I am running server and client in same system. TCP protocol is used for communication between them. In a scenario where client wants to send packet to server, will it go through network infra (i.e. router, internet etc) and come to server or will it manage transfer within system and ignore network.
If you are on the server, any communication you initiate to IP addresses also on the same server will never leave the server.
You can test by installing tcpdump then running from the console/keyboard/mouse:
tcpdump -n -i enp0s5 not arp
Do not generate network traffic. Try to ssh to your account on IP 127.0.0.1 (e.g. risner#127.0.0.1).
Also try to initiate ssh to another host on the network.
Nothing should show on tcpdump, so that indicates it is not leaving the machine.
Related
I have a command line program using UDP socket and a UDP hub server running fine on my local host with seperate command prompts. Each the server and the client are bidirectional, so they both need to be able to send and recieve from each other.
I think that all i need to do to make them run on two seperate computers is to change the IP addresses and port numbers respectively. I think i will need to use the private IPV4 address because my socket is UDP IPV4. But i can't confirm because I do not have two different computers. Can someone please reassure me?
For instance, let's say I have basic UDP client and UDP server:
UDP Client is running on a computer with IPV4 162.16.156.1
UDP server is running on a computer with IPV4 162.18.200.1
UDP server should:
- bind to 162.18.200.1
- send to 162.16.156.1
- recieve would happen at 162.18.200.1
UDP client should:
- connect to 162.18.200.1
- send to 162.18.200.1
- recieve would happen at 162.16.156.1
I have implement a Client-Server application in java. The server can serve multiple clients, and I want to test that, but my knowledges on Networking is poor, and I need a way to test my application on my home.
I have a rooter, which are connected both of my computers. My "server" class in java uses as host the local host (127.0.0.1) on a given port.
How can I test my program if
The Server.java is running on the Computer A
Server.java is running on 127.0.0.1 on 3943 port
1st Client.java is running on the Computer A
1st Client.java is connected to 3943 port
2nd Client.java is running on the Computer B
2nd Client.java is connected to 3943 port
Any ideas?
Use unique ports for the clients and servers running on the same machine. In addition 127.0.0.1 is localhost (internal to that machine). Computer B cannot communicate with 127.0.0.1 on Computer A. Use 127.0.0.1 if all applications or on the same machine. Use the computers actual IP address if you want external machines to be able to communicate with the server.
When client and server, are on the same computer, what you are doing must be already working.
To connect from a different computer, you need to find the "real" ip address of your server.
If you are on Windows, open a command shell on your computer A, and run ipconfig. On unix/linux/mac, run ifconfig.
Look for a string, looking like an ip address, but not 127.0.0.1, there has to be another one if you are connected to a network, probably looks like 10.0.0. or 192.168.<0 or 1> ..
Use this address everywhere instead of 127.0.0.1
A full TCP connection consists of two different endpoints. The server side of the connection is one endpoint (it will be do a listen on that endpoint). When a client creates it's side of the connection (the client socket), it will do a connect to the server ip:port combo and get a number assigned from a range of so-called "ephemeral" ports.
The fact that both sides of the connection have the same IP address doesn't matter - the full connection is defined by two distinct elements (address:port combinations).
FirstClient's connection to the server will be ServerIP:ServerPort<->Client1_IP:Client1_Port, and SecondClient's connection will be ServerIP:ServerPort<->Client2_IP:Client2_Port. The network layer can differentiate between these (they are two different connection streams) and route traffic to the appropriate sender/receiver for that stream.
If you run the server bound to IP 127.0.0.1 you are not opening it to the network, only your own computer will be able to connect to it, acessing 127.0.0.1 (loopback IP address).
To open this server to the network, you must do one of the two things:
Bind it to the IP 0.0.0.0 so it will be acessible from all networks;
Bind it to a specific network IP address so that it will be available to that network only.
Its common practice to just bind it to 0.0.0.0, its easier.
Once its done, you will be able to connect from other computers to the server running on computer A, however, not through IP 127.0.0.1. Thats the loopback address and can only be used by a computer to connect to itself.
Computer A can use the IP 127.0.0.1 to connect to the server since the server is running on it, but other network computers will have to specify computer A's network IP address.
You can find your IP address on the network adapter details, or running the command ipconfig /all on a command prompt (Windows) or ifconfig (Linux).
Running on a Linux system, getting UDP packets from another computer address to let's say 192.168.0.2 from another address let's say 192.168.166.66, I can see the UDP packets coming in with tcpdump. However, if I use netcat I don't actually receive the packets.
If I create an interface on 192.168.166.XXX network, then netcat is able to receive the packets no problem.
What basic networking concept am I missing? Why do I need to have an interface on the network of the sending IP when I can see with tcpdump that they are being delivered correctly?
tcpdump per default puts the interface into promiscious mode, which lets you see all the packets arriving at your network interface. But, your operating system only processes packets destined for the local system, e.g. either having the local or a broadcast address as destination.
The final solution to this problem was to disable Reverse Path Forwarding (RPF) on the interface. There are security implications here, but after careful review this was the correct path forward in this particular case.
RPF was turned off by modifying /etc/sysctl.conf:
net.ipv4.conf.eth0.rp_filter=0
Some more information on RPF:
Wikipedia - Reverse path forwarding
Linux kernel rp_filter settings
I want to estabilish TCP connection over the internet between 2 computers which are in different local networks(wifi).
I have looked for description of TCP protocol, esspecially the structure of TCP header: http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Checksum_computation
I assumed from that data that only: Source address(global ip), Destination address(global ip), Source port, Destination port are needed.
But how router in recipient's local network will know which computer in this network is recpient without MAC address or local ip address?
So the question: Is MAC address is needed to estabilish connection?
No, MAC addresses are not needed for that.
What you´re asking is called port forwarding:
The router of the server side must be configured that way
that incoming connections on port x are connected to local PC y.
(This could maybe be automated with UPNP, depends on the router etc.)
At the client side, after the client send something to the server,
the router "remembers" where to forward the incoming answer
So right now I'm using only TCP for my clients - they connect to the server, open socket and freely getting packets.
But what if I will decide to use also UDP in my game? Will they gonna have to open ports? For example, if they are using a regular WiFi, can I send UDP to the client without having opening ports problem?
Thanks.
TCP and UDP are just two examples of transport layer implementations. Both of them are using term 'port' to determine which app should receive incoming packet, but they could be routed/filtered differently by routers/switches/firewalls/etc.
So the answer is no. You will have similar problems with opening ports. Just except 'TCP port xxx should be opened' you have to demand 'UDP port xxx should be opened'.
In most home networks firewall rules allow outgoing packets (requests) to any remote port (on your server for example, where this port should be opened). And when such a packet goes through a router - it creates temporary rule to allow answers come back to the local port from which request packet.
So, normal scenario is like that:
Packet originated from home computer with IP 5.5.5.5. Lets say it has source UDP port 55555, source IP address 5.5.5.5 and destination port 8888.
Packet reaches home router. As it is going from inside - router allows it to pass through and creates rule say for 2 minutes to allow packets targeted to 5.5.5.5 to UDP port 55555.
Packet reaches corporate router before your server. It has rule to pass packets for port 8888 so packet is allowed to go.
Your server receives the packet and processes it. In response it creates packet for IP 5.5.5.5 and UDP port 55555.
Corporate router allows response to go.
Home router allows response to go according to temporary rule.
Your computer receives the response.
Corporate computers and routers often more restrictive to ensure security, so second point could restrict packet if your user (IP 5.5.5.5) is in corporate network.
It is very simplified as in reality there's almost always things like NAT and rules are more complex... But in general it gives the idea how it works internally.