ngrok: tcp forwarding to 25565 (minecraft server) - ngrok

When i try to use ./ngrok tcp 25565 the region goes to the default (us) one and it forwards the port (x.xxx.ngrok.io:xxxxx).
So i changed the region to the one closest to my country which is asia so i used the command
./ngrok tcp -region=ap 25565. it starts the tcp on the said region but it doesnt forward the port (instead of x.xxx.ngrok.io:xxxxx i get x.xxx.ngrok.io:xx)
this is what happens when i run it
Im not aware if having a 2 digit port is the same as having a 5 digit port but what i used this on is a minecraft server and the only ip that worked was the (x.xxx.ngrok.io:xxxxx) one.

One guess: your terminal window is a fixed width and it is cutting off the port number.
In particular when you include region, the hostname becomes 3 characters longer than the usual: x.tcp.xx.ngrok.io vs x.tcp.ngrok.io, which fits the fact that you are seeing a port number that is 3 digits shorter than usual.
To get the right address, you have a couple options:
Check your existing tunnel's address would be to look at ngrok's web inspection interface that runs at http://localhost:4040.
Check the ngrok web dashboard for online tunnels here: https://dashboard.ngrok.com/endpoints/status.
Port numbers for ngrok TCP addresses are always 5 digits.

Related

Traceroute number of hops changes depending on the tcp port used

I use Nmap to traceroute some websites as follows
nmap -Pn --traceroute 108.177.127.103
I notice that the result varies depending on the used TCP port. So, when I use port 25 instead of port 80, it gives different results.
The weird thing is that the routing process should take place in the 3rd layer. The routing process should not depend on the TCP ports.
My first thought was that something is wrong with Nmap. But, when I used Wireshark to sniff the packets. I found the ICMP responses, they perfectly align with what Nmap is giving.
Then, I used windows command line as follows
tracert 108.177.127.103
I got a completely different result (it gave 24 hops, in nmap there were only 9 hops).
Again, I used Wireshark to see what was sent and received and they all perfectly fine. However, cmd tracert uses ping requests, it doesn't use TCP protocol.
What's worse is that in some cases, the traced routers IPs are all private. Even though, the target IP address is not even in my country!
This is one of the Nmap traceroutes on 162.121.211.20 port 25:
192.168.1.1 (192.168.1.1)
host-197.43.213.1.tedata.net (197.43.213.1)
10.45.3.49 (10.45.3.49)
10.38.6.30 (10.38.6.30)
10.38.7.81 (10.38.7.81)
10.37.87.141 (10.37.87.141)
10.37.22.190 (10.37.22.190)
10.37.242.170 (10.37.242.170)
162.121.211.20
Can anyone explain to me what's going on please ?!
In practice some routing decisions can depend on the upper layers.
For instance if an ISP provides anti-virus, content filtering, or proxying/content-distribution services, then it might send HTTP traffic to some special equipment to provide these services.
Port 25 (SMTP) traffic might be redirected to some anti-spam filters.
Various "low priority" traffic (the definition of which can vary) might be sent through other paths than "high priority" traffic. Classic examples are VoIP or gaming traffic being prioritized over BitTorrent.
This is part of what Net Neutrality is all about.

One Port has 2 status (established and listen), how can it happen?

I'm monitoring my server's port assignment and found a strange thing...
I used IBM Websphere Liberty and found that one port has 2 status(listening and established...), that's odd...
10318 is my listening port for this liberty server...But it has 2 status...
So could anyone can explain to me about this?
I thought that one port can only has one status at one time...
Thanks so much!
Notice the connection number is different between the listener and established sockets. As long as the combination of the 4 numbers of local port and socket and foreign port and socket is unique, you can establish multiple sockets, ie in your netstat output, 9.20.4.125..3305 can't establish another connection to 9.20.4.125..10318.

Port number concepts?

