I have 2 computers behind NAT.
To make a connection between them I use an UDP hole punching protocol.
It works.
Now I want to send files by this tunnel. I guess I must have a TCP tunnel between those 2 computers.
Both firewall DENY all TCP trafic.
Is it possible ?
If not, is there any other solution ? How does Skype sends files by this UDP Tunnel ?
You can use UDT protocol for file transfer after it gets hole punched. UDT is made on top of UDP. It has the reliability of TCP and fastness of UDP.
UDT has an open source implementation.
http://udt.sourceforge.net
Related
I am debugging some code which is using UDP communications.
My CLIENT is behind a NAT and a Firewall.
My Server is an AWS machine on which I opened said UDP ports.
However, part of this protocol involves the server answering my client. Which I expected not to work (NAT & Firewall). To my surprise, my client is recieving packets from the server!
How is this possible? I mean, TCP (over UDP) has a concept of a connection, so I guess that the NATs and routers can associate an incomming UDP packet as a reply to an egress connection. But how (and why) does this work for a pure UDP protocol? Would my NAT/Firewall let in random UDP into my client machine?
How is this possible?
That's how NAT works. You wrote that the server is answering you client. That means that the client initiated the conversation. It doesn't matter that you're using UDP and not TCP. The NAT device still creates an appropriate mapping to let answers trough. Otherwise all UDP would have been broken behind NAT.
I mean, TCP (over UDP) has a concept of a connection, so I guess that
the NATs and routers can associate an incomming UDP packet as a reply
to an egress connection. But how (and why) does this work for a pure
UDP protocol?
The fact that UDP isn't connection-oriented is irrelevant. Sure, TCP has the concept of sessions, but both have port numbers and that's really all the NAT needs.
Would my NAT/Firewall let in random UDP into my client machine?
It's not "some random UDP". It's a UDP segment from the same IP and port number that the client sent something to.
I am using wireshark, and for an exercise we need to capture a UDP packet with wireshark by visiting any website, and then analyze the information within that packet.
I have tried numerous times and all websites appear to send packets with TCP protocol. I have looked at Wireshark documentation, as well as looked online and am stumped.
What am I doing wrong, and how can I get a UDP packet by visiting a website?
Thats the main question. A side question is: how do I filter the captured packets to only those packets referring to requests and responses from websites over the network? Currently there appear to be a bunch of low-level captured packets that I need to scroll through.
Thanks in advance!
Because websockets/HTTP is over TCP.
And in Wireshark,if you are intending to see packets corresponding to a particular client/server, click on the packet and do "Follow TCP/UDP stream"
You will never see a UDP packet in a WEB connection. Never never never. The Web's connection is in HTTP protocol and HTTP is encapsulated in TCP.
If you need see UDP packets en wireshark you can generate UDP sockets from your host. You can:
Make a connection with a TFTP server.
Renew your IP you will see the DHCP protocol.
You search, what protocols are encapsulated in UDP and use it.
Make a program with UDP sokects.
Consider a phone which is connected to wifi with phones A, address as Dynamic Ip ex:192.168.0.34 and its listening over a server socket at port 7567, In what way can i connect to that socket using any programming language if i have another phone B to connect that which is on public ip say 10.0.0.56 and i have the wifi router ip say ex 55.56.89.76 ?
It is not possible to connect directly to a client behind a NAT if you don't use port forwarding. But there is a technique called hole punching to open a port thrue a NAT.
From Wikipedia:
Hole punching is a computer networking technique for establishing communications between two parties in separate organizations who are both behind restrictive firewalls. Used for applications such as online gaming, P2P and VoIP, both clients establish a connection with an unrestricted third-party server that uncovers external and internal address information for them. Since each client initiated the request to the server, the server knows their IP addresses and port numbers assigned for that session, which it shares one to the other. Having valid port numbers causes the firewalls to accept the incoming packets from each side. ICMP hole punching, UDP hole punching and TCP hole punching respectively use Internet Control Message, User Datagram and Transmission Control Protocols. Using TCP nefarious hole punching, it's possible to send compressed SYN packets through into a common ACK path. Numerous software does this.
See also the questions related to this topic.
If i established openvpn connection through udp(proto udp), can i use tcp in it(tcp convert to udp somehow), or only udp?
In short: Yes, you can send TCP through an VPN-Tunnel which is transported via UDP.
In fact you can tunnel any protocol support by OpenVPN no matter what transport you choose.
You can use any protocol you like, even raw IP. OpenVPN simulates a fully-fledged network device (to some extend – whether it's based on the Ethernet or the IP layer depends on configuration) which behaves like any other network adapter. So you can of course use TCP and UDP in it.
The packages sent via the OpenVPN devices are encrypted and passed through the UDP “connection” used by OpenVPN to the remote side, where they're decrypted and passed on to routing to forward them to their final destination (which might be the remote itself).
Using stun I will get my external ip/port and NAT type.
On my middle server (public ip), I will register peers external ip/ports (Now server knows peer 1's and 2's external ip/port).
Exchange the ip/port (peer 1 will get to know the peer 2's ip/port).
Simultaneously make connect() call from both the peers.
Is it the right flow?
Your algorithm is correct for UDP. Take a look at these posts for more information:
TCP Hole Punch (NAT Traversal) Library or something?
UDP Hole Punching
TCP Hole Punching