homepage Welcome to WebmasterWorld Guest from 54.161.175.231
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Whois Port 43 Socket Won't Open
Redhat Linux, PHP and Plesk
incrediBILL




msg:4539913
 5:05 pm on Jan 28, 2013 (gmt 0)

Got a weird problem where PHP's fsockopen won't open a socket to Whois on port 43 on one server. It'll open some other ports just fine, but not port 43. This code works just fine on my other servers, just not this one installation.

Port 43 isn't in a firewall, command line WHOIS works just fine, and I can use CURL to open a socket to port 43 such as "curl whois.arin.net:43" which gets a response from their server.

I've checked everywhere to see if anyone else had this specific problem with PHP and WHOIS ports not working in PHP and sure enough, the question is posted in many places, just no answer as to why is happens or how to fix it.

I found one thread on another forum where they were approaching a solution but the genius mods shut down the thread for not being of interest to the internet. Yeah, unknown socket failure on just port 43 like it's being firewalled for unknown reason with people posting around and never getting answers, too tough a question so close the thread ;)

Thought maybe the PHP wizard of WebmasterWorld had possibly run across such an annoying anomaly and found a resolution but I'm also aware I do some stuff off the beaten path so others may have never encountered this problem.

My last idea is to reload the server from scratch and see if that solves the problem but since others are having the same situation it means I may encounter it elsewhere and nobody would have a clue until tried because the odds of anyone directly accessing the WHOIS port in their PHP code is kinda small.

Obviously I can use curl and that works but why not fsockopen?

The only idea I had was maybe arin.net is blocking a raw socket connection to that server for whatever reason but it seems unlikely and my other servers with the same basic configuration on the same host running the same code all work fine.

Crossing fingers, anyone? suggestions? I'm stumped.

[edited by: incrediBILL at 11:56 pm (utc) on Jan 28, 2013]

 

swa66




msg:4540005
 8:14 pm on Jan 28, 2013 (gmt 0)

Bill,
53 is DNS, I think you meant to say 43 where you said 53.

you can telnet to whois with
$ telnet whois.arin.net 43
then type (without a prompt) your question (e.g. 10.0.0.0<ENTER> ) and you get the answer.

The whois protocol is documented in RFC 3912 ( [tools.ietf.org...] )

This works (execute it on the command line) - it doesn't output html:

<?php
$fp = fsockopen( 'whois.ripe.net', 43, $errno, $errdesc);
if ($fp === false ) {
die ('Error opening the socket: '.$errno.' - '.$errdesc."\n");
}
$request='10.0.0.0'."\r\n";
if ( fputs($fp,$request) === false ) {
die ('Error writing to the socket'."\n");
}
$answer = '';
while (!feof($fp)) {
$answer .= fread($fp, 8192);
}
fclose($fp);
print ($answer);
?>

[edited by: swa66 at 8:42 pm (utc) on Jan 28, 2013]

swa66




msg:4540006
 8:17 pm on Jan 28, 2013 (gmt 0)

Initially I only had "\n" instead of "\r\n" to terminate the request. It seems that the RFC requires <CR><LF>...

But actually both <LF> and <CR><LF> work just fine.

incrediBILL




msg:4540060
 12:00 am on Jan 29, 2013 (gmt 0)

53 is DNS, I think you meant to say 43 where you said 53.


Geez, I said 43 all over except in one line, typo. I know which port is which ;)

Anyway, I know about telnet, that worked, so did "curl whois.arin.net:43" and the main whois command so it's not a firewall thing.

However, the code like you have posted above flat doesn't work on that server in PHP. If you change the port to 80 it works, but 43 doesn't. It just times out with an error of 0.

Same code works just fine on my other servers and I'm not alone in this specific problem based on other posts I found in several other forums with no resolution.

One of the more baffling things I've run across and the only thing I can think of is maybe arin.net is blocking it when it doesn't have the correct header.

swa66




msg:4540132
 9:24 am on Jan 29, 2013 (gmt 0)

All I can say is that the code above works on my mac. Just typing
$ php test.php
with test.php the content of the above works perfectly.

This is the version on my mac:
$ php --version
PHP 5.3.15 with Suhosin-Patch (cli) (built: Aug 24 2012 17:45:44)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies

I also retested it on my webservers ... (OpenBSD, php compiled from source code) ... it just works.

It just times out with an error of 0.

That's on the connect (fsockopen() ) I presume ? - not on the fread ?

The fread goes hanging if you start to read to soon (e.g. before sending the \r\n on the request ...), but if you used the code verbatim ...

That would make no sense unless there's something in your php configuration or so that's making that it isn't sending or receiving the SYN or S/A packets (cause that's all that's needed to get through this).

I'd check what your php code is actually sending out on the wire.
replace XXX with the right interface name
# tcpdump -n -i XXX port 43

This is what I get where it works:

10:13:39.705217 193.0.6.135.43 > MYIP.20252: S 250152799:250152799(0) ack 3119891155 win 14480 <mss 1460,sackOK,timestamp 496755460 4214646201,nop,wscale 7> (DF)
10:13:39.705241 MYIP.20252 > 193.0.6.135.43: . ack 1 win 16384 <nop,nop,timestamp 4214646201 496755460> (DF)
10:13:39.705315 MYIP.20252 > 193.0.6.135.43: P 1:11(10) ack 1 win 16384 <nop,nop,timestamp 4214646201 496755460> (DF)
10:13:39.710924 193.0.6.135.43 > MYIP.20252: . ack 11 win 114 <nop,nop,timestamp 496755466 4214646201> (DF)
10:13:39.711172 193.0.6.135.43 > MYIP.20252: P 1:198(197) ack 11 win 114 <nop,nop,timestamp 496755466 4214646201> (DF)
10:13:39.714271 193.0.6.135.43 > MYIP.20252: . 198:1646(1448) ack 11 win 114 <nop,nop,timestamp 496755469 4214646201> (DF)
10:13:39.714288 MYIP.20252 > 193.0.6.135.43: . ack 1646 win 14936 <nop,nop,timestamp 4214646201 496755466> (DF)
10:13:39.715107 193.0.6.135.43 > MYIP.20252: FP 1646:2209(563) ack 11 win 114 <nop,nop,timestamp 496755470 4214646201> (DF)
10:13:39.715123 MYIP.20252 > 193.0.6.135.43: . ack 2210 win 15821 <nop,nop,timestamp 4214646201 496755470> (DF)
10:13:39.715156 MYIP.20252 > 193.0.6.135.43: F 11:11(0) ack 2210 win 16384 <nop,nop,timestamp 4214646201 496755470> (DF)
10:13:39.720691 193.0.6.135.43 > MYIP.20252: . ack 12 win 114 <nop,nop,timestamp 496755476 4214646201> (DF)

If it doesn't send out stuff, I'd check the php.ini you're using if there's nothing limiting you there.

coopster




msg:4540359
 10:33 pm on Jan 29, 2013 (gmt 0)

What version of PHP? And Plesk?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved