  • เท่านี้ลองใช้ดู Notebook (WLAN) จะเล่นเน็ตได้เร็วกว่า PC (LAN) หว่า ไม่แน่ใจคิดไปเองปะ
  • อีกอย่าง ชอบฟังก์ชั่น ใน web base เค้าเยอะดี
  • เมื่อเราทำทุกอย่างโอเค เล่นเน็ตได้ อย่าลืม แก้ password admin เป็นตัวอื่น กันไว้ก่อนโดนมือดี
  • อีกอย่างเห็นมี SNMP ด้วยอย่าลืมไปแก้ pass get และ set ใหม่นะ เพราะค่าเริ่มต้นจะเป็น public ทั้งสองตัวเลย
  • เราสามารถ reset ได้สองแบบ คือ รูด้านหนัง router และ ผ่าน web base ก็ได้เช่นกัน
  • รู้สึกว่าคนที่ใช้เน็ตของ True จะได้ ZyXEL ADSL Router เรามาใช้นะ ดีกว่า TOT อีก
  • อีกอย่างเรื่อง Security ของ WLAN ควรตั้งเป็น WPA2 กันนะ เค้าแนะนำ

Refer

Monday, July 27, 2009

การทำงานในโปรเจค

บทความในบล็อค narisa น่าอ่านมากๆ เลย

ประสบการณ์เล็กๆ ที่อยากแบ่งปัน กับการทำงานในโปรเจค

  • บทความเนี๋ยโดนมากๆ เลย
  • ไม่มี role เป็นทางการ (role ของใครของมันว่างั้น) อันนี้ไม่รุ้จาคุยในทีมยังไงดี
  • การทำงานที่เครียด การไม่มีกระบวนการอะไรเลยในการทำงาน ไม่มีการจัดการโปรเจค
  • แล้วก็มาบอกว่า งานช้า ไม่ได้เรื่อง โอ้วพระเจ้า จอร์จ โอเคยอมรับไม่เถึยงเลยครับพี่น้อง

Friday, July 24, 2009

SSH Key based authentication setup from openSSH to SSH2

From: http://www.thegeekstuff.com/2008/07/ssh-key-based-authentication-setup-from-openssh-to-ssh2/

The previous articles (openSSH to openSSH setup, SSH2 to SSH2 setup) explains about how to setup key based authentication on the same version of ssh to perform ssh and scp without entering password. This article explains how to setup SSH key based authentication between different version of SSH (from openSSH to SSH2) to perform ssh and scp without entering password.

1. Verify the local-host and remote-host SSH version.

In this example, local-host is running on openSSH and remote-host is running on SSH2.

[local-host]$ ssh -V
OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007

[remote-host]$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu
[remote-host]$ ls -l /usr/local/bin/ssh
lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2

2. Generate key-pair on the local-host using ssh-keygen

[local-host]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
3b:2a:d2:ac:8c:71:81:7e:b7:31:21:11:b8:e8:31:ad jsmith@local-host

The public key and private key are typically stored in .ssh folder under your home directory. In this example, it is under /home/jsmith/.sshd. You should not share the private key with anybody.

By default the ssh-keygen on openSSH generates RSA key pair. You can also generate DSA key pair using: ssh-keygen -t dsa command.

3. Convert openSSH public key to SSH2 public key.

On local-host that is running openSSH, convert the openSSH public key to SSH2 public key using ssh-keygen as shown below.

[local-host]$ ssh-keygen -e -f ~/.ssh/id_rsa.pub > ~/.ssh/id_rsa_ssh2.pub

4. Install the public-key on the remote-host that is running SSH2.

Create a new public key file on remote-host and copy paste the converted SSH2 key from the local-host.

[remote-host]$ vi ~/.ssh2/local-host_ssh2_key.pub 
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted from OpenSSH by jsmith@local-host"
DDDDB3NzaC1yc2EAAAABDmbrdomPh9rWfjZ1+7Q369zsBEa7wS1RxzWRQ0Bmr9FSplI
3ADBEBC/6cbdf/v0r6Cp5y5kusP07AOzo2F7MBDSZBtS/MbYJiIxvocoaxG2bQyz3yYjU
YcpzGMD182bnA8kRxmGg+R5pVXM34lx3iSSgd8r3RzZKnDpEvEInnI7pQvUBoEbYCXPUeZ
LQvQAkz6+Pb6SsNp-dop/qgv9qyfbyMz1iKUZGadG146GtanL5QtRwyAeD187gMzzrGzMFP
LWjdzWpGILdZ5gq7wwRpbcXFUskVrS2ZjDe676XlTN1k5QSZmSYUuttDdrjB5SFiMpsre8
a7cQuMS178i9eDBEC==
---- END SSH2 PUBLIC KEY ----

Add the above public key file name to the authorization file on the remote-host as shown below.

[remote-host]$ vi ~/.ssh2/authorization 
Key local-host_ssh2_key.pub

5. Verify the Login from the local-host to remote-host using the SSH2 key authentication.

[local-host]$ ssh -l jsmith remote-host 
The authenticity of host 'local-host' can't be established.
DSA key fingerprint is a5:f6:2e:e6:a9:b2:7b:0e:e7:ae:cb:6c:7b:f5:6d:06.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'local-host' (DSA) to the list of known hosts.
Enter passphrase for key '/home/jsmith/.ssh/id_rsa':
Last login: Sat Jun 21 2008 23:13:00 -0700 from 192.168.1.102
No mail.
[remote-host]$

There are two ways to perform ssh and scp without entering the password:

  1. No passphrase. While creating key pair, leave the passphrase empty. Use this option for the automated batch processing. for e.g. if you are running a cron job to copy files between machines this is suitable option. You can skip the next step steps for this method.
  2. Use passphrase and SSH Agent. If you are using ssh and scp interactively from the command-line and you don’t want to use the password everytime you perform ssh or scp, I don’t recommend the previous option (no passphrase), as you’ve eliminated one level of security in the ssh key based authentication. Instead, use the passphrase while creating the key pair and use SSH Agent to perform ssh and scp without having to enter the password everytime as explained in the steps below.

6. Start the SSH Agent on local-host

The SSH Agent will be running in the background to hold the private keys and perform ssh and scp without having to enter the passphrase several times.

[local-host]$ ssh-agent $SHELL

7. Load the private key to the SSH agent on the local-host.

[local-host]$ ssh-add
Enter passphrase for /home/jsmith/.ssh/id_rsa:
Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)

8. Perform SSH or SCP to remote-home from local-host without entering the password.

[local-host]$

[local-host]$ ssh -l jsmith remote-host
Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102
No mail.

[remote-host]$

Thursday, July 23, 2009

Generate key by Putty

  • ไปดาวน์โหลดโปรแกรมสำหรับสร้าง key ก่อนเลยที่นี่
  • หลังจากนั้นก็เปิดโปรแกรมขึ้นแล้วก็ทำดังนี้




  • ส่วนโปรแกรมสำหรับทำ SSH Server บน windows นั้นที่ใช้ง่ายก็ Bitvise WinSSHD
  • หรือจะใช้ OpenSSH อันนี้ต้องคอนฟิกเพิ่มอีกหน่อย ถึงจา logon ได้
  • pscp -i private.pkk user@remote:file file
  • pscp -i private.pkk file user@remote:path
  • อีกอย่างเรื่อง path การใช้ \ บางทีอาจมีปัญหา
  • เราก็ใช้ \\ แทน หรือใช้แบบ unix เลยก็ได้คือ /
อ้างอิง

Restore File Associations Microsoft Visual Studio 2005


  • ลงโปรแกรมอื่นแล้ว ไฟล์ที่เคยใช้เปิดด้วย vs2005 default กลายเป็นโปรแกรมอื่นซะงั้น
  • เราจะทำให้ vs2005 เป็น default ของโปรแกรมเปิดไฟล์
  • โดยเข้าไปที่ Tools => Options => คลิกที่ Restore File Associations
  • reboot ระบบสักหนึ่งครั้งก็โอเคแหละ

Forgot MySQL Root Password – How To Reset It?

From: http://www.thegeekstuff.com... , By Ramesh Natarajan on July 22, 2009

Forgot your MySQL root user password? Don’t worry. We are here for rescue.

When you tried to login to root without entering a password, you may get ‘Access Denied’ message, as MySQL is expecting a password.

This article explains how to recover mysql root password by setting a new MySQL password when you don’t remember your old one.

When you don’t remember root password and enter a wrong password, you will get the following MySQL error message.

# mysql -u root mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

1. Stop MySQL Server

As a first step, stop the mysql server using one of the following method.

# service mysql stop

(or)

# /etc/rc.d/init.d/mysql stop

2. Add –skip-grant-tables to mysqld_safe Startup Command

Open the mysql startup script and add -skip-grant-tables as shown below.

# vi /etc/rc.d/init.d/mysql

Old Line: $bindir/mysqld_safe --datadir=$datadir --pid-file=$server_pid_file $other_args >/dev/null 2>&1 &

New Line: $bindir/mysqld_safe --skip-grant-tables --datadir=$datadir --pid-file=$server_pid_file $other_args >/dev/null 2>&1 &

3. Start MySQL Server With –skip-grant-tables

Start the mysql server with skip-grant-tables option, which will allow anybody to login to mysql without entering a password.

# service mysql start
Starting MySQL. [ OK ]
[Note: This is using the updated /etc/rc.d/init.d/mysql script]

4. Login Using MySQL Root User Without Entering Password

Since you’ve skipped the grant table, this time when you try to login to mysql, it will not ask for password.

# mysql -u root mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.25-rc-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

[Note: MySQL did not ask for any password]

5. Set MySQL Root Password to a New Password Using UPDATE Command

Follow the strong password rules while setting new password for the mysql root account.

mysql> UPDATE user SET password=PASSWORD('newpassword') WHERE user='root';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql>

6. Stop the MySQL Server

Stop the mysql server using one of the following method.

# service mysql stop

(or)

# /etc/rc.d/init.d/mysql stop

7. Update /etc/rc.d/init.d/mysql Startup Script and Remove –skip-grant-table

Open the mysql startup script and remove –skip-grant-tables as shown below.

# vi /etc/rc.d/init.d/mysql

Old Line: $bindir/mysqld_safe --skip-grant-tables --datadir=$datadir --pid-file=$server_pid_file $other_args >/dev/null 2>&1 &

New Line: $bindir/mysqld_safe --datadir=$datadir --pid-file=$server_pid_file $other_args >/dev/null 2>&1 &

8. Start MySQL Server

Start the mysql server without the skip-grant-tables option. This time mysql will ask for password when someone tries to login.

# service mysql start
Starting MySQL. [ OK ]

9. Login to MySQL With the New Password

Login to mysql root account with the new password.

# mysql -u root -pnewpassword
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.25-rc-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Tuesday, July 21, 2009

Authenticating By Public Key (OpenSSH)

  • try by ssh client is ubuntu 9.04 Desktop and ssh server is ubuntu 9.04 Server
  • everythin ok no problem
By Daniel J. Barrett, Richard Silverman, Robert G. Byrnes
Courtesy of O'Reilly
Article Date: 2003-07-07

SSH is a protocol for secure, remote logins and file copying; and OpenSSH, provided with most Linux distributions, is its most popular implementation. This recipe, selected from Chapter 6 on "Protecting Outgoing Network Connections," shows you how to use public-key authentication to prove your identity to a remote OpenSSH server, a technique more secure than using login passwords.

Problem

You want to set up public-key authentication between an OpenSSH client and an OpenSSH server.

Solution

  1. Generate a key if necessary:

    $ mkdir -p ~/.ssh  If it doesn't already exist
    $ chmod 700 ~/.ssh
    $ cd ~/.ssh
    $ ssh-keygen -t dsa

  2. Copy the public key to the remote host:

    $ scp -p id_dsa.pub remoteuser@remotehost:
    Password: ********

  3. Log into the remote host and install the public key:

    $ ssh -l remoteuser remotehost
    Password: ********
    remotehost$ mkdir -p ~/.ssh If it doesn't already exist
    remotehost$ chmod 700 ~/.ssh
    remotehost$ cat id_dsa.pub >> ~/.ssh/authorized_keys (Appending)
    remotehost$ chmod 600 ~/.ssh/authorized_keys
    remotehost$ mv id_dsa.pub ~/.ssh Optional, just to be organized
    remotehost$ logout

  4. Log back in via public-key authentication:

    $ ssh -l remoteuser remotehost
    Enter passphrase for key '/home/smith/.ssh/id_dsa': ********

Tip

OpenSSH public keys go into the file ~/.ssh/authorized_keys. Older versions of OpenSSH, however, require SSH-2 protocol keys to be in ~/.ssh/authorized_keys2.

Discussion

Public-key authentication lets you prove your identity to a remote host using a cryptographic key instead of a login password. SSH keys are more secure than passwords because keys are never transmitted over the network, whereas passwords are (albeit encrypted). Also, keys are stored encrypted, so if someone steals yours, it's useless without the passphrase for decrypting it. A stolen password, on the other hand, is immediately usable.

An SSH "key" is actually a matched pair of keys stored in two files. The private or secret key remains on the client machine, encrypted with a passphrase. The public key is copied to the remote (server) machine. When establishing a connection, the SSH client and server perform a complex negotiation based on the private and public key, and if they match (in a cryptographic sense), your identity is proven and the connection succeeds.

To set up public-key authentication, first create an OpenSSH key pair, if you don't already have one:

$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/smith/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): *******
Enter same passphrase again: *******
Your identification has been saved in id_dsa
Your public key has been saved in id_dsa.pub.
The key fingerprint is: 76:00:b3:e8:99:1c:07:9b:84:af:67:69:b6:b4:12:17
smith@mymachine

Copy the public key to the remote host using password authentication:

$ scp ~/.ssh/id_dsa.pub remoteuser@remotehost:
Password: *********
id_dsa.pub 100% |*****************************| 736 00:03


Log into the remote host using password authentication:

$ ssh -l remoteuser remotehost
Password: ********

If your local and remote usernames are the same, you can omit the -l remoteuser part and just type ssh remotehost.

