Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last year.
Improve this question
I deal with design of peer to peer communication between mobile unit and user phone. Mobile unit is targeted into cars, so it is possible that it could be connected to many various ISPs. It can be also expected that the clients will be often disconnects. I need to find best solution in NAT traversal techniques, which is applicable in conditions of mobile network, which are little different than the usual networks as WiFi. I search for often used techniques and found a many different practices, such as TCP or UDP Hole Punching, NUTSS, NATBLASTER, NatTrav or official protocols such as STUN or ICE.
Could anyone advise me tried and proven technique under similar conditions?
Thank you very much
To achieve peer to peer(P2P) or relay connectivity you need to implement a protocol called ICE. This protocol allows you the ability of 100% NAT traversal. This is the best solution currently exist. You need to have STUN/TURN server as well.
With even the best solution ICE, you will not get 100% P2P connectivity between peers. Some connection will be established through a relay server called TURN. This depends on the type of NATs the peers are behind.
TCP or UDP Hole Punching is a special technique to allow some connection which normally would have been relay to be P2P. There are other techniques like that but those come after you implement ICE and have STUN/TURN server.
There are lots of open source STUN/TURN server and some companies provides solution for ICE. Some companies provide the whole NAT traversal solution providing ICE implementation and STUN/TURN server support.
Other than TURN, you can also try UDP multi-hole punching, although it may be "too unreliable to be worth the hassle"
https://drive.google.com/file/d/0B1IimJ20gG0SY2NvaE4wRVVMbG8/view?usp=sharing
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Obviously TCP/UDP are supported in Windows but are there any other transport protocols? I know that SCTP and DCCP exist but cant seem to find any reference to them with regards to their support in Windows OSes and only managed to find third party drivers but none seem to be past Windows 7. Is the lack of support due to lack of use or another reason?
mostly used traport layer network protocols are tcp and udp yes
TCP (1981), UDP (1980)
Stream Control Transmission Protocol aka SCTP (2007) combines TCP and UDP, reliable as tcp, uses datagrams like in UDP and supports multiple parallel streams of chunks
SCTP RFC4960
Datagram Congestion Control Protocol aka DCCP (2006) provides bidirectional unicast connections of congestion-controlled unreliable datagrams.
DCCP RFC4340
Edit: the following is the conclusion of a paper written while back
Adding multihoming and mobility support to Internet transport
protocols changes the environment in which transport-layer security
mechanisms operate. This may cause non-cryptographic security
mechanisms, such as TCP sequence numbers and SCTP verification tags,
to break. The attacker may be able to spoof data and signaling
messages and hijack connections. Dynamic multi-addressing also gives
raise to new types of attacks such as address squatting, redirection
of data from a server to the target of a bombing attack, and
connection forwarding. In this paper, we describe a number of such
attacks against SCTP and suggest low-cost changes to the protocol
specification and implementations. Several SCTP implementations were
found to be vulnerable to all or most of the attacks described in this
paper. Table 1 summarizes the main protocol weaknesses, attacks and
solutions and how they relate to each other. (Some attacks depend on
multiple vulnerabilities, which is indicated by multiple crosses in
the column. We have also marked the changes that should be made
immediately to the implementations.) The lessons from our security
analysis apply to other transport protocols and to practically any
multihoming or mobility solution that uses end-to-end signaling.
you can find the paper here
I will not claim a prize, but I would like to share my experience in the field of network packages. I recently started learning the Scapy tool written in Python. With the help of this tool, I was able to more clearly and clearly understand the work of network packets and, moreover, understand how they work and are supported. This tool helped me a lot. Maybe he will give you some answers to your questions.
>>> ls(SCTP)
sport : ShortField = (None)
dport : ShortField = (None)
tag : XIntField = (None)
chksum : XIntField = (None)
>>> a=SCTP()
>>> a.show()
###[ SCTP ]###
sport= None
dport= None
tag= None
chksum= None
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
Unsure if this is the correct place for this kind of question (Server Fault is for administrators) but I'm looking for examples of (networking) protocols and standards that leverage the huge IPv6 address space towards some specific benefits.
Reason is I'm writing a paper about something that does this and I'm searching for stuff to compare it to, but I'm coming up empty even though I'm sure some have to do so.
Probably not completely on topic here, but I'm going to answer it anyway because it might help software developers to learn what possibilities there are when developing for IPv6.
Because most protocols and applications still want to be compatible with IPv4 there aren't that many protocols that use this wonderful feature of IPv6. Most of the ones that do are IPv6-only by nature.
The first one is of course IPv6 Stateless Address Autoconfiguration often abbreviated to SLAAC. Having so many addresses available makes self-assignment of addresses so much easier.
Building on that is SEcure Neighbor Discovery (SEND) with Cryptographically Generated Addresses (CGA) which uses public key cryptography and derives the last 64 bits of the IPv6 address from the fingerprint of that public key. Because the node can create a signature with the private key that matches the public key it can prove that it is the legitimate holder of that IPv6 address. Unfortunately there are no implementations for the most common operating systems so this feature is largely unused.
And another one is the IPv6 Battleships game. It uses IPv6 addresses to encode the coordinates in the game and by sending a ping the opponent can determine of there is a ship at a certain location (address) or not. The game was written in a competition on World IPv6 Day at the IPv6 event in The Netherlands.
It has significant advantages for large Cloud deployments. For instance, Faceebook has reported 90% of its internal traffic is IPv6 (https://t.co/PPHBkUPTdt) because this way is similar to private IPv4 but serves better to v6 native customers (in the same report they claim v6 mobiles surf 30%-40% quicker than v4 ones). Also Openstack has finally added almost-full v6 support for Juno version.
