When using TCP/IP Sockets (IPv4) for sending data from one to another device I can only access devices over their private IP address within my own WiFi. I can not send TCPs to public IP addresses because the NAT (Network Address Translation) rejects them or struggles translating into private IPs.
But with IPv6 every device gets it's own public IP. I suppose there are no private IPs then, are there? So there should not be problems with the NAT such as symmetric NAT because there will be no need of NAT.
Assuming both devices support IPv6 and know their IPv6 addresses: can I send data directly from one to the other device?
But with IPv6 every device gets it's own public IP. I suppose there are no private IPs then, are there?
Not all IPv6 addresses are public. There are loopback addresses, link-local addresses, local addresses ... - see IPv6 - Special Addresses. Devices usually have multiple IPv6 addresses (i.e. loopback, link-local, ...), but there is no guarantee that they have a global IPv6 address. This depends a lot on the network setup.
can I send data directly from one to the other device?
If both devices have a public IP, you can send data from one to the other. Only, it might not be received by the other device since firewalls deny such traffic. It is actually pretty common that a SoHo router, at least by default, doesn't allow initiating IPv6 connections from outside. Corporate firewalls also usually deny this. There might be firewalls on the device itself, too. And so on.
Related
I'm writting a simple network sniffer that should be able to reconstruct network structure.
When an interface has set up a DHCP, I can easily read interface settings such as client IP address, subnet mask, DNS server etc. by catching a DHCP packet and analysing it.
When an interface has a static IP, I'm catching ARP Announcement packet to get static IP address and then ARP request from the gateway, to get geteway IP address. I'm also saving MAC addresses.
My problem is: how to get subnet mask from one or more static IPs in the network and the gateway address. Or by caching some packets. I didn't see packets that could have such informations.
I also need DNS address, but it's less important.
The program should work in OpenWRT (C++).
My problem is: how to get subnet mask from one or more static IPs in the network and the gateway address.
Possibly, you can't.
If the sniffed network uses DHCP then you can monitor the DHCP requests (which should be broadcast) for their subnet mask and router fields which mirror the server's offer.
Without DHCP, all you can do is take an educated guess. If your passive sniffer registers broadcasts from addresses 192.168.1.1 through 192.168.1.29, you know that the prefix length is at most /27. It could also be anything shorter, down to /16, with potential addresses being (currently) absent or silent. The prefix could be even short than /16 if the network admin is ignoring RFC 1918. With public addresses you're mostly on your own.
If you can scan actively you could send ARP requests and see which ones get answered - you'd also see nodes that don't originate any traffic/broadcasts.
The gateway is also just a guess. In a network with mostly Internet-bound traffic, the default gateway is most likely the one being ARPed most often. If the network traffic is mostly server-centric, ARP requests for their addresses outnumber the ones for any gateway.
Your sniffer is severely limited when it is just attached to a switch and listening to broadcast packets only. If the sniffer manages to listen to all traffic on the network (via a monitoring/mirroring switch port) then you can easily identify the gateway by its MAC address that packets for arbitrary IP addresses is sent to and vice versa.
As above, if you can actively send probe packets you could test the gateway(s) with packets that they accept (and hopefully forward) and which ones they reject.
I am facing a very strange problem. I have a task to establish a TCP connection to a server who has a trusted IP. And I have to run the code in a host with private IP address. The trusted IP is 10.10.10.15, which is also a private IP. And the question arises that the IP address of my host and the trusted IP is not on the same network. To be specific, my IP address is 10.0.35.1/24. Please let me know if there is any solution to this problem
Presumably these subnets, i.e. 10.10.10.0/24 (?) and 10.0.35.0/24, are part of your local network. You will need a Layer 3 device to perform inter-VLAN routing.
This will be a router with Layer 3 VLAN interfaces, in the Cisco world they would be SVIs, that would be acting as the default gateway of the subnets in your network. What happens is all traffic that needs to go between two hosts between different networks, has to go through their default gateway and it will be routed to the destination network/VLAN.
As long as the network devices between the two clients are able to route packets between these networks, the hosts will be able to reach each other. In your code, you simply need to specify that these packets need to go to the private IP address of the other host.
What's the difference between these 2 local ip addresses? In terms of pro's , con's and usage?
Those a simply two separate IPv4 addresses.