On the remote host, create the ~/.ssh directory if it doesn't already exist and set its mode appropriately:

remotehost$ mkdir -p ~/.ssh
remotehost$ chmod 700 ~/.ssh


Then append the contents of id_dsa.pub to ~/.ssh/authorized_keys:

remotehost$ cat id_dsa.pub >> ~/.ssh/authorized_keys    (Appending)
remotehost$ chmod 600 ~/.ssh/authorized_keys


Log out of the remote host and log back in. This time you'll be prompted for your key passphrase instead of your password:

$ ssh -l remoteuser remotehost
Enter passphrase for key '/home/smith/.ssh/id_dsa': *******


and you're done! If things aren't working, rerun ssh with the -v option (verbose) to help diagnose the problem.

The SSH server must be configured to permit public-key authentication, which is the default:

/etc/ssh/sshd_config:
PubkeyAuthentication yes If no, change it and restart sshd

SSH-2 Key File Formats

The two major implementations of SSH-OpenSSH and SSH Secure Shell ("SSH2")-use different file formats for SSH-2 protocol keys. (Their SSH-1 protocol keys are compatible.) OpenSSH public keys for the SSH-2 protocol begin like this:


ssh-dss A9AAB3NzaC1iGMqHpSCEliaouBun8FF9t8p...

or:


ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA3DIqRox...

SSH Secure Shell public keys for the SSH-2 protocol look like this:


---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1kc3MAAACBAM4a2KKBE6zhPBgRx4q6Dbjxo5hXNKNWYIGkX/W/k5PqcCH0J6 ...
---- END SSH2 PUBLIC KEY ----

These keys are installed differently too. For OpenSSH, you insert your public keys into the file ~/.ssh/authorized_keys. For SSH Secure Shell, you copy your public key files into the directory ~/.ssh2 and reference them in the file ~/.ssh2/authorization by name:


Key public_key_filename

As for private keys, OpenSSH has no special requirements for installation, but SSH Secure Shell does. You must reference them in the file ~/.ssh2/identification by name:


IdKey private_key_filename


Excerpt first appeared at linux.oreilly.net

About the Author:
The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax. cover

Note
  • ถ้า ssh server เป็น windows ที่ลง winsshd เราสามารถสร้าง public key ด้วย linux แล้วนำ public key add เข้าไปผ่าน control panel ของ winsshd ง่ายๆ และต้องให้ private และ public key อยู่ใน .ssh ฝั่ง client เสมอ จำไว้
  • ทำให้เราสามารถ login จาก linux เข้า windows โดยใช้ public key authen ระหว่าง ubuntu 9.04 desktop กับ server 2003 ที่ลง winsshd ไม่มีปัญหาอาไร
  • อีกอย่างได้ทำการทดสอบโดยสร้าง user ใหม่บน ubuntu server แล้วนำ authorized_keys และ public key ของ user ที่ได้เปิด authen public key ไว้ก่อนหน้า แล้วเปลี่ยน user@host ที่อยู่ต่อท้าย public key เป็นชื่อ user ใหม่นั้นแล้วก็ output public key ที่แก้ user@host ไปทับ authorized_keys ทดสอบ logon เข้า user ใหม่ก็สามารถ authen public key ไม่มีปัญหาแม้ user ใหม่ที่ได้สร้าง บน server จะไม่มี user นั้นทางฝั่ง client เพราะ private key อยู่ใน .ssh ของ user ที่ authen public key ก่อนหน้านี้
  • สรุปคือไม่จำเป็นต้องมี user เหมือนกันก็ได้ เช่น server มีแค่ user1 เราเพิ่ม authorized_keys และ public key ไว้ที่ .ssh ของ user1 ทาง client เรา ไม่มี user1 เลยเรามีแค่ private key ใน .ssh ของ user2 เราก็สามารถ authen public key user1 บน server จาก user2 ทางฝั่ง client ของเราได้
  • อีกอย่าง .ssh ถ้าไม่มีใน home ของ user เราสามารถสร้างเองได้เลย
  • ส่วน private key ฝั่ง client นั้น เราต้อง cd /home/user/.ssh เข้าไปสร้าง private , public key ของแต่ละ user จะอันเดียวกัน ทำไม่ได้อ่ะ (คือ ทำไม่เป็นอ่ะนะ ยกเว้น root ไม่เห็นต้องสร้าง private key และ public key เลยอ่ะ เหมือนกับว่าจะไปใช้ของ user อื่นเค้าซะงั้น เพราะ ตอนอยู่ใน สถานะ root สามารถ logon authen public key เข้า root บน server ได้เฉยเลยหว่า)
  • ย้ำอีกรอบ เรื่อง private และ public key ฝั่ง client ต้องอยู่ใน .ssh ด้วยกันทั้งคู่ และ upload เฉพาะ public key ขึ้นไปทำ authorized_keys เท่านั้น private key ไม่ต้องให้ใครรู้
  • สุดท้ายแหละ .ssh ของ root บน server ให้เราสร้าง /root/.ssh อ่ะนะ เพราะนี่คือ home ของ root
Instruction
  • แนะนำถ้าต้องการทำ authen public key ทั้ง client และ server ควรมี user ที่ชื่อเดียวกัน
  • home บน windows xp, 2003 จาอยู่ที่ C:\Documents and Settings\User
  • ส่วน home ของ vista น่าจะอยู่ที่ C:\Users\User
สรุปการ authen public key ระหว่าง openssh client และ openssh server
  • cd เข้าไป /home/user/.ssh
  • สร้าง key ด้วย ssh-keygen -t dsa เราจะได้ private และ public key
  • นำ public key ขึ้นไปบน server ที่ /home/user/.ssh แล้วทำการสร้าง authorized_keys โดยเพิ่มข้อมูลของ public key ที่เรานำขึ้นไปใน authorized ไฟล์ โดยให้ทั้งสองไฟล์อยู่ folder อันเดียวกัน
  • ทดสอบ logon จาก client ด้วย ssh user@remotehost
  • server เป็น winsshd ก็ทำได้เช่นกัน แต่การเพิ่ม public key จะทำอีกแบบ

เพิ่มเติม
  • ถ้า server มีการเปลี่ยน password การ authen ผ่าน public key ก็มีปัญหาเหมือนกันแฮะ
  • เพราะ ก่อนใช้ public key authen เราต้องใส่รหัสผ่าน ครั้งแรก เสมอ

From

Monday, July 20, 2009

Remote Desktop into windows system

  • โปรแกรมสำหรับ remote desktop windows บน ubuntu
  • sudo aptitude install rdesktop
  • ตัวอย่างการใช้งานเปิด terminal พิมพ์ rdesktop 192.168.1.6
  • ขอความช่วยเหลือ man rdesktop
  • option -f สำหรับ full screen mode rdesktop -f 192.168.1.6
  • exit full screen by CTRL-ALT-ENTER
  • อันนี้อ้างอิงบน ubuntu 9.04 อ่ะนะ


  • เค้ามี gui ด้วยนะ ติดตั้งโดย aptitude install gnome-rdp
  • ตัวนี้สามารถใช้เป็น SSH, VNC Client ได้ด้วยแหละ
  • เมื่อติตตั้งเสร็จโปรแกรมจะอยู่ใน applications => internet => Gnome-RDP
  • เราสามารถปรับแต่งค่าต่างๆ สำหรับการ remote โดยเข้าไปที่ properties เค้า
  • แต่เราต้องสร้าง connection ก่อนนะ ถึงจะปรับค่า properties ได้


Reference

Sunday, July 19, 2009

HP Compaq notebook

Untiny URL

Add public key to WinSSHD

  • เพิ่ม public key ให้ ssh server
  • ในที่นี้ใช้ bitvise winssh ทำ ssh server
  • เพื่อทำการ remote authen by public key

ขั้นตอนเพิ่ม public key ให้ WinSSHD 4.27

1. เปิด WinSSHD Control Panel ไปที่ Settings คลิกที่ Edit/view settings...

2. ทางด้านขวาคลิก windows account ซึ่งอยู่ภายใต้ Access control ส่วนทางด้านซ้ายคลิก Add (WinSSHD เวอร์ชั่น 3 จะมีหน้าตาต่างกันนิดหน่อย)

3. ที่ Windows account domain ใส่เป็น hostname ของเครื่องที่ติดตั้ง WinSSHD นั่นแหละ หรือ ตรวจสอบผ่าน cmd โดยพิมพ์ hostname ก็ได้เหมือนกัน (อย่าใส่เป็น localhost เด็ดขาด เพราะ จะ authen ด้วย public key ไม่ได้) ที่ Windows account name ให้เราใส่ชื่อ user ในระบบที่เพราะเราจะ remote ด้วย user นี้อ่ะ สุดท้ายคลิกที่ Public key ซึ่งจะเป็น link อ่ะ คลิกเลย

4. คลิกที่ Import

5. ไปยังพาธที่มี public key ในที่นี้ชื่อ mykey.pub เลือกแล้วคลิก Open ซะ

6. ก็จะมีการ public key ขึ้นใน list ของ user นี้แหละ

7. สังเกตุที่ทางด้านขวาใกล้ Public key จะขึ้นเลข 1 แหละ ซึ่งก่อนหน้านี้จะเป็นเลข 0

8. คลิก Start ได้เลย

Tip
  • ในขณะที่ winsshd ทำงานอยู่เราสามารถเพิ่ม public key ให้ user
  • ได้โดยไม่ต้อง stop แล้ว start ใหม่
  • winsshd เวอร์ชั่น 3 จะไม่มี windows account นะ มีแค่ Accounts และจะไม่มีให้เพิ่ม windows account domain และ windows account name หว่า จะมีแค่ Accounts และ จะไม่มี public key ให้เราคลิก จะมีแค่ประมาณ 0 key
  • ซึ่งถ้า public key นี้ไม่มี passphrase key ตอน logon จะไม่มีให้ใส่ passphrase key แต่ถ้าตอนสร้าง key มีการกรอก passphrase key ตอนเรา remote เราต้องกรอก passphrase key ด้วย
  • ซึ่งเราสามารถแก้ไม่ต้องกรอก passphrase key ด้วย ssh agent

Note
  • แต่ตอนนี้หาวิธีเพิ่ม private key บน ssh client ubuntu อยู่
  • ส่วนเพิ่ม public key บน openssh บน linux และ windows ก็ยังทำไม่เป็นหว่า - -'
  • เราสามารถสร้าง public และ private key ด้วย Secure Shell จากเครื่องหนึ่ง แล้วนำสองไฟล์นี้ไปใช้กับอีกเครื่องที่ลง Secure Shell ก็สามารถ ทำได้เช่นกัน แจ่มมากๆ

Reference

Generate key by Secure Shell Client

  • สร้าง private และ public key ไว้สำหรับใช้ authen ด้วย public key
  • ด้วย Secure Shell Client
ขั้นตอนการสร้าง Key โดย Secure Shell Client

1. เปิด Secure Shell Client ขึ้นมาก่อนเลย จากนั้นไปที่เมนู Edit => Settings


2. ที่ Settings ด้านซ้ายเลือก Keys ที่อยู่ใต้ User Authentication ส่วนทางด้านขวาคลิกที่ Generate New... อ่ะนะ

3. คลิก Next


4. เลือกการเข้ารหัส แบบ DSA หรือ RSA ในที่นี้เลือกเป็น DSA และความยาวของ key ยิ่งมากยิ่งดีมั้ง แต่ในที่นี้ขอเลือกเป็น 2048 และ คลิก next


5. รอเค้าสร้าง key อยู่


6. สร้างเสร็จเราก็คลิก Next ได้


7. ตั้งชื่อสำหรับ file ในที่นี้ตั้งเป็น mykey ส่วน comment จะใส่ หรือ ไม่ใส่ก็ได้ Passphrase ใส่ก็ได้ไม่ใส่ก็ได้ ในที่นี้ขอเลือกไม่ใส่ (ถ้าเราใส่ passphrase ต้องจำไว้ด้วยเพราะเราจะใช้ authen แทนรหัสผ่านของ user ที่เราทำการ remote) และ คลิก Next


8. ในที่นี้ไม่ได้ทำการใส่ passphrase จะมีการยืนยันอีกรอบ ว่าเราไม่ต้องการใช้ passphrase คลิก Yes


9. คลิก Finish


10. เราจะเห็น mykey ใน list นี้ เราก็ไปเลือกที่ mykey แล้วก็คลิก Export...


11. เลือก path ที่เราจะวาง private และ public key


12. เราก็จะได้ mykey (private key) และ mykey.pub


13. เราสามารถนำ mykey.pub ไปวางบน ssh server และเราจะก็จะสามารถ authen ด้วย public key ที่เราสร้างได้แหละ

Tip
  • เราสามารถสร้างด้วย Secure Shell Client ด้วยคำสั่ง
  • C:\Program Files\SSH Communications Security\SSH Secure Shell\ssh-keygen2.exe
  • ระวังอย่าให้ไฟล์ mykey (private key) ไปอยู่ในมือคนอื่น เพราะถ้าเค้าได้ private key นี้ไปและรู้เครื่อง server เครื่องที่ใช้ public key ที่คู่กับ private key นี้เค้าก็จะ logon ได้โดยไม่ต้องใส่อาไร เพราะ ตอนเราสร้าง เราไม่ได้ระบุ passphrase key
  • ป้องกันโดยการใส่ passphrase key ในตอนสร้าง key ซึ่งเราให้เวลาเรา logon เราต้องใส่ passphrase key ในการ logon ด้วย แต่เราสามารถแก้ปัญหาเรื่องนี้ได้คือ passphrase and SSH Agent
งง
  • ทำไมบางที่ เมื่อเราทำการเพิ่ม public key ให้ ssh server (WinSSHD)
  • เมื่อเราทำการ remote จาก client ที่สร้าง key ผลกับบอกว่า WinSSHD license มีปัญหาอาไรสักอย่างเนี๋ยแหละ (ref winsshd 4.2x) หรือ ประมาณหมดอายุ อาไรประมาณนี้อ่ะ
  • พอเอา public key บน winsshd ออก client ก็ใส่รหัสผ่าน และ remote ได้ปกติ งงอย่างแรง
  • สงสัย option เนี๋ย เราจะทำอาไรผิดไปสักอย่าง หรือ มีปัญหากับตัว gen key หรือ winsshd งง
  • ไม่รู้สาเหตุจริงๆ หรือ option เนี๋ยจะหมดอายุ ^^' มั่วไปเรื่อย

Saturday, July 18, 2009

Show databases and tables in MSSQL

  • MySQL use show databases and show tables
  • so MSSQL use ?
Select [Name] From Master..Sysdatabases
select name from ..sysobjects where xtype = 'U';

or

select name from sys.databases
use database
select name from sys.tables
อ้างอิง

Add secure shell support to Windows with OpenSSH

From: http://articles.techrepublic.com.com/5100-10878_11-5034453.html

If you want to remotely access your Windows 2000 server, you can do so several different ways, including making quick command-line connections using Telnet. The problem with Telnet is that it’s a very unsecure connection, easily monitored and attacked by hackers. Linux and UNIX administrators have long enjoyed the benefits of secure remote command-line connections using Secure Shell (SSH). Now you can bring this simplicity and safety to your Windows 2000 server by using OpenSSH. In this Daily Drill Down, I’ll show you how it works.

What’s OpenSSH for Windows?
Network Simplicity created OpenSSH for Windows as a freeware Windows port of SSH. Network Simplicity shut down its support of OpenSSH for Windows in November 2002, but it was such a useful product that Michael Johnson, a student at Claremont McKenna College, took up the source code for OpenSSH and continued working on it. Network Simplicity’s last version of OpenSSH for Windows was 3.4-3. At the time of this article, Michael’s current version is 3.5p1-3, although he’s currently working on version 3.6.

Although you may doubt the security of a product created by a college student, OpenSSH for Windows 3.5p1-3 builds on the freely available OpenSSH code supplied by Network Simplicity and others. You can obtain original source code directly from the OpenSSH Web site and Cygwin, but the work is already done for you by Michael and it all works well.

Acquiring OpenSSH for Windows
You can download OpenSSH from the Clermont McKenna College Web site. The file you need, openssh35-20030324.zip, is about 3 MB long, so it will download very quickly. After the download completes, you’ll find that the OpenSSH for Windows version 3.5p1-3 is enclosed in a ZIP file. The ZIP file contains two files: setupssh35-20030324.exe, the Setup program for OpenSSH, and setupssh35-20030324.exe.asc, which is just a checkfile.
Editor’s note
The author currently uses a filename/date naming structure for his downloads. Therefore, you can check to make sure you have the latest release of OpenSSH by checking the name of the download file against the one you previously downloaded.

Pre-flight checks
Before you install OpenSSH for Windows, you should be aware that the server side component is only intended to run on Windows NT, Windows 2000, and Windows XP. There are cases documented on the Internet in which people have been able to make the server-side component work under Windows 98 and Windows ME, but such operation isn’t supported.

Another point to consider before you begin is that the OpenSSH software is designed to use the same port as CYGWIN. If your server has CYGWIN installed and you try to run it along side of OpenSSH, then OpenSSH will attempt to use the existing CYGWIN environment instead of the environment that it is intended to use. The end result is chaos, mass destruction, and all kinds of other nasty side effects. To put it bluntly, you really don’t want to use OpenSSH on a machine that’s already running CYGWIN.

While writing this article, I installed OpenSSH on several machines. I found that on a couple of Windows XP Professional machines, I received a message stating that CYGWIN was already installed on the machine. In each case, the message was incorrect. When such a message is displayed, you’ll see a registry location displayed that supposedly hosts the CYGWIN software. If you don’t recall ever installing CYGWIN on the machine and the specified registry location doesn’t exist, then it’s a pretty safe bet that the error message was incorrect.

Installing OpenSSH for Windows
You begin the setup process by running setupssh35-20030324.exe. The first thing you’ll see is a Welcome screen, which explains that the software is available as freeware. This screen also mentions that if you have previously installed another version of OpenSSH on Windows, you must cancel the Setup wizard, make a backup of your configuration files, uninstall the old version, and then install the current version.

If you click next, you’ll see the License Agreement, which contains the full OpenSSH license. Read it and click I Agree to continue.

Once you get past the informational screens, you’ll be asked whether you want to install the client components or the server components, as seen in Figure A. For the purposes of this article, I’ll be installing both. If you want, you can install only the server components on your server and the client component only on your administration workstation.

Figure A
You can install server and/or client components on your server.


After selecting which modules to install, you’ll see the Start Menu Folder screen. Here you’ll specify the Start Menu folder where Setup will copy the OpenSSH icons. Click Next to go on.

Next, Setup copies all of the necessary files. When the installation process completes, you’ll see a warning message stating that prior to using OpenSSH, you must edit the C:\Program Files\OpenSSH\etc\passwd file. Otherwise, you won’t be able to log in through the SSH server. The message goes on to say that you can find editing instructions in either the README.TXT or in the QUICKSTART.TXT files. You can also learn more about key pair based authentication by reading the KEY_AUTHENTICATION.TXT file.

When the SETUP.EXE program runs, a few things happen in the background. First, SETUP.EXE runs a program in the background called SSH-KEYGEN. This program creates the host keys needed for server operations. In addition, the installation program will use a program called Cygrunsrv to create a service called OpenSSHd. This service controls the OpenSSH server component.

Once the installation process completes, you must reboot the system. You'll never actually see a message prompting you for a reboot, but OpenSSH won’t work right unless you do so. If you attempt to work with OpenSSH without rebooting the server first, authentication will either fail completely or the connection may drop immediately after authentication. However, before you reboot your server, don’t forget the warning you saw during Setup that told you to modify your passwords.

Creating passwords
The PASSWD file is located in the ETC sub folder, just as is the case in a UNIX environment. You can modify the file by using the MKPASSWD or the MKGROUP programs, located in the \Program Files\OpenSSH\BIN folder. Unfortunately, both of these utilities are command-line based and need a little explaining.

The simpler of the two utilities is the MKGROUP utility. The MKGROUP utility is used to add Windows groups to the PASSWD file. You may use the utility to add either local groups or domain groups. The syntax differs only slightly, depending on which you’re adding. The –L switch is used to designate local groups, while the –D switch designates domain groups.

Unfortunately, the MKGROUP utility doesn’t allow you to specify which groups that you want to add to the PASSWD file. Therefore, if you want to grant SSH access on a group basis, you’ll have to use the MKGROUP utility to add all of the available groups to the PASSWD file, and then edit the file to remove the groups that you don’t want.

Before I show you the syntax, there is something important that you need to know. The commands I’m about to show you are literal. They are not abbreviations for longer commands. I spent three hours trying to figure out how the MKGROUP command worked because I incorrectly assumed that the >> ..etcgroup portion of the command was an abbreviation for C:\Program Files\OpenSSH\etc\group. What happens, though, is that C:\Program Files\OpenSSH is imbedded in the registry as the installation location. Therefore, the MKGROUP and the MKPASSWD commands both pull this location from the registry and require you only to specify the \etc folder and the filename (group for MKGROUP or passwd for MKPASSWD). The >> .. portion of the command is also mandatory and represents a literal expression.

To add groups, navigate to the \Program Files\OpenSSH\BIN folder and enter one of the following two commands:
MKGROUP –L >> ..etcgroup
MKGROUP –D >> ..etcgroup

There’s no reason that you can’t add domain and local groups to the group file. If you do, however, remember that there will be some duplicate groups, and you’ll have to use a text editor such as Notepad to open the file and delete the duplicates. Of course, there will probably be other groups that you will want to delete anyway so that you don’t give SSH access to your entire organization.

Adding users with the MKPASSWD command is just as tricky as adding groups with the MKGROUP command. To use the MKPASSWD command, you must open a Command Prompt window and navigate to C:\Program Files\OpenSSH\BIN. Next, enter the MKPASSWD command followed by several switches. First you must specify either –L or –D to indicate either local or domain. Next, you must specify the –U switch to indicate that you are working with a user object.

What happens next depends on whether you’ve selected a local user or a domain user. If you’ve entered a local user or a user from the primary domain, you’ll enter a username. If, however, you’re adding a user from a trusted domain, you’ll enter the user name followed by the domain name. The command is completed by entering:
>> ..\etc\passwd

Once again, this is a literal expression, not an abbreviation for the full path. Below are some literal examples of how to use the command:

Local User:
MKPASSWD –L –U username >> ..\etc\passwd

Domain User:
MKPASSWD –D –U username >> ..\etc\passwd

Using the server with the OpenSSH client
Once you’ve got your users and groups configured, it’s time to test your server. The best way of doing so is to install the OpenSSH client software on another machine, then use that software to connect with your OpenSSH Server. There are three primary utilities that can be used for attaching to the server: SSH, SCP, and SFTP.

SSH
The SSH utility is a client program that’s designed to allow a user to log in to a remote machine and execute commands. This utility is designed to replace the UNIX commands RLOGIN and RSH. Unfortunately, it easily would be possible to write an entire article on the SSH command because the command is so complex. Because of space limitations, I will just show you how to use the SSH command to establish a connection to the server.

Begin by opening a Command Prompt window and navigating to the C:\Program Files\OpenSSH\BIN folder. Next, enter the SSH command followed by the user name, the @ symbol, and the server name. For example, if you were trying to attach the Administrator to a server named Bart, you’d enter this command:
SSH Administrator@bart

If this is the first time that you’ve attached the machine to the specified server and you haven’t already made the client aware of the server’s RSA key fingerprint, then you’ll see a message indicating that the server’s authenticity can’t be verified. You’ll then see the server’s RSA fingerprint ID, and will be asked if you want to attach anyway. If you choose to connect, the RSA fingerprint will be added to the list of known hosts. You will then be prompted for the user’s password. After entering the password, you’re authenticated into the system. Below, you can see a sample of what the process looks like:
D:\Program Files\OpenSSH\bin>ssh user15@bart
The authenticity of host 'bart (147.100.100.50)' can't be established.
RSA key fingerprint is d6:3f:ce:eb:ba:65:61:b7:9f:97:e3:1a:5d:bc:00:8b.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'bart,147.100.100.50' (RSA) to the list of known hosts.
user15@bart's password:

SCP
SCP is a secure copy program. It can be used to copy files between the local machine and a remote host, or between two remote hosts. SCP uses SSH for the data transfers, and therefore relies on the same authentication and the same security techniques. You can copy a file to a remote host by using the following command:
SCP source_file user@server_name:destination/path/filename

Likewise, you can copy a file from a remote host to a local host with this command:
SCP user@server_name:source/path/filename local_file_name

These commands are not literal. Instead, words like path, filename, and server name refer to the actual names of those objects. A literal example of the command might look something like this:
SCP user1@bart:source/test.txt test.txt

SFTP
SFTP is a secure version of the FTP protocol. Like SCP, SFTP is also based on SSH and, therefore, uses SSH authentication and security. The biggest difference between SFTP and SCP is that while SCP expects you to specify the filename and path to be used, SFTP is interactive. In fact, you can launch an SFTP session with a server by simply entering this command:
SFTP user@server_name

For example, you might enter SFTP user1@bart.

Potential security risks
As I mentioned earlier, OpenSSH is based on many of the same technologies as CYGWIN. Unfortunately, CYGWIN relies on shared memory spaces on the server that are completely unprotected. This unprotected memory space represents a major security hole, since someone could theoretically alter the contents of the shared memory space in a way that grants them an unauthorized access level or in a way that crashes the server.

Obviously, it sounds a bit strange to talk about security holes caused by a product that’s designed to make your server more secure. According to the README.TXT file that comes with it, OpenSSH is secure as long as only trusted users are allowed to use it. The only way that the insecure memory area can be accessed is by someone who connected to the server through an OpenSSH session. Therefore, if you allow only users that you trust to use OpenSSH, then this theoretically shouldn’t be a problem.

Network Simplicity recommends allowing only administrators, not end users, to use OpenSSH. They also suggest that OpenSSH shouldn’t be used in environments in which security is a top priority. The README.TXT file goes on to say however, that the only questionable part of the OpenSSH product is the CYGWIN subsystem. OpenSSH itself is supposedly secure and Network Simplicity claims that it will prevent unwanted users from logging in.

Safe and secure (?)
During the course of testing and writing about OpenSSH, I ran into numerous problems with the software. Although I never experienced any fatal errors, I found many of the commands to be extremely confusing, and ran into problems with the installation software telling me that a machine had CYGWIN installed when it really didn’t. However, if you need to make secure connections to your Windows 2000 server and want to use the Secure Shell to do so, OpenSSH is the way to go.



Summary step by step by jui

Step 1: download openssh for windows from http://sshwindows.sourceforge.net/download/ installer file for windows os

Step 2: install it both ssh server and client follow above picture

Step 3: after install succeded windows will be add "C:\Program Files\OpenSSH\bin" to system path automatic

Step 4: befor start opensshd type follow command (it create file group and passwd in etc folder)

Under local group (recommend local)
mkgroup –l >> ../etc/group
mkpasswd -l -u username >> ../etc/passwd

Under domain group
mkgroup -d >> ../etc/group
mkpasswd -d -u username >> ../etc/passwd

Step 5: start openssh server by command

net start opensshd or sc start opensshd

Step 6: sample command ssh protocol
ssh user@host
sftp user@host
scp user@host:file file
Tips

  • if forget step 4 when you start ssh server and remote to this server it can't log on this server so must don't forget step 4
This picture remote by Secure Shell GUI

Note
  • i can't connect use secure shell gui connect to file transfer (sftp)
  • but can use sftp remote by command line no problem oh why that.
  • these related problem link 1 and link 2 and link 3
  • and last note i can not start opensshd on vista sp2 i can't understand why.

