Background
Wanted to cover the Network Ports that are used by Microsoft’s Integration Services.
Network Trace
Wireshark
Port Mapper ( Port 135 )
Network Flow
Explanation
- From Ephemeral Port ( 57916) connect to Server Port 135
- Request from client to server to issue RemoteCreateInstance
- Authenticate User
- via NTLMSSP_AUTH
- Pass in username
Integration Services
Network Flow
Explanation
- From Ephemeral Port ( 57917) connect to SQL Server Integration Services Component
- This is important has it depends on how thru Component Services the Integration Services Component’s endpoint is configured
Component – Microsoft SQL Server Integration Services [NN.MM]
Using Component Services, let us review the Component’s endpoint configuration
Configuration
Here are our choices:
- Disable Protocol sequence
- Use default endpoints
- Use static endpoint
- Use intranet range of dynamic endpoints
- Use internet range of dynamic endpoints
Digging Deeper
- Disable Protocol sequence
- Disable Network
- Use default endpoints
- Use ephemeral ports
- Use static endpoint
- Use static endpoint
- Use intranet range of dynamic endpoints
- Use endpoint’s defined for Intranet
- Use internet range of dynamic endpoints
- Use endpoint’s defined for Internet
Our Choice
To streamline our conversation with the Firewall team, we chose to use a static endpoint
NetLogonSAMAccount
Network Flow
Explanation
This area covers the Network Authentication.
We did not have to make special care in our environment and so I can not cover in details.
But, please keep it mind when connecting between hosts that are not in the same Active Directory Domain, etc.
Component – Windows Management & Instrumentation ( WMI )
Network Flow
Explanation
- From Ephemeral Port ( 57919) we connect to the port we dedicated to WMI
- This is important has it depends on how thru Component Services the WMI Component’s endpoint is configured
Configuration
Using Component Services, we will configure Windows Management and Instrumentation to listen on a specific port
Network Listening Ports
Resource Monitor
On newer MS Windows Oses, you will be well served to remote connect to the Integration Services host, and run Resource Monitor
MsDtsSrvr.exe
Explanation
We can see that MsDtsSrvr.exe is:
- listening on Network Port 50000
- We have a record each for IPv4 and IPv6
- The internal MS Windows Firewall is allowing access to the Port
RPCC – svchost (winmgmt)
Explanation
We can see that svchost.exe ( RPCSS ) is:
- listening on Network Port 135
- We have a record each for IPv4 and IPv6
- The internal MS Windows Firewall is allowing access to the Port
Unlike Integration Service which has its own process, RPCSS is being processed by a svchost.exe process.
Windows Management & Instrumentation – svchost (winmgmt)
Explanation
We can see that svchost.exe ( winmgmt ) is:
- listening on Network Port 50090
- We have a record each for IPv4 and IPv6
- The internal MS Windows Firewall is allowing access to the Port
Unlike Integration Service which has its own process, winmgmt is being processed by a svchost.exe process.
Tabulated View
|
[…] SQL Server – Integration Services – Network Flow and Rules Link […]