The 172.0.0.1 address is a public address which should not be used unless you have been assigned the address block containing it by an RIR or your ISP (which was assigned the address block containing it).
The 192.168.0.1 address is a private address which anyone may use in a private network. This address cannot be routed on the public Internet.
I suppose you are talking about 172.16.0.0 because it makes no sense to compare 172.0.0.0 with 192.168.0.0 because 172.0.0.0 is a public IP address.
If you are talking about 172.16.0.0 instead of 172.0.0.0, then... both are private IP address. They are defined in the RFC1918
There is a good overview at the Wikipedia page but the main difference is the size of the segment.
The address 172.0.0.1 is not a local address, it is a web address.
If you instead meant 127.0.0.1 this is what is refereed to as the "Loop back" IP, and is often referred to as localhost. Connections to this IP target the computer of origin, and are intercepted by the network card in your computer and fed back into the same computer.
192.168.0.1 is an IP on your local network, this may or may not be your computer. This address is assigned by your DHCP server on your local network (usualy running on the router) and is subject to change unless you have configured your DHCP server to make it static
Which to use?
172.0.0.1 Use when you are trying to connect to a website/remote computer at that IP (most likely not you)
192.168.0.1 Use when you are trying to connect a computer/device on your local network that you know will be at 192.168.0.1
127.0.0.1 or localhost Use when you are trying to connect to a port on the same computer you are already on
Working on Cisco ASA 5510 device I tried to use the broadcast IP address of a Public Network for NAT Static configuration and IOS allowed me to do it, but from outside it didn't work. After a while I changed the broadcast IP to an usable IP and it started to work.
I understand that on a physical interface we can't configured a broadcast IP address, but for NAT we have to do it, otherwise we loose many Public IP addresses from networks with /29 prefix.
I understand you need to squeeze one more IP address for you to use, however most routers don't support forwarding broadcast traffic, for a simple fact, if that is allowed, anyone can send a ping to someone's broadcast address and every host in that subnet has to reply, that is not acceptable.
Other Internet routers may not tell that IP address is broadcast or not, but think about your ISP router for your access circuit, it has to know that IP address is a broadcast, it has to know your ip range in order to set it up. And when someone send you a ping, the router will say: hey, that is a broadcast address on my client's interface, first thing I know as a router, I must not forward a broadcast, thus drop it.
Hope it helps.
I have a ipv4 client/server network application written in Qt (v4), which i have to port it in ipv6 (actually the client porting is the most important one), creating in this way a dual-stack ipv4 & ipv6 application.
i do not have any ipv6 network available so as to perform any tests.
i tried the following but with no success:
find a tool that make ipv6 validation: there are not many, usually poorly documented and usually for C language
create a local ipv6 network environment
any ideas?
Definitely create a local IPv6 network environment. A lot of things work the same in IPv6 as in IPv4, but a lot of other things are different. When developing applications that use IPv6 you should have some hands-on experience. You wouldn't expect someone who has never used IP to develop an application that uses IPv4, would you?
Some key differences:
IPv6 addresses are written in hexadecimal
IPv6 hosts will probably have multiple addresses
An IPv6 address that starts with fe80:This is the link-local address. Every IPv6 hosts has one for every interface it has. Link-local addresses exist on every link (ethernet segment, LAN) and they use the same address range on each LAN. It is therefore impossible to route them, but they are very useful when communicating only within the LAN.
One or more IPv6 addresses that start with something in the range 2000: - 3fff:These addresses are the globally routable addresses that you use for normal internet communication.
Zero or more IPv6 addresses that start with something in the range fc00: - fdff:These are Unique Local Addresses (ULA). They are routed within the house, building, organisation etc. They are not routed to the global internet so you cannot reach public services with them.
And of course maybe one or more IPv4 addresses
NAT is (almost) never used with IPv6. ULA addresses are not NATed to a public address.
The best way to get experience is to use an IPv6 connection that is connected to the real IPv6 internet. If your ISP cannot provide you with IPv6 (they should these days, but many ISPs are still slacking) you can use a tunnel broker service like SixXS or Hurricane Electric. They will give you an IPv6-over-IPv4 tunnel with a /48 of addresses. That is enough for 65536 subnets of 2^64 hosts. More than enough for a development network :-) SixXS has the benefit that they provide client software that can run behind a NAT router. Hurricane Electric has the benefit that the registration procedures are much easier.