Friday, July 17, 2009

SSH Client in GFTP (SFTP Protocol)

ใช้ GFTP เข้าถึง sftp ได้ด้วยแฮะ
  • ปกติใช้แต่ ssh user@host หรือ sftp user@host แล้วก็ใช้คำสั่ง ftp get put file เอง
  • อยากหา gui ที่ช่วยให้ put และ get file ง่ายๆ บน ubuntu ผ่าน ssh (sftp) เพราะรู้สึกว่า ftp จะธรรมดาเกินไป (อันตรายเกินไป เพราะ อยากจะ sftp แบบ schedule task (crond) อ่ะนะ) ^^'
  • เขียนเกี่ยวกับเรื่องนี้ อยู่จำได้ว่า ตอนนั้นไม่เข้าใจอาไรเลย เขียนไป ลอกเค้ามาว่างั้น
  • แต่พึ่งรู้ว่า gftp ใช้ sftp ได้ด้วยแฮะ ^^'
  • ก็ไม่ค่อยได้ใช้ ftp client ใช้แต่ plugin fireFTP ของ FF อ่ะนะ เลยไม่รู้อาไรกะเค้าเลย



  • เขียนเกี่ยวกับเรื่อง sftp แล้วก็บันทึก scp จาก linux ไป windows server ซะหน่อย
  • คือบน server 2003 ลง เปิด 22 ssh server ไว้อ่ะนะ
  • เลยทดลอง up file จาก linux ไปที่ server 2003 ด้วย scp ดูผลปรากฏว่าใช้ได้แฮะ
  • แต่ต้องกรอกพาสหว่า กำลังหาวิธีให้ไม่ต้องกรอกพาสอยุ่เห็นเค้าว่า ให้ก๊อป public key ssh ไปที่เครื่องที่จะ remote จะทำให้ใช้ ssh ,sftp และ scp แบบไม่ต้องกรอกพาสได้หว่า แต่ยังไม่ได้ลอง ต้องไปลองแหละ
  • ทิปเล็กน้อยถ้าต้อง upload folder หรือ files (มากกว่า 1 ไฟล์) คำแนะนำคือ zip ก่อน upload น่าจะดีเราสามารถ zip ด้วย tar หรือ 7za ก็แจ่ม
  • ตัวอย่างด้านล่างอันแรกเป็นการ upload file ขึ้นไปบน linux server บรรทัดสอง upload ขึ้นไปยัง windows server ที่เป็น ssh server แหละ
SSH (client program):
ssh <user@servername>

SCP (file copy):
scp <localfilename> <user@servername>:<destinationdirectory>
or
scp <user@servername>:<remotefilename> <localfilename>
or
scp <user@servername>:<remotefilename> <user@otherservername>:<destinationdirectory>

SFTP (ftp):
sftp <user@servername>

Example:

Copy file from local to remote:
scp file1 administrator@222.111.222.2:/home/jui/Desktop/folder1/

Copy file from remote to local:
administrator@222.111.222.2:/home/jui/Desktop/folder1/file1 file2

Windows pattern:
scp file1 administrator@222.111.222.2:D:/folder1/
scp file1 administrator@222.111.222.2:/D:/folder1/
บทความที่เกี่ยวข้อง

Wednesday, July 15, 2009

Installing VS 2005 SP1 on Vista






อ้างอิง

ระวัง!!! ช่องโหว่ร้ายแรงใน Firefox 3.5

ที่มา: http://www.arip.co.th/news.php?id=409474

[เอ.อาร์.ไอ.พี, www.arip.co.th] รายงานข่าวจากบล็อกซีดีเน็ตระบุว่า พบช่องโหว่ร้ายแรงสูงสุด (Highly Critical) ในบราวเซอร์ไฟร์ฟอกซ์ 3.5 (Firefox 3.5) โดยมีการปล่อยโค้ดอันตรายที่ใช้ช่องโหว่ดังกล่าวออกมาแล้วเมื่อวันจันทร์ที่ ผ่านมา ทางด้านโมซิลล่า (Mozilla) กำลังอยู่ในระหว่างการเร่งแก้ไขข้อบกพร่องของการทำงานดังกล่าว

หน่วยงานแจ้งเตือนภาวะฉุกเฉินของ ระบบคอมพิวเตอร์ในสหรัฐ (US-CERT) ประกาศเตือนเมื่อวันอังคารที่ผ่านมาว่า พบช่องโหว่ในบราวเซอร์ไฟร์ฟอกซ์ 3.5 ซึ่งเปิดโอกาสให้ผู้บุกรุกสามารถสั่งรันโค้ดอันตรายในเครื่องคอมพิวเตอร์ ผ่านทางอินเทอร์เน็ตได้ ทั้งนี้โค้ดโปรแกรมที่พิสูจน์ทราบการใช้ช่องโหว่ดังกล่าวได้ถูกโพสต์ขึ้นไป บนเน็ตเมื่อวันจันทร์ที่ผ่านมาในเว็บไซต์ Milw0rm.com และดูเหมือนว่า มันเริ่มมีการโจมตีด้วยช่องโหว่นี้แล้ว

ช่อง โหว่ดังกล่าวถูกพบโดย Simon Berry-Byrne ซึ่งเปิดเผยว่า มันเกี่ยวข้องกับวิธีการทำงานของ JavaScript ใน Firefox 3.5 ทางด้านโมซิลล่าได้รับทราบช่องโหว่ดังกล่าวเป็นที่เรียบร้อยแล้ว และกำลังทดสอบการแก้ไขช่องโหว่ดังกล่าว "สำหรับการใช้ช่องโหว่นี้ ผู้บุกรุกจะหลอกให้เหยื่อเข้าไปเยี่ยมชมเว็บเพจที่ฝังโค้ดอันตรายไว้ อย่างไรก็ตาม ช่องโหว่ดังกล่าว สามารถป้องกันในเบื้องต้นได้ด้วยการยกเลิก JIT ในกลไกการทำงานของ JavaScript ซึ่งขั้นตอนมีดังนี้

  1. เปิด Firefox 3.5 ในช่อง location พิมพ์คำสั่ง about:config
  2. พิมพ์คำว่า jit เข้าไปในช่อง Filter ที่อยู่ด้านบนของส่วนแก้ไขคอนฟิก
  3. ดับเบิ้ลคลิ้กบนบรรทัดที่มีข้อความว่า "javascript.options.jit.content" เพื่อตั้งค่าให้เป็น False

อีกวิธีหนึ่งก็คือ ติดตั้ง NoScript plug-in ซึ่งจะยกเลิก (disable) การทำงานของ javaScript ทั้งหมดในบราวเซอร์

Secunia บริษัทผู้เชี่ยวชาญระบบรักษาความปลอดภัยในเดนมาร์ก จัดระดับความรุนแรงของช่องโหว่นี้เป็น "Highly Critical" พร้อมทั้งตั้งข้อสังเกตว่า Firefox เวอร์ชันเก่าอาจจะได้รับผลกระทบจากช่องโหว่นี้ด้วย ส่วนทางด้านบริษัท F-Secure ในฟินแลนด์ กล่าวว่า Exploit Shield ซอฟต์แวร์รักษาความปลอดภัยของตนสามารถป้องกันการใช้ช่องโหว่นี้ได้

List of TCP and UDP port numbers

From: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

From Wikipedia, the free encyclopedia

Jump to: navigation, search

In computer networking, the protocols of the Transport Layer of the Internet Protocol Suite, most notably the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), but also other protocols, use a numerical identifier for the data structures of the endpoints for host-to-host communications. Such an endpoint is known as a port and the identifier is the port number. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[1]

Contents

[hide]

[edit] Table legend

Color coding of table entries

Official Port/application combination is registered with IANA
Unofficial Port/application combination is not registered with IANA
Conflict Port is in use for multiple applications

