Skill Name: HTTP Server Fundamental
Categorize Tag: HTTP
Skill Content: An HTTP/HTTPS server should listen its service port and wait the HTTP/HTTPS request coming.
Skill Description: A network server is a host that provides a particular service by accepting an incoming request connection. In most general Internet protocols, the server should not connect outside hosts directly. Therefore, in a three way handshake of a TCP session, the destination IP address in the first SYN packet of TCP session should be the server's IP address. On the other hand, this server would not connect to Internet hosts out unless the following situations:
- (1) External Services: The external services such as SQL Service and SMTP service, some HTTP/HTTPS services need those external services to complete the functions of web application. However, when a HTTP/HTTPS server connects out to external servers, especially WAN servers of the Internet, these sessions will increase security risk to face outsider offensive.
- (2) Update Services: There are multiple update services. For example, operating system updates, security model updates, and application program updates are common update services. All these update services may connect to external servers from an HTTP/HTTPS server and generate external network sessions.
- (3) Special Protocols: There are some Internet Protocols that provide some methods which will connect to the client side such as the Active Mode of FTP Protocol and some Instant Messaging Protocol. For security and management concerns, this 'Active Connect Out' behavior is not encouraged these days.
- (4) Malware Traffic: Nowadays, it is a common phenomenon, because of the blocking and filtering of network firewalls, the malware, especially Trojan/RAT/Backdoor, must connect to the Internet proactively.
NSPA suggested display filter of Wireshark:
tcp.flags.syn==1 and tcp.flags.ack==0 and ip.src==Server_IP
tcp.flags.syn==1 and tcp.flags.ack==0 and (ip.src in {Server_IP1 Server_IP2 Server_NET/16})
Online Course: https://youtu.be/Vy3p3V0Q2A4
Analytical Example: https://www.hugediamond.net/shop
------------------------------------------------------------------------
Extent Information:
Español: Un servidor HTTP / HTTPS debe escuchar su puerto de servicio y esperar a que llegue la solicitud HTTP / HTTPS.
Franch: Un serveur HTTP/HTTPS doit écouter son port de service et attendre l'arrivée de la requête HTTP/HTTPS.
German: Ein HTTP/HTTPS-Server sollte seinen Dienstport abhören und auf die eingehende HTTP/HTTPS-Anforderung warten.
Chinese: HTTP/HTTPS 服務器應該偵聽其服務通訊埠,並等待 HTTP/HTTPS 請求的到來。
Japanese: HTTP / HTTPSサーバーは、サービスポートをリッスンし、HTTP / HTTPS要求が来るのを待つ必要があります。
Vietnamese: Máy chủ HTTP / HTTPS nên lắng nghe cổng dịch vụ của nó và đợi yêu cầu HTTP / HTTPS đến.
Thai(Siamese): เซิร์ฟเวอร์ HTTP/HTTPS ควรรับฟังพอร์ตบริการและรอคำขอ HTTP/HTTPS ที่กำลังมา
Indonesian: Server HTTP/HTTPS harus mendengarkan port layanannya dan menunggu permintaan HTTP/HTTPS datang.
Malay: Pelayan HTTP / HTTPS harus mendengar port perkhidmatannya dan menunggu permintaan HTTP / HTTPS datang.
Myanmar: HTTP/HTTPS server တစ်ခုသည်၎င်း၏ ၀ န်ဆောင်မှုဆိပ်ကမ်းကိုနားထောင်ပြီး HTTP/HTTPS တောင်းဆိုချက်လာမည်ကိုစောင့်သင့်သည်။