Additionally, the IoT field (when it is really IoT, I mean IP devices) is an excellent field of application. Normally, devices will use either IPv6 (when powerful enough) or 6LowPAN (an reduced IPv6 for sensor networks and supported well in OS like TinyOS, ContikiOS, mbedOS, etc).
It might be also useful for WebRTC-like applications as long as IPv6 peers would normally connect better (firewalls vs NATs seem to behave or be more easily configured).
However, with the massive deployment that has started in 2015 (in USA 17% of all traffic to Google is v6, Germany traffic to Google is 14%, all Internet traffic to Google is 7% IPv6 today) any Internet product of service has to migrate or will lose competitiveness soon.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I've noticed that my employer blocks outgoing traffic on a few problematic ports, such as SSH. It looks like a timeout to every application being blocked. Why isn't this implemented by refusing the connection? Is this simply that the SYN doesn't make it to the destination? I'm trying to make a list of ports that I am sure are blocked and I'm thinking perhaps I can just port scan a known host outside of the network, such as my VPS.
Are these statements true for most implementations?
If the connection is refused or accepted, then the port is open
through the firewall.
If the connection times out but the host
certainly exists and doesn't have any kernel-level features turned on
to make it look like it doesn't exist, then the firewall is blocking
it.
Your firewall may block/allow depending on IP address as well, so the port alone doesn't say anything.
If the connection is accepted, it doesn't mean the firewall isn't blocking, it might just mean the firewall redirects it elsewhere. For example, redirect all traffic to port 80 outside your organization to some "you can't get there from here" webpage.
If the connection times out, it may have lots of reasons, one of them being the firewall, but it might also be your DSL line is down, or routing is misconfigured somewhere, or just about anything that can go wrong on the network.
Even if the connection is accepted AND connects the correct target (your VPS), it might have been redirected to a transparent proxy.
Think twice about the port scan. If the network people of your company manage their network well, they will detect the port scan, and you'll have to answer some embarrasing questions to them.
It's a security consideration. Sending a reset (refusing the connection) indicates that the resource exists, which is itself an information leak. Sending nothing reveals nothing, leaks nothing: it is indistinguishable from the case where the entire host doesn't exist. There was one firewall product in the 1990s that sent resets, which was considered poor practice.
I'm away from my library at the moment but I'll provide more details on Monday.
You can profile what outbound ports are blocked with Firebind.
Check out scanme.firebind.com
It uses a custom client/server solution to specifically enumerate firewall rules.
Dave
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
So i started to learn tcp/ip protocol stack. But in all sources tcp protocol is described too blurry. The main think i want to know how actually tcp protocol programly implemented. how applyed protocols communicate with tcp protocol. what is interface of this communication. For now i think that applied protocols are implemented directly in applied program: lets say browser implement HTTP protocol and this protocol communicate with centralized implementation of tcp protocol which is implemented in OS. IS it correct i have lack of sources from which i can learn this.please recomend me something to read.
Note: while your question is leaning towards being broad, I am answering it since I think that it is a good introductory question.
TCP is a layer-4 (or transports layer) protocol. Network applications sit on top of it (and other layer-4 protocols like UDP). Applications can interface with Layer-4 protocols via a socket interface (http://linux.die.net/man/7/socket). HTTP is also an application that runs on top of TCP and would be using the socket interface. Besides HTTP, there many other famous applications that run on top of TCP, like Telnet, BGP, etc.
One of the best book to understand basics of TCP and options would be "TCP/IP Illustrated, Vol. 1: The Protocols" by Richard Stevens. It talks about how TCP works and various options. Here is a link: http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469
Once you have read that, you probably should read the RFC itself: http://www.ietf.org/rfc/rfc793.txt
For details of implementation, you can read its second volume: "TCP/IP Illustrated: The Implementation, Vol. 2". Here is a link: http://www.amazon.com/TCP-IP-Illustrated-Implementation-Vol/dp/020163354X . While this books talks about BSD implementation -- it should still help you understand the basic mechanics of how TCP implementation works.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've recently become aware that there's a distinction between IP multicasting (which apparently doesn't work that well on the public internet) and application multicasting (which is apparently used in IRC and PSYC, per http://en.wikipedia.org/wiki/Multicast).
Is there a good tutorial on implementing application-level multicasting?
I thought the whole point of multicast was to reduce bandwidth for common network segments, so it's hard for me to understand what application-level multicast does.
The purpose of IP level multicasting is to reduce bandwidth for common network segments where many users wish to receive the same traffic. It's usually limited to one particular subnet and an IP router won't propagate the multicast beyond the subnet. This is done for scalability reasons - it wouldn't be a good idea to allow one host to originate multicast packets which are propagated to every IP address on the internet.
There are different ways to think of "application level" multicasting. One approach is to build a multicast tree using the host computers participating in the multicast. Dijkstra's algorithm could be used to do this (Wikipedia has a reasonable description of this). However, maintaining the list of participating computers - and keeping the tree up to date - can be a fair amount of work if hosts are joining and leaving the network at a substantial rate. And you probably don't have a good estimate of hop cost available at the application level.
Another approach you should review is the flooding algorithm used in the Gnutella network's query routing protocol. (Wikipedia also has a good description of this.) This approach alleviates the need to build a multicast tree, but it has the downside of generating more network traffic. In fact, a LOT more network traffic, as the traffic grows with the square of the number of nodes, i.e. O(n**2).
Another example of application multicasting is using JGroups in Amazon EC2 or Google App Engine as they do not support IP multicast but developers want to use multicasting functionality.