[edit] Well-known ports: 0–1023

Port Description Status
0/TCP,UDP Reserved Official
1/TCP,UDP TCP Port Service Multiplexer Official
2/TCP,UDP Management Utility Official
3/TCP,UDP Compression Process Official
5/TCP,UDP Remote Job Entry Official
7/TCP,UDP Echo Official
9/TCP,UDP Discard Official
11/TCP,UDP Active Users Official
13/TCP,UDP DAYTIME - (RFC 867) Official
17/TCP,UDP Quote of the Day Official
18/TCP,UDP Message Send Protocol Official
19/TCP,UDP Character Generator Official
20/TCP FTP - data Official
21/TCP FTP—control (command) Official
22/TCP,UDP Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding Official
23/TCP Telnet protocol—unencrypted text communications Official
25/TCP Simple Mail Transfer Protocol (SMTP)—used for e-mail routing between mail servers Official
35/TCP,UDP Any private printer server protocol Official
35/TCP,UDP QMS Magicolor 2 printer server protocol Unofficial
37/TCP,UDP TIME protocol Official
39/TCP,UDP Resource Location Protocol[2] (RLP)—used for determining the location of higher level services from hosts on a network Official
41/TCP,UDP Graphics Official
42/TCP,UDP nameserver, ARPA Host Name Server Protocol Official
42/TCP,UDP WINS Unofficial
43/TCP WHOIS protocol Official
49/TCP,UDP TACACS Login Host protocol Official
52/TCP,UDP XNS (Xerox Network Services) Time Protocol Official
53/TCP,UDP Domain Name System (DNS) Official
54/TCP,UDP XNS (Xerox Network Services) Clearinghouse Official
55/TCP,UDP ISI-GL (ISI Graphics Language) Unofficial
56/TCP,UDP XNS (Xerox Network Services) Authentication Official
56/TCP,UDP RAP (Route Access Protocol)[3] Unofficial
57/TCP MTP, Mail Transfer Protocol Unofficial
58/TCP,UDP XNS (Xerox Network Services) Mail Official
67/UDP Bootstrap Protocol (BOOTP) Server; also used by Dynamic Host Configuration Protocol (DHCP) Official
68/UDP Bootstrap Protocol (BOOTP) Client; also used by Dynamic Host Configuration Protocol (DHCP) Official
69/UDP Trivial File Transfer Protocol (TFTP) Official
70/TCP Gopher protocol Official
79/TCP Finger protocol Official
80/TCP,UDP Hypertext Transfer Protocol (HTTP) Official
81/TCP TorparkOnion routing Unofficial
82/UDP Torpark—Control Unofficial
83/TCP MIT ML Device Official
88/TCP,UDP Kerberos—authentication system Official
90/TCP,UDP dnsix (DoD Network Security for Information Exchange) Securit Attribute Token Map Official
90/TCP,UDP Pointcast Unofficial
101/TCP NIC host name Official
102/TCP ISO-TSAP (Transport Service Access Point) Class 0 protocol[4] Official
104/TCP,UDP ACR/NEMA Digital Imaging and Communications in Medicine Official
107/TCP Remote TELNET Service[5] protocol Official
109/TCP Post Office Protocol 2 (POP2) Official
110/TCP Post Office Protocol 3 (POP3) Official
111/TCP,UDP Sun Remote Procedure Call Official
113/UDP ident—user identification system, used by IRC servers to identify users Official
113/TCP,UDP Authentication Service (auth) Official
115/TCP Simple File Transfer Protocol (SFTP) Official
117/TCP UUCP Path Service Official
118/TCP,UDP SQL (Structured Query Language) Services Official
119/TCP Network News Transfer Protocol (NNTP)—used for retrieving newsgroup messages Official
123/UDP Network Time Protocol (NTP)—used for time synchronization Official
135/TCP,UDP DCE endpoint resolution Official
135/TCP,UDP Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service[6], used to remotely manage services including DHCP server, DNS server and WINS Unofficial
137/TCP,UDP NetBIOS NetBIOS Name Service Official
138/TCP,UDP NetBIOS NetBIOS Datagram Service Official
139/TCP,UDP NetBIOS NetBIOS Session Service Official
143/TCP,UDP Internet Message Access Protocol (IMAP)—used for retrieving, organizing, and synchronizing e-mail messages Official
152/TCP,UDP Background File Transfer Program (BFTP)[7] Official
153/TCP,UDP SGMP, Simple Gateway Monitoring Protocol Official
156/TCP,UDP SQL Service Official
158/TCP,UDP DMSP, Distributed Mail Service Protocol Unofficial
161/TCP,UDP Simple Network Management Protocol (SNMP) Official
162/TCP,UDP Simple Network Management Protocol Trap (SNMPTRAP)[8] Official
170/TCP Print-srv, Network PostScript Official
177/TCP,UDP X Display Manager Control Protocol (XDMCP) Official
179/TCP BGP (Border Gateway Protocol) Official
194/TCP,UDP IRC (Internet Relay Chat) Official
199/TCP,UDP SMUX, SNMP Unix Multiplexer Official
201/TCP,UDP AppleTalk Routing Maintenance Official
209/TCP,UDP The Quick Mail Transfer Protocol Official
213/TCP,UDP IPX Official
218/TCP,UDP MPP, Message Posting Protocol Official
220/TCP,UDP IMAP, Interactive Mail Access Protocol, version 3 Official
259/TCP,UDP ESRO, Efficient Short Remote Operations Official
264/TCP,UDP BGMP, Border Gateway Multicast Protocol Official
311/TCP Mac OS X Server Admin (officially AppleShare IP Web administration) Official
308/TCP Novastor Online Backup Official
318/TCP,UDP PKIX TSP, Time Stamp Protocol Official
323/TCP,UDP IMMP, Internet Message Mapping Protocol Unofficial
350/TCP,UDP MATIP-Type A, Mapping of Airline Traffic over Internet Protocol Official
351/TCP,UDP MATIP-Type B, Mapping of Airline Traffic over Internet Protocol Official
366/TCP,UDP ODMR, On-Demand Mail Relay Official
369/TCP,UDP Rpc2portmap Official
371/TCP,UDP ClearCase albd Official
383/TCP,UDP HP data alarm manager Official
384/TCP,UDP A Remote Network Server System Official
387/TCP,UDP AURP, AppleTalk Update-based Routing Protocol Official
389/TCP,UDP Lightweight Directory Access Protocol (LDAP) Official
401/TCP,UDP UPS Uninterruptible Power Supply Official
402/TCP Altiris, Altiris Deployment Client Unofficial
411/TCP Direct Connect Hub Unofficial
412/TCP Direct Connect Client-to-Client Unofficial
427/TCP,UDP Service Location Protocol (SLP) Official
443/TCP,UDP Hypertext Transfer Protocol over TLS/SSL (HTTPS) Official
444/TCP,UDP SNPP, Simple Network Paging Protocol (RFC 1568) Official
445/TCP Microsoft-DS Active Directory, Windows shares Official
445/UDP Microsoft-DS SMB file sharing Official
464/TCP,UDP Kerberos Change/Set password Official
465/TCP Cisco protocol Unofficial
465/TCP SMTP over SSL Unofficial
475/TCP tcpnethaspsrv (Hasp services, TCP/IP version) Official
497/TCP Dantz Retrospect Official
500/UDP Internet Security Association and Key Management Protocol (ISAKMP) Official
502/TCP,UDP Modbus, Protocol Unofficial
504/TCP,UDP Citadel - multiservice protocol for dedicated clients for the Citadel groupware system Official
510/TCP First Class Protocol Unofficial
512/TCP Rexec, Remote Process Execution Official
512/UDP comsat, together with biff Official
513/TCP Login Official
513/UDP Who Official
514/TCP Shell—used to execute non-interactive commands on a remote system Official
514/UDP Syslog—used for system logging Official
515/TCP Line Printer Daemon—print service Official
517/UDP Talk Official
518/UDP NTalk Official
520/TCP efs, extended file name server Official
520/UDP Routing—RIP Official
524/TCP,UDP NCP (NetWare Core Protocol) is used for a variety things such as access to primary NetWare server resources, Time Synchronization, etc. Official
525/UDP Timed, Timeserver Official
530/TCP,UDP RPC Official
531/TCP,UDP AOL Instant Messenger, IRC Unofficial
532/TCP netnews Official
533/UDP netwall, For Emergency Broadcasts Official
540/TCP UUCP (Unix-to-Unix Copy Protocol) Official
542/TCP,UDP commerce (Commerce Applications) Official
543/TCP klogin, Kerberos login Official
544/TCP kshell, Kerberos Remote shell Official
546/TCP,UDP DHCPv6 client Official
547/TCP,UDP DHCPv6 server Official
548/TCP Apple Filing Protocol (AFP) over TCP Official
550/UDP new-rwho, new-who Official
554/TCP,UDP Real Time Streaming Protocol (RTSP) Official
556/TCP Remotefs, RFS, rfs_server Official
560/UDP rmonitor, Remote Monitor Official
561/UDP monitor Official
563/TCP,UDP NNTP protocol over TLS/SSL (NNTPS) Official
587/TCP e-mail message submission[9] (SMTP) Official
591/TCP FileMaker 6.0 (and later) Web Sharing (HTTP Alternate, also see port 80) Official
593/TCP,UDP HTTP RPC Ep Map, Remote procedure call over Hypertext Transfer Protocol, often used by Distributed Component Object Model services and Microsoft Exchange Server Official
604/TCP TUNNEL profile[10], a protocol for BEEP peers to form an application layer tunnel Official
623/UDP ASF Remote Management and Control Protocol (ASF-RMCP) Official
631/TCP,UDP Internet Printing Protocol (IPP) Official
636/TCP,UDP Lightweight Directory Access Protocol over TLS/SSL (LDAPS) Official
639/TCP,UDP MSDP, Multicast Source Discovery Protocol Official
641/TCP,UDP SupportSoft Nexus Remote Command (control/listening): A proxy gateway connecting remote control traffic Official
646/TCP,UDP LDP, Label Distribution Protocol, a routing protocol used in MPLS networks Official
647/TCP DHCP Failover protocol[11] Official
648/TCP RRP (Registry Registrar Protocol)[12] Official
652/TCP DTCP, Dynamic Tunnel Configuration Protocol Unofficial
653/TCP,UDP SupportSoft Nexus Remote Command (data): A proxy gateway connecting remote control traffic Official
654/TCP AODV (Ad-hoc On-demand Distance Vector) Official
655/TCP IEEE MMS (IEEE Media Management System)[13][14] Official
657/TCP,UDP IBM RMC (Remote monitoring and Control) protocol, used by System p5 AIX Integrated Virtualization Manager (IVM)[15] and Hardware Management Console to connect managed logical partitions (LPAR) to enable dynamic partition reconfiguration Official
660/TCP Mac OS X Server administration Official
665/TCP sun-dr, Remote Dynamic Reconfiguration Unofficial
666/UDP Doom, first online first-person shooter Official
674/TCP ACAP (Application Configuration Access Protocol) Official
691/TCP MS Exchange Routing Official
692/TCP Hyperwave-ISP Official
694/UDP Linux-HA High availability Heartbeat Unofficial
695/TCP IEEE-MMS-SSL (IEEE Media Management System over SSL)[16] Official
698/UDP OLSR (Optimized Link State Routing) Official
699/TCP Access Network Official
700/TCP EPP (Extensible Provisioning Protocol), a protocol for communication between domain name registries and registrars (RFC 4934) Official
701/TCP LMP (Link Management Protocol (Internet))[17], a protocol that runs between a pair of nodes and is used to manage traffic engineering (TE) links Official
702/TCP IRIS[18][19] (Internet Registry Information Service) over BEEP (Blocks Extensible Exchange Protocol)[20] (RFC 3983) Official
706/TCP SILC, Secure Internet Live Conferencing Official
711/TCP Cisco TDP, Tag Distribution Protocol[21][22][23]—being replaced by the MPLS Label Distribution Protocol[24] Official
712/TCP TBRPF, Topology Broadcast based on Reverse-Path Forwarding routing protocol (RFC 3684) Official
712/UDP Promise RAID Controller Unofficial
720/TCP SMQP, Simple Message Queue Protocol Unofficial
749/TCP,UDP Kerberos administration Official
750/TCP rfile Official
750/UDP loadav Official
750/UDP kerberos-iv, Kerberos version IV Official
751/TCP,UDP pump Official
751/TCP,UDP kerberos_master, Kerberos authentication Unofficial
752/TCP qrh Official
752/UDP qrh Official
752/UDP userreg_server, Kerberos Password (kpasswd) server Unofficial
753/TCP Reverse Routing Header (rrh)[25] Official
753/UDP Reverse Routing Header (rrh) Official
753/UDP passwd_server, Kerberos userreg server Unofficial
754/TCP tell send Official
754/TCP krb5_prop, Kerberos v5 slave propagation Unofficial
754/UDP tell send Official
760/TCP,UDP ns Official
760/TCP,UDP krbupdate [kreg], Kerberos registration Unofficial
782/TCP Conserver serial-console management server Unofficial
783/TCP SpamAssassin spamd daemon Unofficial
829/TCP CMP (Certificate Management Protocol) Unofficial
843/TCP Adobe Flash socket policy server Unofficial
860/TCP iSCSI (RFC 3720) Official
873/TCP rsync file synchronisation protocol Official
888/TCP cddbp, CD DataBase (CDDB) protocol (CDDBP)—unassigned but widespread use Unofficial
901/TCP Samba Web Administration Tool (SWAT) Unofficial
901/TCP, UDP VMware Virtual Infrastructure Client (UDP from server being managed to management console) Unofficial
902/TCP VMware Server Console (TCP from management console to server being Managed) Unofficial
902/UDP VMware Server Console (UDP from server being managed to management console) Unofficial
904/TCP VMware Server Alternate (if 902 is in use, i.e. SUSE linux) Unofficial
911/TCP Network Console on Acid (NCA)—local tty redirection over OpenSSH Unofficial
953/TCP,UDP Domain Name System (DNS) RDNC Service Official
981/TCP SofaWare Technologies Remote HTTPS management for firewall devices running embedded Check Point FireWall-1 software Unofficial
989/TCP,UDP FTPS Protocol (data): FTP over TLS/SSL Official
990/TCP,UDP FTPS Protocol (control): FTP over TLS/SSL Official
991/TCP,UDP NAS (Netnews Administration System) Official
992/TCP,UDP TELNET protocol over TLS/SSL Official
993/TCP Internet Message Access Protocol over SSL (IMAPS) Official
995/TCP Post Office Protocol 3 over TLS/SSL (POP3S) Official
999/TCP ScimoreDB Database System Unofficial
1001/TCP JtoMB Unofficial
1023/TCP,UDP Reserved[1] Official

[edit] Registered ports: 1024–49151

Only those ports that are commonly used are listed; for full list, refer to the IANA port list.[1]

When investigating TCP traffic, be careful not to confuse the client and server ports. The client port is incremental, typically beginning at 1024 at boot time and wrapping at 4096. If the port you are investigating is in the lower part of this range, it may be a client port. Stateful firewalls identify the server port, but packet sniffers and stateless firewalls do not. For example, a packet sniffer showing a TCP packet with source port 1080 and destination port 1494 might be either the SOCKetS or Citrix Independent Computing Architecture (ICA) protocols. The only way to know for sure is to examine the initial TCP handshake.

With UDP, client port selection depends on the application and may be incremental, fixed to a nonsensical value, or fixed equal to the server port.

