Network Daemons  «Prev  Next»

Lesson 7 Server processes
Objective Define a listening server process.

Server Processes

In the realm of Linux network administration, a "listening server process" could be conceptualized as a specialized type of computer program that runs continuously in the background, waiting to respond to incoming network requests. This term is often used in the context of server-client models, where server processes listen on specific network ports for client connections. When a server process is said to be "listening," it might typically mean that it is passively waiting for a connection rather than actively reaching out to initiate one. This is an important distinction in network communication, as it defines the role of the server as a recipient of requests. The process of listening usually involves the server binding to a network port (a numerical identifier for a specific service) and then waiting for clients to initiate communication.
The listening state of a server process could potentially be crucial for various network services, including but not limited to web servers (HTTP), database servers, file servers (FTP or SMB), mail servers (SMTP, IMAP), and many other types of networked services. Each of these services typically listens on a predefined or configurable port number - for example, a web server might listen on port 80 for HTTP or port 443 for HTTPS. It's important to note that a server process that is listening on a network port might be vulnerable to unauthorized access or attacks, especially if the service is exposed to the public internet and not properly secured. As a Linux network administrator, one might need to carefully manage these listening processes, ensuring they are updated, configured securely, and monitored for any unusual activity. This could involve setting up firewalls, configuring secure communication protocols, and regularly auditing the system for open ports and services.
Moreover, in a Linux environment, various command-line tools such as `netstat`, `ss`, or `lsof` can be used to identify listening server processes. These tools can provide valuable information about which ports are open and which processes are associated with them, aiding in both troubleshooting and security auditing. In conclusion, a listening server process in a Linux environment is a fundamental concept, representing a process that waits for incoming network requests on a specific port. The management and security of these processes are likely key responsibilities in network administration, requiring ongoing attention to detail and a proactive approach to system security.
For a machine to offer a particular network service, such as telnet, a server process must “listen” for incoming connections on the associated well-known port number. A listening server waits for the kernel[1] to report that it has created a TCP/IP connection to the server's port, then the server reads from the connection and takes whatever action it is supposed to.


trace-cmd listen

The trace-cmd listen sets up a port to listen to waiting for connections from other hosts that run trace-cmd-record with the -N option. When a connection is made, and the remote host sends data, it will create a file called trace.HOST:PORT.dat.
Where HOST is the name of the remote host, and PORT is the port that the remote host used to connect with.

Server Processes and System Resources
A listening server process uses a certain amount of system resources, even if it is idle. For example, it requires an entry in the kernel's process table. If a system offers 100 different network services, then 100 different listening server processes would need to run on the system, waiting for a connection to any of the corresponding 100 different port numbers. Of course, most of the time, these listening processes would be idle—they would “wake up” only when an incoming connection arrived.

Server Sockets

Server sockets may accept multiple client connections. Conceptually, a server socket listens on a known port. When an incoming connection arrives, the listening socket creates a new socket (the child socket), and establishes the connection on the child socket. The listening socket is then free to resume listening on the same port, while the child socket has an established connection with the client that is independent from its parent. One result of this architecture is that the listening socket never actually performs a read or write operation and is only used to create connected sockets. The listening socket usually proceeds through the operations below.
  1. Construct. Socket construction is identical for all TCP/IP sockets; see Socket Operations for details.
  2. Bind. Binding for listening sockets is usually done only on the port, setting the IP address parameter to IPAddress.Any (MSDN). A Bind failure is usually due to another process already bound to that port (possibly another instance of the server process).
  3. Listen. The listening socket actually begins listening at this point. It is not yet accepting connections, but the OS may accept connections on its behalf.
The backlog parameter to Socket.Listen is how many connections the OS may accept on behalf of the application. This is not the total number of active connections; it is only how many connections will be established if the application falls behind. Once connections are accepted, they move out of the backlog queue and no longer count against the backlog limit. The value to pass for the "backlog" parameter. Historically, this has been restricted to a maximum of 5, though modern systems have a cap of 200. Specifying a backlog higher than the maximum is not considered an error; the maximum value is used instead.
int.MaxValue can be used to invoke the dynamic backlog feature (Windows Server systems only), essentially leaving it up to the OS. It is tempting to set this value very high (i.e., always passing int.MaxValue), but this would hurt system performance (on non-server machines) by pre-allocating a large amount of scarce resources. This value should be set to a reasonable amount (usually between 2 and 5), based on how many connections one is realistically expecting and how quickly they can be accepted.

[1]kernel: The kernel is the core of the UNIX operating system. The kernel remains hidden from typical users.

Ad TCP/IP Illustration