I am trying to understand the concept of port number. As much as I know it identifies a specific process or a network service.
Can anyone give me a real life example. So, it could be easier to understand.
Some doubts that I currently have-
I heard, there are 65536 ports. Does, that mean, a system can identify 65536 processes simultaneously?
I have seen that some ports are reserve for some specific service. So, does it mean, it can't be used for any other service?
What is the command to know which port numbers are free or to use?
What is the command to know which port numbers are not free and what are they used for?
If I try to access a system through remote desktop from my computer, it asks for a port number. What should I mention?
If possible please share a link. I am currently getting confused with too much technical theory. Thank you!!!
I heard, there are 65536 ports.
You heard wrong. There are 65535: 1 .. 65535. Zero is not a valid port number.
Does, that mean, a system can identify 65536 processes simultaneously?
It means a system can identify 65535 ports simultaneously.
I have seen that some ports are reserve for some specific service. So, does it mean, it can't be used for any other service?
That is the meaning of the word 'reserve'.
What is the command to know which port numbers are free or to use?
It isn't a command. It is either a search at the IETF website for reserved ports or the use of the number zero, which means the next available port.
What is the command to know which port numbers are not free and what are they used for?
It isn't necessarily a command. It is a search at the IETF website for reserved ports, or the netstat command for ports actively in use on the localhost.
If I try to access a system through remote desktop from my computer, it asks for a port number. What should I mention?
The port number that you're trying to connect to in the remote system.
Here is more clarification:
I heard, there are 65536 ports.
A port is 16 bit i.e. 2^16 =65536 so right
"Port Zero does not officially exist. It is defined as an invalid port number. But valid Internet packets can be formed and sent over the wire to and from port 0 just as with any other ports." https://www.grc.com/port_0.htm
Does, that mean, a system can identify 65536 processes simultaneously?
You do not care about a system, you care about an IP. For every Ip you can use 65536 processes simultaneously.
I have seen that some ports are reserve for some specific service. So, does it mean, it can't be used for any other service?
Of course, otherwise there will be a port conflict.
What is the command to know which port numbers are free or to use?
Refer my post here https://stackoverflow.com/a/54760498/2197108
Netstat: in Linux and Windows displays connections and ports
What is the command to know which port numbers are not free and what are they used for?
It should be clear now
If I try to access a system through remote desktop from my computer, it asks for a port number. What should I mention?
Remote desktop asks for IP address of the remote machine. However, it may ask for user credentials of the remote machine.
In case it asks for IP and Port it means IP and Port of the remote desktop software (server) in the remote machine.

there is a limitation of client socket connection

I made a tcp/ip echo server by using kqueue on a unix(OSX) machine.It desinged to open 100 tcp/ip ports and accept 4000 clients per port.I made about 230,000 connections by using 15 another machines. ( 4000 conn per single process, and 4 process per box)
It seems that the server could accept more than that but the problem was the client side.There is a limitation to make much connections. Such as Windows XP - 3000, Windows7 & Unix - 16384 ..
Is the limitation right ? did I wrong ? I want to make as much connections as I can on a single client, such as 500,000 / Machine.
How could I overcome ?
You can configure multiple IPv4 address on the client machine. Process that runs on client should receive source IP address as parameter, and bind connect socket to it. So with 10 IP addresses you can easily reach 400000 connections.
I want to make as much connections as I can on a single client, such as 500,000 / Machine.
You can't. A TCP connection is identified by the tuple {protocol, source address, source port, target address, target port}. Four of these five elements are fixed. The remaining element, source port, can only have 65535 distinct values at the most, as a port number has 16 bits and cannot be zero.
So your expectation of 500,000 connnections to the same client is over-optimistic by a factor of about 10.

Find out which client makes the network slow

We have about 30 clients connected to a single cable-modem/router (Fritzbox 6360). Some clients also connect to a TP-Link W-LAN Router which is also connected to the cable modem.
Sometimes the internet is very slow and we can see an continous upstream (6 MBit/s). Unfortunately we can not see which clients cause that traffic. The Fritz Box provides a functionality to capture network traffic and then analyze it with Wireshark.
Following interfaces can be captured by the cable modem:
Internet connection
Interface 0 ('internet')
Routing interface
Network interfaces
tunl0
cni0
lbr0
wan0
eth0
lan
erouter0
esafe0
And there is an option to launch DTrace (default parameters are)
-D -s -m -i256 -dect -dlc -c1 -c2 -c3 -c4 -c5 -nt3 -d2 -d3
We already captured different interfaces and tried to understand the data with Wireshark but without much success. What would be right way to see which Client is uploading Data at the moment?
In Wireshark, to get a list of IP addresses and what percentage of the trace each of the IP Addresses are taking up, go to Statistics->IP Addresses.. and click "Create Stat" in the box that pops up while leaving the the "Filter" option blank. You should be able to figure out which of your client ip is hogging up the most bandwidth with this.
For a visual comparison, click "Statistics->IO Graph", and in the second filter next to Graph 2, type "ip.src == x.x.x.x" (where x.x.x.x is the ip address of the uploader you suspect is taking up the most bandwidth) and click "Graph 2". This will give you a packets vs time graph. You can also filter out other ip addresses as well to display simultaneously in the same graph for comparison.
Edit: I would also suggest keeping an eye out for IPv6 addresses.

Resources