Port Description Status
1024/TCP,UDP Reserved[1] Official
1025/TCP NFS-or-IIS Unofficial
1026/TCP Often utilized by Microsoft DCOM services Unofficial
1029/TCP Often utilized by Microsoft DCOM services Unofficial
1058/TCP,UDP nim, IBM AIX Network Installation Manager (NIM) Official
1059/TCP,UDP nimreg, IBM AIX Network Installation Manager (NIM) Official
1080/TCP SOCKS proxy Official
1085/TCP,UDP WebObjects Official
1098/TCP,UDP rmiactivation, RMI Activation Official
1099/TCP,UDP rmiregistry, RMI Registry Official
1109/TCP,UDP Reserved[1] Official
1109/TCP Kerberos Post Office Protocol (KPOP) Unofficial
1111/UDP EasyBits School network discovery protocol (for Intel's CMPC platform) Unofficial
1140/TCP,UDP AutoNOC protocol Official
1167/UDP phone, conference calling Unofficial
1169/TCP,UDP Tripwire Official
1176/TCP Perceptive Automation Indigo Home automation server Official
1182/TCP,UDP AcceleNet Intelligent Transfer Protocol Official
1194/TCP,UDP OpenVPN Official
1198/TCP,UDP The cajo project Free dynamic transparent distributed computing in Java Official
1200/TCP scol, protocol used by SCOL 3D virtual worlds server to answer world name resolution client request[26] Official
1200/UDP scol, protocol used by SCOL 3D virtual worlds server to answer world name resolution client request Official
1200/UDP Steam Friends Applet Unofficial
1214/TCP Kazaa Official
1220/TCP QuickTime Streaming Server administration Official
1223/TCP,UDP TGP, TrulyGlobal Protocol, also known as "The Gur Protocol" (named for Gur Kimchi of TrulyGlobal) Official
1234/UDP VLC media player Default port for UDP/RTP stream Unofficial
1236/TCP Symantec BindView Control UNIX Default port for TCP management server connections Unofficial
1241/TCP,UDP Nessus Security Scanner Official
1248/TCP NSClient/NSClient++/NC_Net (Nagios) Unofficial
1270/TCP,UDP Microsoft System Center Operations Manager (SCOM) (formerly Microsoft Operations Manager (MOM)) agent Official
1293/TCP,UDP IPSec (Internet Protocol Security) Official
1311/TCP Dell Open Manage HTTPS Unofficial
1313/TCP Xbiim (Canvii server) Unofficial
1337/TCP PowerFolder P2P Encrypted File Synchronization Program Unofficial
1337/TCP WASTE Encrypted File Sharing Program Unofficial
1352/TCP IBM Lotus Notes/Domino Remote Procedure Call (RPC) protocol Official
1387/TCP,UDP cadsi-lm, LMS International (formerly Computer Aided Design Software, Inc. (CADSI)) LM Official
1414/TCP IBM WebSphere MQ (formerly known as MQSeries) Official
1417/TCP,UDP Timbuktu Service 1 Port Official
1418/TCP,UDP Timbuktu Service 2 Port Official
1419/TCP,UDP Timbuktu Service 3 Port Official
1420/TCP,UDP Timbuktu Service 4 Port Official
1431/TCP Reverse Gossip Transport Protocol (RGTP), used to access a General-purpose Reverse-Ordered Gossip Gathering System (GROGGS) bulletin board, such as that implemented on the Cambridge University's Phoenix system Official
1433/TCP Microsoft SQL Server database management system Server Official
1434/UDP Microsoft SQL Server database management system Monitor Official
1494/TCP Citrix XenApp Independent Computing Architecture (ICA) thin client protocol Official
1500/TCP NetGuard GuardianPro firewall (NT4-based) Remote Management Unofficial
1501/UDP NetGuard GuardianPro firewall (NT4-based) Authentication Client Unofficial
1503/TCP,UDP Windows Live Messenger (Whiteboard and Application Sharing) Unofficial
1512/TCP,UDP Microsoft Windows Internet Name Service (WINS) Official
1521/TCP nCube License Manager Official
1521/TCP Oracle database default listener, in future releases official port 2483 Unofficial
1524/TCP,UDP ingreslock, ingres Official
1526/TCP Oracle database common alternative for listener Unofficial
1533/TCP IBM Sametime IM—Virtual Places Chat Microsoft SQL Server Official
1547/TCP,UDP Laplink Official
1550 Gadu-Gadu (direct client-to-client) Unofficial
1581/UDP MIL STD 2045-47001 VMF Official
1589/UDP Cisco VQP (VLAN Query Protocol) / VMPS Unofficial
1645/TCP,UDP radius/radacct, RADIUS authentication protocol (default for Cisco and Juniper Networks RADIUS servers) Unofficial
1627 iSketch Unofficial
1677/TCP,UDP Novell GroupWise clients in client/server access mode Official
1701/UDP Layer 2 Forwarding Protocol (L2F) & Layer 2 Tunneling Protocol (L2TP) Official
1716/TCP America's Army Massively multiplayer online role-playing game (MMORPG) Unofficial
1723/TCP,UDP Microsoft Point-to-Point Tunneling Protocol (PPTP) Official
1725/UDP Valve Steam Client Unofficial
1755/TCP,UDP Microsoft Media Services (MMS, ms-streaming) Official
1761/TCP,UDP cft-0 Official
1761/TCP Novell Zenworks Remote Control utility Unofficial
1762–1768/TCP,UDP cft-1 to cft-7 Official
1812/TCP,UDP radius, RADIUS authentication protocol Official
1813/TCP,UDP radacct, RADIUS accounting protocol Official
1863/TCP MSNP (Microsoft Notification Protocol), used by the .NET Messenger Service and a number of Instant Messaging clients Official
1900/UDP Microsoft SSDP Enables discovery of UPnP devices Official
1920/TCP IBM Tivoli Monitoring Console (https) Unofficial
1935/TCP Adobe Systems Macromedia Flash Real Time Messaging Protocol (RTMP) "plain" protocol Official
1970/TCP,UDP Danware NetOp Remote Control Official
1971/TCP,UDP Danware NetOp School Official
1972/TCP,UDP InterSystems Caché Official
1975–1977/UDP Cisco TCO (Documentation) Official
1984/TCP Big Brother—network monitoring tool Official
1985/UDP Cisco HSRP Official
1994/TCP,UDP Cisco STUN-SDLC (Serial Tunneling—Synchronous Data Link Control) protocol Official
1998/TCP,UDP Cisco X.25 over TCP (XOT) service Official
2000/TCP,UDP Cisco SCCP (Skinny) Official
2001/UDP CAPTAN Test Stand System Unofficial
2002/TCP Secure Access Control Server (ACS) for Windows Unofficial
2030 Oracle Services for Microsoft Transaction Server Unofficial
2031/TCP,UDP mobrien-chat—obsolete (ex-http://www.mobrien.com) Official
2041/TCP Mail.Ru Agent communication protocol Unofficial
2049/UDP Network File System Official
2049/UDP shilp Official
2053/UDP lot105-ds-upd Lot105 DSuper Updates Official
2053/TCP lot105-ds-upd Lot105 DSuper Updates Official
2053/TCP knetd Kerberos de-multiplexor Unofficial
2056/UDP Civilization 4 multiplayer Unofficial
2073/TCP,UDP DataReel Database Official
2074/TCP,UDP Vertel VMF SA (i.e. App.. SpeakFreely) Official
2082/TCP Infowave Mobility Server Official
2082/TCP CPanel default Unofficial
2083/TCP Secure Radius Service (radsec) Official
2083/TCP CPanel default SSL Unofficial
2086/TCP GNUnet Official
2086/TCP WebHost Manager default Unofficial
2087/TCP WebHost Manager default SSL Unofficial
2095/TCP CPanel default Web mail Unofficial
2096/TCP CPanel default SSL Web mail Unofficial
2102/TCP,UDP zephyr-srv Project Athena Zephyr Notification Service server Official
2103/TCP,UDP zephyr-clt Project Athena Zephyr Notification Service serv-hm connection Official
2104/TCP,UDP zephyr-hm Project Athena Zephyr Notification Service hostmanager Official
2105/TCP,UDP IBM MiniPay Official
2105/TCP,UDP eklogin Kerberos encrypted remote login (rlogin) Unofficial
2105/TCP,UDP zephyr-hm-srv Project Athena Zephyr Notification Service hm-serv connection (should use port 2102) Unofficial
2144/TCP Iron Mountain LiveVault Agent UnOfficial
2145/TCP Iron Mountain LiveVault Agent UnOfficial
2161/TCP APC Agent Official
2181/TCP,UDP EForward-document transport system Official
2190/UDP TiVoConnect Beacon Unofficial
2200/UDP Tuxanci game server[27] Unofficial
2210/TCP,UDP NOAAPORT Broadcast Network Official
2210/TCP MikroTik Remote management for "The Dude" Unofficial
2211/TCP,UDP EMWIN Official
2211/TCP MikroTik Secure management for "The Dude" Unofficial
2212/TCP,UDP LeeCO POS Server Service Official
2212/TCP Port-A-Pour Remote WinBatch Unofficial
2219/TCP,UDP NetIQ NCAP Protocol Official
2220/TCP,UDP NetIQ End2End Official
2222/TCP DirectAdmin default Unofficial
2222/UDP Microsoft Office OS X antipiracy network monitor [1] Unofficial
2301/TCP HP System Management Redirect to port 2381 Unofficial
2302/UDP ArmA multiplayer (default for game) Unofficial
2302/UDP Halo: Combat Evolved multiplayer Unofficial
2303/UDP ArmA multiplayer (default for server reporting) (default port for game +1) Unofficial
2305/UDP ArmA multiplayer (default for VoN) (default port for game +3) Unofficial
2369/TCP Default for BMC Software CONTROL-M/Server—Configuration Agent, though often changed during installation Official
2370/TCP Default for BMC Software CONTROL-M/Server—to allow the CONTROL-M/Enterprise Manager to connect to the CONTROL-M/Server, though often changed during installation Official
2381/TCP HP Insight Manager default for Web server Unofficial
2401/TCP CVS version control system Unofficial
2404/TCP IEC 60870-5-104, used to send electric power telecontrol messages between two systems via directly connected data circuits Official
2420/UDP Westell Remote Access Official
2427/UDP Cisco MGCP Official
2447/TCP,UDP ovwdb—OpenView Network Node Manager (NNM) daemon Official
2483/TCP,UDP Oracle database listening for unsecure client connections to the listener, replaces port 1521 Official
2484/TCP,UDP Oracle database listening for SSL client connections to the listener Official
2546/TCP,UDP EVault—Data Protection Services Unofficial
2593/TCP,UDP RunUO—Ultima Online server Unofficial
2598/TCP new ICA—when Session Reliability is enabled, TCP port 2598 replaces port 1494 Unofficial
2612/TCP,UDP QPasa from MQSoftware Official
2700-2800/TCP KnowShowGo P2P Official
2710/TCP XBT Bittorrent Tracker Unofficial
2710/UDP XBT Bittorrent Tracker experimental UDP tracker extension Unofficial
2710/TCP Knuddels.de Unofficial
2713/TCP,UDP Raven Trinity Broker Service Official
2714/TCP,UDP Raven Trinity Data Mover Official
2735/TCP,UDP NetIQ Monitor Console Official
2809/TCP corbaloc:iiop URL, per the CORBA 3.0.3 specification Official
2809/TCP IBM WebSphere Application Server (WAS) Bootstrap/rmi default Unofficial
2809/UDP corbaloc:iiop URL, per the CORBA 3.0.3 specification. Official
2944/UDP Megaco Text H.248 Unofficial
2945/UDP Megaco Binary (ASN.1) H.248 Unofficial
2948/TCP,UDP WAP-push Multimedia Messaging Service (MMS) Official
2949/TCP,UDP WAP-pushsecure Multimedia Messaging Service (MMS) Official
2967/TCP Symantec AntiVirus Corporate Edition Unofficial
3000/TCP Miralix License server Unofficial
3000/UDP Distributed Interactive Simulation (DIS), modifiable default Unofficial
3001/TCP Miralix Phone Monitor Unofficial
3002/TCP Miralix CSTA Unofficial
3003/TCP Miralix GreenBox API Unofficial
3004/TCP Miralix InfoLink Unofficial
3005/TCP Miralix TimeOut Unofficial
3006/TCP Miralix SMS Client Connector Unofficial
3007/TCP Miralix OM Server Unofficial
3017/TCP Miralix IVR and Voicemail Unofficial
3025/TCP netpd.org Unofficial
3030/TCP,UDP NetPanzer Unofficial
3050/TCP,UDP gds_db (Interbase/Firebird) Official
3051/TCP AMS (Agency Management System) Unofficial
3074/TCP,UDP Xbox LIVE and/or Games for Windows - LIVE Official
3100/TCP HTTP used by Tatsoft as the default listen port Unofficial
3101/TCP Blackberry Enterprise Server communcation to cloud Unofficial
3128/TCP HTTP used by Web caches and the default for the Squid cache Unofficial
3128/TCP HTTP used by Tatsoft as the default client connection Unofficial
3225/TCP,UDP FCIP (Fiber Channel over Internet Protocol) Official
3233/TCP,UDP WhiskerControl research control protocol Official
3260/TCP,UDP iSCSI target Official
3268/TCP,UDP msft-gc, Microsoft Global Catalog (LDAP service which contains data from Active Directory forests) Official
3269/TCP,UDP msft-gc-ssl, Microsoft Global Catalog over SSL (similar to port 3268, LDAP over SSL) Official
3283/TCP Apple Remote Desktop reporting (officially Net Assistant, referring to an earlier product) Official
3299/TCP SAP-Router (routing applicaton proxy for SAP R/3) Unofficial
3300/TCP TripleA game server Unofficial
3305/TCP,UDP odette-ftp, Odette File Transfer Protocol (OFTP) Official
3306/TCP,UDP MySQL database system Official
3333/TCP Network Caller ID server Unofficial
3386/TCP,UDP GTP' 3GPP GSM/UMTS CDR logging protocol Official
3389/TCP Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT) Official
3396/TCP,UDP Novell NDPS Printer Agent Official
3455/TCP,UDP [RSVP] Reservation Protocol Official
3423/TCP Xware xTrm Communication Protocol Official
3424/TCP Xware xTrm Communication Protocol over SSL Official
3478/TCP,UDP STUN, a protocol for NAT traversal Official
3483/UDP Slim Devices discovery protocol Official
3483/TCP Slim Devices SlimProto protocol Official
3532/TCP,UDP Raven Remote Management Control Official
3533/TCP,UDP Raven Remote Management Data Official
3544/UDP Teredo tunneling Unofficial
3632/TCP distributed compiler Official
3689/TCP Digital Audio Access Protocol (DAAP)—used by Apple’s iTunes and AirPort Express Official
3690/TCP,UDP Subversion version control system Official
3702/TCP,UDP Web Services Dynamic Discovery (WS-Discovery), used by various components of Windows Vista Official
3723/TCP,UDP Used by many Battle.net Blizzard games (Diablo II, Warcraft II, Warcraft III, StarCraft) Unofficial
3724/TCP,UDP World of Warcraft Online gaming MMORPG Unofficial
3724/TCP Club Penguin Disney online game for kids Unofficial
3784/TCP,UDP Ventrilo VoIP program used by Ventrilo Unofficial
3785/UDP Ventrilo VoIP program used by Ventrilo Unofficial
3868/TCP,SCTP Diameter base protocol (RFC 3588) Official
3872/TCP Oracle Management Remote Agent Unofficial
3899/TCP Remote Administrator Unofficial
3900/TCP udt_os, IBM UniData UDT OS[28] Official
3945/TCP,UDP EMCADS service, a Giritech product used by G/On Official
3978/UDP OpenTTD game serverlist masterserver Unofficial
3979/TCP,UDP OpenTTD game Unofficial
4000/TCP,UDP Diablo II game Unofficial
4007/TCP PrintBuzzer printer monitoring socket server Unofficial
4018/TCP,UDP protocol information and warnings Official
4069/UDP Minger Email Address Verification Protocol[29] Official
4089/TCP,UDP OpenCORE Remote Control Service Official
4093/TCP,UDP PxPlus Client server interface ProvideX Official
4096/TCP,UDP Bridge-Relay Element ASCOM Official
4100 WatchGuard Authentication Applet—default Unofficial
4111/TCP Xgrid Official
4125/TCP Microsoft Remote Web Workplace administration Unofficial
4226/TCP,UDP Aleph One (game) Unofficial
4224/TCP Cisco Audio Session Tunneling Unofficial
4321/TCP Referral Whois (RWhois) Protocol[30] Official
4500/UDP IPSec NAT Traversal (RFC 3947) Official
4534/UDP Armagetron Advanced default server port Unofficial
4569/UDP Inter-Asterisk eXchange Unofficial
4610-4640/TCP QualiSystems TestShell Suite Services Unofficial
4662/TCP,UDP OrbitNet Message Service Official
4662/TCP often used by eMule Unofficial
4664/TCP Google Desktop Search Unofficial
4664/TCP Default for Unica's Campaign Listener, though often changed during installation Unofficial
4672/UDP eMule—often used Unofficial
4747/TCP Apprentice Unofficial
4750/TCP BladeLogic Agent Unofficial
4840/TCP,UDP OPC UA TCP Protocol for OPC Unified Architecture from OPC Foundation Official
4843/TCP,UDP OPC UA TCP Protocol over TLS/SSL for OPC Unified Architecture from OPC Foundation Official
4847/TCP,UDP Web Fresh Communication, Quadrion Software & Odorless Entertainment Official
4993/TCP,UDP Home FTP Server web Interface Default Port
4894/TCP,UDP LysKOM Protocol A Official
4899/TCP,UDP Radmin remote administration tool (program sometimes used by a Trojan horse) Official
5000/TCP commplex-main Official
5000/TCP UPnP—Windows network device interoperability Unofficial
5000/TCP,UDP VTunVPN Software Unofficial
5001/TCP commplex-link Official
5001/TCP,UDP Iperf (Tool for measuring TCP and UDP bandwidth performance) Unofficial
5001/TCP Slingbox and Slingplayer Unofficial
5003/TCP,UDP FileMaker Official
5004/TCP,UDP,DCCP RTP (Real-time Transport Protocol) media data (RFC 3551, RFC 4571) Official
5005/TCP,UDP,DCCP RTP (Real-time Transport Protocol) control protocol (RFC 3551, RFC 4571) Official
5031/TCP,UDP AVM CAPI-over-TCP (ISDN over Ethernet tunneling) Unofficial
5050/TCP Yahoo! Messenger Unofficial
5051/TCP ita-agent Symantec Intruder Alert[31] Official
5060/TCP,UDP Session Initiation Protocol (SIP) Official
5061/TCP Session Initiation Protocol (SIP) over TLS Official
5093/UDP SPSS (Statistical Package for the Social Sciences) License Administrator Unofficial
5104/TCP IBM Tivoli Framework NetCOOL/Impact[32] HTTP Service Unofficial
5106/TCP A-Talk Common connection Unofficial
5107/TCP A-Talk Remote server connection Unofficial
5110/TCP ProRat Server Unofficial
5121/TCP Neverwinter Nights Unofficial
5151/TCP ESRI SDE Instance Official
5151/UDP ESRI SDE Remote Start Official
5154/TCP,UDP BZFlag Official
5176/TCP ConsoleWorks default UI interface Unofficial
5190/TCP ICQ and AOL Instant Messenger Official
5222/TCP Extensible Messaging and Presence Protocol (XMPP, Jabber) client connection (RFC 3920) Official
5223/TCP Extensible Messaging and Presence Protocol (XMPP, Jabber) client connection over SSL Unofficial
5269/TCP Extensible Messaging and Presence Protocol (XMPP, Jabber) server connection (RFC 3920) Official
5298/TCP,UDP Extensible Messaging and Presence Protocol (XMPP) link-local messaging Official
5351/TCP,UDP NAT Port Mapping Protocol—client-requested configuration for inbound connections through network address translators Official
5353/UDP Multicast DNS (MDNS) Official
5355/TCP,UDP LLMNR—Link-Local Multicast Name Resolution, allows hosts to perform name resolution for hosts on the same local link (only provided by Windows Vista and Server 2008) Official
5402/TCP,UDP mftp, Stratacache OmniCast content delivery system MFTP file sharing protocol Official
5405/TCP,UDP NetSupport Official
5421/TCP,UDP Net Support 2 Official
5432/TCP,UDP PostgreSQL database system Official
5445/UDP Cisco Unified Video Advantage Unofficial
5495/TCP Applix TM1 Admin server Unofficial
5498/TCP Hotline tracker server connection Unofficial
5499/UDP Hotline tracker server discovery Unofficial
5500/TCP VNC remote desktop protocol—for incoming listening viewer, Hotline control connection Unofficial
5501/TCP Hotline file transfer connection Unofficial
5517/TCP Setiqueue Proxy server client for SETI@Home project Unofficial
5555/TCP Freeciv versions up to 2.0, Hewlett Packard Data Protector, SAP Unofficial
5556/TCP,UDP Freeciv Official
5631/TCP pcANYWHEREdata, Symantec pcAnywhere (version 7.52 and later[33])[34] data Official
5632/UDP pcANYWHEREstat, Symantec pcAnywhere (version 7.52 and later) status Official
5666/TCP NRPE (Nagios) Unofficial
5667/TCP NSCA (Nagios) Unofficial
5723/TCP Operations Manager Unofficial
5800/TCP VNC remote desktop protocol—for use over HTTP Unofficial
5814/TCP,UDP Hewlett-Packard Support Automation (HP OpenView Self-Healing Services) Official
5850/TCP COMIT SE (PCR) Unofficial
5852/TCP Adeona client: communications to OpenDHT Unofficial
5900/TCP,UDP Virtual Network Computing (VNC) remote desktop protocol (used by Apple Remote Desktop and others) Official
5938/TCP,UDP TeamViewer[35] remote desktop protocol Unofficial
5984/TCP,UDP CouchDB database server Official
5999/TCP CVSup [36] file update tool Unknown
6000/TCP X11—used between an X client and server over the network Official
6001/UDP X11—used between an X client and server over the network Official
6005/TCP Default for BMC Software CONTROL-M/Server—Socket used for communication between CONTROL-M processes—though often changed during installation Official
6005/TCP Default for Camfrog Chat & Cam Client http://www.camfrog.com Unofficial
6050/TCP Brightstor Arcserve Backup Unofficial
6050/TCP Nortel Software Unofficial
6051/TCP Brightstor Arcserve Backup Unofficial
6072/TCP iOperator Protocol Signal Port Unofficial
6086/TCP PDTP—FTP like file server in a P2P network Official
6100/TCP Vizrt System Unofficial
6101/TCP Backup Exec Agent Browser Unofficial
6110/TCP,UDP softcm, HP Softbench CM Official
6111/TCP,UDP spc, HP Softbench Sub-Process Control Official
6112/TCP,UDP "dtspcd"—a network daemon that accepts requests from clients to execute commands and launch applications remotely Official
6112/TCP Blizzard's Battle.net gaming service, ArenaNet gaming service Unofficial
6112/TCP Club Penguin Disney online game for kids Unofficial
6113/TCP Club Penguin Disney online game for kids Unofficial
6129/TCP DameWare Remote Control Unofficial
6257/UDP WinMX (see also 6699) Unofficial
6346/TCP,UDP gnutella-svc, Gnutella (FrostWire, Limewire, Shareaza, etc.) Official
6347/TCP,UDP gnutella-rtr, Gnutella alternate Official
6389/TCP EMC Clariion Unofficial
6444/TCP,UDP Sun Grid Engine—Qmaster Service Official
6445/TCP,UDP Sun Grid Engine—Execution Service Official
6502/TCP,UDP Danware Data NetOp Remote Control Unofficial
6522/TCP Gobby (and other libobby-based software) Unofficial
6543/UDP Paradigm Research & Development Jetnet[37] default Unofficial
6566/TCP SANE (Scanner Access Now Easy)—SANE network scanner daemon Unofficial
6571 Windows Live FolderShare client Unofficial
6600/TCP Music Playing Daemon (MPD) Unofficial
6619/TCP,UDP odette-ftps, Odette File Transfer Protocol (OFTP) over TLS/SSL Official
6646/UDP McAfee Network Agent Unofficial
6660–6664/TCP Internet Relay Chat Unofficial
6665–6669/TCP Internet Relay Chat Official
6679/TCP IRC SSL (Secure Internet Relay Chat)—often used Unofficial
6697/TCP IRC SSL (Secure Internet Relay Chat)—often used Unofficial
6699/TCP WinMX (see also 6257) Unofficial
6771/UDP Polycom server broadcast Unofficial
6789/TCP Datalogger Support Software Campbell Scientific Loggernet Software Unofficial
6881–6887/TCP,UDP BitTorrent part of full range of ports used most often Unofficial
6888/TCP,UDP MUSE Official
6888/TCP,UDP BitTorrent part of full range of ports used most often Unofficial
6889–6890/TCP,UDP BitTorrent part of full range of ports used most often Unofficial
6891–6900/TCP,UDP BitTorrent part of full range of ports used most often Unofficial
6891–6900/TCP,UDP Windows Live Messenger (File transfer) Unofficial
6901/TCP,UDP Windows Live Messenger (Voice) Unofficial
6901/TCP,UDP BitTorrent part of full range of ports used most often Unofficial
6902–6968/TCP,UDP BitTorrent part of full range of ports used most often Unofficial
6969/TCP,UDP acmsoda Official
6969/TCP BitTorrent tracker Unofficial
6970–6999/TCP,UDP BitTorrent part of full range of ports used most often Unofficial
7000/TCP Default for Vuze's built in HTTPS Bittorrent Tracker Unofficial
7001/TCP Default for BEA WebLogic Server's HTTP server, though often changed during installation Unofficial
7002/TCP Default for BEA WebLogic Server's HTTPS server, though often changed during installation Unofficial
7005/TCP Default for BMC Software CONTROL-M/Server and CONTROL-M/Agent for Agent-to-Server, though often changed during installation Official
7006/TCP Default for BMC Software CONTROL-M/Server and CONTROL-M/Agent for Server-to-Agent, though often changed during installation Official
7010/TCP Default for Cisco AON AMC (AON Management Console) [2] Unofficial
7025/TCP Zimbra LMTP [mailbox]—local mail delivery Unofficial
7047/TCP Zimbra conversion server Unofficial
7133/TCP Enemy Territory: Quake Wars Unofficial
7171/TCP Tibia Unofficial
7306/TCP Zimbra mysql [mailbox] Unofficial
7307/TCP Zimbra mysql [logger] Unofficial
7312/UDP Sibelius License Server Unofficial
7400/TCP,UDP RTPS (Real Time Publish Subscribe) DDS Discovery Official
7401/TCP,UDP RTPS (Real Time Publish Subscribe) DDS User-Traffic Official
7402/TCP,UDP RTPS (Real Time Publish Subscribe) DDS Meta-Traffic Official
7670/TCP BrettspielWelt BSW Boardgame Portal Unofficial
7676/TCP Aqumin AlphaVision Remote Command Interface Unofficial
7777/TCP iChat server file transfer proxy Unofficial
7777/TCP Default used by Windows backdoor program tini.exe Unofficial
7831/TCP Default used by Smartlaunch Internet Cafe Administration[38] software Unofficial
7915/TCP Default for YSFlight server [3] Unofficial
8000/TCP,UDP iRDMI (Intel Remote Desktop Management Interface)[39]—sometimes erroneously used instead of port 8080 Official
8000-8001/TCP Commonly used for internet radio streams such as those using SHOUTcast Unofficial
8002/TCP Cisco Systems Unified Call Manager Intercluster Unofficial
8008/TCP HTTP Alternate Official
8008/TCP IBM HTTP Server administration default Unofficial
8010/TCP XMPP/Jabber File transfers Unofficial
8074/TCP Gadu-Gadu Unofficial
8080/TCP HTTP alternate (http_alt)—commonly used for Web proxy and caching server, or for running a Web server as a non-root user Official
8080/TCP Apache Tomcat Unofficial
8080/UDP FilePhile Master/Relay Unofficial
8081/TCP HTTP alternate, e.g. McAfee ePolicy Orchestrator (ePO) Unofficial
8086/TCP HELM Web Host Automation Windows Control Panel Unofficial
8086/TCP Kaspersky AV Control Center Unofficial
8087/TCP Hosting Accelerator Control Panel Unofficial
8087/TCP Parallels Plesk Control Panel Unofficial
8087/UDP Kaspersky AV Control Center Unofficial
8090/TCP HTTP Alternate (http_alt_alt)—used as an alternative to port 8080 Unofficial
8116/UDP Check Point Cluster Control Protocol Unofficial
8118/TCP Privoxy—advertisement-filtering Web proxy Official
8123/TCP Polipo Web proxy Official
8192/TCP Sophos Remote Management System Unofficial
8193/TCP Sophos Remote Management System Unofficial
8194/TCP Sophos Remote Management System Unofficial
8200/TCP GoToMyPC Unofficial
8222 VMware Server Management User Interface (insecure Web interface)[40]. See also port 8333 Unofficial
8243/TCP,UDP HTTPS listener for Apache Synapse [41] Official
8280/TCP,UDP HTTP listener for Apache Synapse [41] Official
8291/TCP Winbox—Default on a MikroTik RouterOS for a Windows application used to administer MikroTik RouterOS Unofficial
8333 VMware Server Management User Interface (secure Web interface)[40]. See also port 8222 Unofficial
8400/TCP,UDP cvp, Commvault Unified Data Management Official
8443/TCP SW Soft Plesk Control Panel, Apache Tomcat SSL Unofficial
8484/TCP,UDP MapleStory Unofficial
8500/TCP,IPX ColdFusion Macromedia/Adobe ColdFusion default and Duke Nukem 3D—default Unofficial
8501/TCP [4] DukesterX —default Unofficial
8691/TCP Ultra Fractal default server port for distributing calculations over network computers Unofficial
8701/UDP SoftPerfect Bandwidth Manager Unofficial
8702/UDP SoftPerfect Bandwidth Manager Unofficial
8767/UDP TeamSpeak—default Unofficial
8768/UDP TeamSpeak—alternate Unofficial
8880/UDP cddbp-alt, CD DataBase (CDDB) protocol (CDDBP) alternate Official
8880/TCP cddbp-alt, CD DataBase (CDDB) protocol (CDDBP) alternate Official
8880/TCP WebSphere Application Server SOAP connector default Unofficial
8881/TCP Atlasz Informatics Research Ltd Secure Application Server Unofficial
8882/TCP Atlasz Informatics Research Ltd Secure Application Server Unofficial
8888/TCP,UDP NewsEDGE server Official
8888/TCP Sun Answerbook dwhttpd server (deprecated by docs.sun.com) Unofficial
8888/TCP GNUmp3d HTTP music streaming and Web interface Unofficial
8888/TCP LoLo Catcher HTTP Web interface (www.optiform.com) Unofficial
8888/TCP D2GS Admin Console Telnet administration console for D2GS servers (Diablo 2) Unofficial
8888/TCP Earthland Relams 2 Server (AU1_2) Unofficial
8889/TCP Earthland Relams 2 Server (AU1_1) Unofficial
9000/TCP Buffalo LinkSystem Web access Unofficial
9000/TCP DBGp Unofficial
9000/TCP SqueezeCenter web server & streaming Unofficial
9000/UDP UDPCast Unofficial
9001 Microsoft Sharepoint Authoring Environment Official
9001 cisco-xremote router configuration Unofficial
9001 Tor network default Unofficial
9001/TCP DBGp Proxy Unofficial
9009/TCP,UDP Pichat Server—Peer to peer chat software Official
9030/TCP Tor often used Unofficial
9043/TCP WebSphere Application Server Administration Console secure Unofficial
9050/TCP Tor Unofficial
9051/TCP Tor Unofficial
9060/TCP WebSphere Application Server Administration Console Unofficial
9080/UDP glrpc, Groove Collaboration software GLRPC Official
9080/TCP glrpc, Groove Collaboration software GLRPC Official
9080/TCP WebSphere Application Server HTTP Transport (port 1) default Unofficial
9090/TCP Openfire Administration Console Unofficial
9090/TCP SqueezeCenter control (CLI) Unofficial
9091/TCP Openfire Administration Console (SSL Secured) Unofficial
9100/TCP PDL Data Stream Official
9101 Bacula Director Official
9102 Bacula File Daemon Official
9103 Bacula Storage Daemon Official
9105/TCP,UDP Xadmin Control Daemon Official
9110/UDP SSMP Message protocol Unofficial
9119/TCP,UDP MXit Instant Messenger Official
9300/TCP IBM Cognos 8 SOAP Business Intelligence and Performance Management Unofficial
9418/TCP,UDP git, Git pack transfer service Official
9420/TCP MooseFS distributed file system - master server to chunk servers Unofficial
9421/TCP MooseFS distributed file system - master server to clients Unofficial
9422/TCP MooseFS distributed file system - chunk servers to clients Unofficial
9443/TCP WSO2 Web Services Application Server HTTPS transport (officially WSO2 Tungsten HTTPS Official
9443/TCP WebSphere Application Server HTTP Transport (port 2) default Unofficial
9535/TCP mngsuite, LANDesk Management Suite Remote Control Official
9535/TCP BBOS001, IBM Websphere Application Server (WAS) High Avail Mgr Com Unofficial
9535/UDP mngsuite, LANDesk Management Suite Remote Control Official
9800/TCP,UDP WebDAV Source Official
9800 WebCT e-learning portal Unofficial
9875/TCP Club Penguin Disney online game for kids Unofficial
9898/TCP,UDP MonkeyCom Official
9898/TCP Tripwire - File Integrity Monitoring Software Unofficial
9996/TCP,UDP The Palace "The Palace" Virtual Reality Chat software. - 5 Official
9999 Hydranode—edonkey2000 TELNET control Unofficial
9999/TCP Lantronix UDS-10/UDS100[42] RS-485 to Ethernet Converter TELNET control Unofficial
9999 Urchin Web Analytics Unofficial
10000 Webmin—Web-based Linux admin tool Unofficial
10000 BackupExec Unofficial
10000 Ericsson Account Manager (avim) Unofficial
10001/TCP Lantronix UDS-10/UDS100[43] RS-485 to Ethernet Converter default Unofficial
10008/TCP,UDP Octopus Multiplexer, primary port for the CROMP protocol, which provides a platform-independent means for communication of objects across a network Official
10017 AIX,NeXT, HPUX—rexd daemon control Unofficial
10024/TCP Zimbra smtp [mta]—to amavis from postfix Unofficial
10025/TCP Ximbra smtp [mta]—back to postfix from amavis Unofficial
10050/TCP,UDP Zabbix-Agent Official
10051/TCP,UDP Zabbix-Trapper Official
10113/TCP,UDP NetIQ Endpoint Official
10114/TCP,UDP NetIQ Qcheck Official
10115/TCP,UDP NetIQEndpoint Official
10116/TCP,UDP NetIQ VoIP Assessor Official
10200/TCP FRISK Software International's fpscand virus scanning daemon for Unix platforms [5] Unofficial
10200–10204/TCP FRISK Software International's f-protd virus scanning daemon for Unix platforms [6] Unofficial
10308 Lock-on: Modern Air Combat Unofficial
10480 SWAT 4 Dedicated Server Unofficial
11211 memcached Unofficial
11235 Savage:Battle for Newerth Server Hosting Unofficial
11294 Blood Quest Online Server Unofficial
11371 OpenPGP HTTP key server Official
11576 IPStor Server management communication Unofficial
12012/TCP,UDP Audition Online Dance Battle, Korea Server - Status/Version Check Unofficial
12013/TCP,UDP Audition Online Dance Battle, Korea Server Unofficial
12035/UDP Linden Lab viewer to sim Unofficial
12345 NetBus—remote administration tool (often Trojan horse). Also used by NetBuster. Little Fighter 2 (TCP). Unofficial
12975/TCP LogMeIn Hamachi (VPN tunnel software; also port 32976)—used to connect to Mediation Server (bibi.hamachi.cc); will attempt to use SSL (TCP port 443) if both 12975 & 32976 fail to connect Unofficial
12998-12999/UDP Takenaka RDI Mirror World on SL Unofficial
13000–13050/UDP Linden Lab viewer to sim Unofficial
13076/TCP Default for BMC Software CONTROL-M/Enterprise Manager Corba communication, though often changed during installation Official
13720/TCP,UDP Symantec NetBackup—bprd (formerly VERITAS) Official
13721/TCP,UDP Symantec NetBackup—bpdbm (formerly VERITAS) Official
13724/TCP,UDP Symantec Network Utility—vnetd (formerly VERITAS) Official
13782/TCP,UDP Symantec NetBackup—bpcd (formerly VERITAS) Official
13783/TCP,UDP Symantec VOPIED protocol (formerly VERITAS) Official
13785/TCP,UDP Symantec NetBackup Database—nbdb (formerly VERITAS) Official
13786/TCP,UDP Symantec nomdb (formerly VERITAS) Official
14552/TCP Lasso (programming language) application service Unofficial
14567/UDP Battlefield 1942 and mods Unofficial
15000/TCP psyBNC Unofficial
15000/TCP Wesnoth Unofficial
15000/TCP Kaspersky Network Agent Unofficial
15000/TCP hydap, Hypack Hydrographic Software Packages Data Acquisition Official
15000/UDP hydap, Hypack Hydrographic Software Packages Data Acquisition Official
15567/UDP Battlefield Vietnam and mods Unofficial
15345/TCP,UDP XPilot Contact Official
16000/TCP shroudBNC Unofficial
16080/TCP Mac OS X Server Web (HTTP) service with performance cache[44] Unofficial
16384/UDP Iron Mountain Digital online backup Unofficial
16567/UDP Battlefield 2 and mods Unofficial
18010/TCP Super Dancer Online Extreme(SDO-X) - CiB Net Station Malaysia Server Unofficial
18180/TCP DART Reporting server Unofficial
18200/TCP,UDP Audition Online Dance Battle, AsiaSoft Thailand Server - Status/Version Check Unofficial
18201/TCP,UDP Audition Online Dance Battle, AsiaSoft Thailand Server Unofficial
18206/TCP,UDP Audition Online Dance Battle, AsiaSoft Thailand Server - FAM Database Unofficial
18300/TCP,UDP Audition Online Dance Battle, AsiaSoft SEA Server - Status/Version Check Unofficial
18301/TCP,UDP Audition Online Dance Battle, AsiaSoft SEA Server Unofficial
18306/TCP,UDP Audition Online Dance Battle, AsiaSoft SEA Server - FAM Database Unofficial
18400/TCP,UDP Audition Online Dance Battle, KAIZEN Brazil Server - Status/Version Check Unofficial
18401/TCP,UDP Audition Online Dance Battle, KAIZEN Brazil Server Unofficial
18505/TCP,UDP Audition Online Dance Battle, Nexon Server - Status/Version Check Unofficial
18506/TCP,UDP Audition Online Dance Battle, Nexon Server Unofficial
18605/TCP,UDP X-BEAT - Status/Version Check
18606/TCP,UDP X-BEAT Unofficial
19000/TCP,UDP Audition Online Dance Battle, G10/alaplaya Server - Status/Version Check Unofficial
19001/TCP,UDP Audition Online Dance Battle, G10/alaplaya Server Unofficial
19226/TCP Panda Software AdminSecure Communication Agent Unofficial
19638/TCP Ensim Control Panel Unofficial
19771/TCP,UDP Softros LAN Messenger Unofficial
19813/TCP 4D database Client Server Communication Unofficial
19880/TCP Softros LAN Messenger Unofficial
20000 DNP (Distributed Network Protocol), a protocol used in SCADA systems between communicating RTU's and IED's Official
20000 Usermin, Web-based user tool Unofficial
20014/TCP DART Reporting server Unofficial
20720/TCP Symantec i3 Web GUI server Unofficial
22347/TCP,UDP WibuKey, WIBU-SYSTEMS AG Software protection system Official
22350/TCP,UDP CodeMeter, WIBU-SYSTEMS AG Software protection system Official
23073 Soldat Dedicated Server Unofficial
23513 [7] Duke Nukem Ports Unofficial
24444 NetBeans integrated development environment Unofficial
24465/TCP,UDP Tonido Directory Server for Tonido which is a Personal Web app and peer-to-peer platform Official
24554/TCP,UDP BINKP, Fidonet mail transfers over TCP/IP Official
24800 Synergy: keyboard/mouse sharing software Unofficial
24842 StepMania: Online: Dance Dance Revolution Simulator Unofficial
25888/UDP Xfire (Firewall Report, UDP_IN) IP Address (206.220.40.146) resolves to gameservertracking.xfire.com. Use unknown. Unofficial
25999/TCP Xfire Unofficial
26000/TCP,UDP id Software's Quake server Official
26000/TCP CCP's EVE Online Online gaming MMORPG Unofficial
26900/TCP CCP's EVE Online Online gaming MMORPG Unofficial
26901/TCP CCP's EVE Online Online gaming MMORPG Unofficial
27000/UDP (through 27006) id Software's QuakeWorld master server Unofficial
27000/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27001/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27002/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27003/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27004/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27005/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27006/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27007/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27008/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27009/TCP FLEXnet Publisher's License server (from the range of default ports) Unofficial
27010 Half-Life and its mods, such as Counter-Strike Unofficial
27015 Half-Life and its mods, such as Counter-Strike Unofficial
27374 Sub7 default. Most script kiddies do not change from this. Unofficial
27500/UDP (through 27900) id Software's QuakeWorld Unofficial
27888/UDP Kaillera server Unofficial
27900 (through 27901) Nintendo Wi-Fi Connection Unofficial
27901/UDP (through 27910) id Software's Quake II master server Unofficial
27960/UDP (through 27969) Activision's Enemy Territory and id Software's Quake III Arena and Quake III and some ioquake3 derived games Unofficial
28000 Bitfighter Common/default Bitfighter Server Unofficial
28001 Starsiege: Tribes Common/default Tribes v.1 Server Unofficial
28395/TCP www.SmartSystemsLLC.com Used by Smart Sale® 5.0 Unofficial
28910 Nintendo Wi-Fi Connection Unofficial
28960/UDP Call of Duty - Call of Duty: United Offensive - Call of Duty 2 - Call of Duty 4: Modern Warfare - Call of Duty: World at War (PC Version) Unofficial
29900 (through 29901) Nintendo Wi-Fi Connection Unofficial
29920 Nintendo Wi-Fi Connection Unofficial
30000 Pokemon Netbattle Unofficial
30301 BitTorrent Unofficial
30564/TCP Multiplicity: keyboard/mouse/clipboard sharing software Unofficial
31337/TCP Back Orifice—remote administration tool (often Trojan horse) Unofficial
31415 ThoughtSignal—Server Communication Service (often Informational) Unofficial
31456/TCP TetriNET IRC gateway on some servers Unofficial
31457/TCP TetriNET Official
31458/TCP TetriNET Used for game spectators Unofficial
32245/TCP MMTSG-mutualed over MMT (encrypted transmission) Unofficial
32976/TCP LogMeIn Hamachi (VPN tunnel software; also port 12975)—used to connect to Mediation Server (bibi.hamachi.cc); will attempt to use SSL (TCP port 443) if both 12975 & 32976 fail to connect Unofficial
33434/TCP,UDP traceroute Official
34443 Linksys PSUS4 print server Unofficial
37777/TCP Digital Video Recorder hardware Unofficial
36963 Counter Strike 2D multiplayer (2D clone of popular CounterStrike computer game) Unofficial
40000/TCP,UDP SafetyNET p Real-time Industrial Ethernet protocol Official
43594–43595/TCP RuneScape Unofficial
47808/TCP,UDP BACnet Building Automation and Control Networks Official
49151/TCP,UDP Reserved[1] Official

[edit] Dynamic and/or private ports: 49152–65535

By definition, no ports can be registered in the dynamic range.[1]

Many Linux kernels and/or distros use 32768 to 61000. /proc/sys/net/ipv4/ip_local_port_range indicates the range in use.

[edit] See also

[edit] References

  1. ^ a b c d e f g "Port Numbers" (plain text). The Internet Assigned Numbers Authority (IANA). 2008-05-22. http://www.iana.org/assignments/port-numbers. Retrieved on 2008-05-25.
  2. ^ RFC 887, Resource Location Protocol
  3. ^ RFC 1476, RAP: Internet Route Access Protocol
  4. ^ RFC 983, ISO Transport Services on Top of the TCP
  5. ^ The Remote User Telnet Service
  6. ^ COM Fundamentals - Guide - COM Clients and Servers - Inter-Object Communications - Microsoft RPC
  7. ^ RFC 1068, Background File Transfer Program (BFTP)
  8. ^ Cisco Document ID: 7244, Understanding Simple Network Management Protocol (SNMP) Traps
  9. ^ RFC 4409, Message Submission for Mail
  10. ^ RFC 3620, The TUNNEL Profile
  11. ^ INTERNET DRAFT, DHCP Failover Protocol
  12. ^ RFC 3632, VeriSign Registry Registrar Protocol (RRP) Version 2.0.0
  13. ^ IEEE Standard (1244.1-2000) for Media Management System (MMS) Architecture
  14. ^ IEEE Standard (1244.3-2000) for Media Management System (MMS) Media Management Protocol (MMP)
  15. ^ Integrated Virtualization Manager on IBM System p5
  16. ^ IEEE Standard (1244.2-2000) for Media Management Systems (MMS) Session Security, Authentication, Initialization Protocol (SSAIP)
  17. ^ RFC 4204, Link Management Protocol
  18. ^ RFC 3981, IRIS: The Internet Registry Information Service (IRIS) Core Protocol
  19. ^ Internet Registry Information Service (IRIS)
  20. ^ Internet-Draft, Using the Internet Registry Information Service (IRIS) over the Blocks Extensible Exchange Protocol (BEEP)
  21. ^ Tag Distribution Protocol Internet-Draft
  22. ^ United States Patent 7286529, Discovery and tag space identifiers in a tag distribution protocol (TDP)
  23. ^ Cisco IOS Software Release 11.1CT New Features
  24. ^ Cisco IOS Software Releases 12.0 S, MPLS Label Distribution Protocol (LDP)
  25. ^ World Intellectual Property Organization (WIPO) WO/2004/056056, Arrangement in a Router of a Mobile Network for Optimizing Use of Messages Carrying Reverse Routing Headers
  26. ^ Brief descriptions of registered TCP and UDP ports
  27. ^ Tuxánci game—a multiplatform game, inspired by the Czech game Bulanci, distributed under the GNU General Public License
  28. ^ IBM U2 product family
  29. ^ IETF Draft of the Minger Email Address Verification Protocol
  30. ^ RFC 2167, Referral Whois (RWhois) Protocol
  31. ^ Symantec Intruder Alert product support
  32. ^ IBM Tivoli Netcool/Impact
  33. ^ pcAnywhere IP port usage
  34. ^ How to change the IP ports that pcAnywhere uses
  35. ^ TeamViewer Desktop Sharing
  36. ^ CVSup.org
  37. ^ prd Technologies Ltd Billing & Rating Solutions
  38. ^ Smartlaunch 4.1 Cyber Cafe Management Software Product Overview
  39. ^ Intel DMI (Desktop Management Interface)
  40. ^ a b VMware Communities: Change MUI ports?
  41. ^ a b Apache Synapse
  42. ^ Lantronix Discontinued Products / No Longer Supported
  43. ^ Lantronix UDS-10 UDS100 User Guide
  44. ^ Mac OS X Server 10: Web service uses ports 80 and 16080 by default

[edit] External links

Popular Posts