I built a simple utility for Warcraft III that allows users to join remotely hosted games just as if they were accessible in their LAN. Its idea is pretty straightforward:
Players A and B want to play. They set up port forwarding on their routers, launch my utility and exchange their external IP addresses.
Players then enter each others' IP addresses in my utility and one of the players creates a Warcraft III game.
My utility uses the Warcraft III packet format to query its local machine for any hosted Warcraft III games. If it receives a response (with game information), it simply forwards it to every IP on the list.
Due to port forwarding, the packet (datagram, to be more specific) reaches the other Warcraft III instance and so the other user is now able to see his friend's game, as well as join it.
It works very well. However, it still requires users to set port forwarding and here's my question - what would be the best approach to avoid it?
I've been thinking about UPnP / NAT-PMP but that's mostly useful when it is my application that is listening. In this case, I only notify Warcraft III on the other end that there's a game on my machine. But can I create a port mapping for another application?
I'm surely missing something out, so I'd be glad if someone could point me in the right direction.
Related
Well the situation may seem to be complex but here it is.
I have a computer X. It is connected to gateway 1. Another computer Y is connected to gateway 2. Gateway 1 and 2 are themselves connected to a super gateway G which is connected to Internet.
This is actually the setup of my college network. The college uses a gateway (G) to distribute IPs to hostel rooms (Each room gets one IP). Since I have 2 computer (My PC and my Raspberry Pi (X)), I need to use a network switch (gateway 1) to connect to internet. Similarly my friend in the adjacent room has a network switch which connects his laptop (Y). The Raspberry Pi (X) has LAMP server and the laptop Y wants to access its content. How is this possible? What address should be entered in the web browser? How will the browser know which address does it points to?
Another question is : If I directly connect my laptop to Gateway G, then I have to login first to access the Internet. Can I setup my network switch in such a way that it automatically logs into the Gateway G so that I don't have to login when my computers are connected? My network switch is D-Link model AES-1005A.
First, a switch is not a gateway (router). There is a big difference. Each device you connect to your switch is getting its own IP address from DHCP, else it wouldn't work.
You don't get one IP address per room since that is not how DHCP works, There may be a switch between Router G and your rooms that limits the number of MAC addresses per port. If that is the case, you are out of luck, otherwise your friend should try to connect to the address assigned to your Pi by DHCP.
Network switches only operate at layer-2, so any upper-layer protocols like the login are completely transparent to it, and you cannot have it log in for you. Your Pi may actually need to log in, too, to get an IP address from DHCP.
You seem to be trying to bypass the network policies or security of a network that doesn't belong to you. In many jurisdictions, this is a crime (usually, a felony), so you should tread very carefully.
Also, since this doesn't involve programming, it is actually off-topic here, and you should really ask on Super User.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I want to establish an UDP communication between two peers, say Alice and Bob. Alice is behind a port restricted cone NAT (so that the same internal port gets mapped to the same external port even if the destination is changed), while Bob is behind a symmetric NAT (which means that the external port will change every time a new destination is chosen regardless of the internal port, thus making the external port unpredictable). I have a server in between and I want to make an UDP hole punch.
I implemented the following strategy:
Bob opens a large number of ports and from all of them sends a packet to Alice's external port (he gets to know if through the server).
Alice sends packets to Bob's NAT at random ports until the connection is established.
Having two NATs of those types at hand, I did some experiments. Bob opens 32 ports, and Alice sends 64 packets every 0.1 seconds. The connection is usually established within 1 or 2 seconds, which is more than suitable for my needs.
However, I was wondering if I could get in trouble with some strict NAT routers or firewalls. On example, could it happen that a router won't allow an internal peer to open 32 ports? Or (and this sounds somehow more likely) could it happen that a router that sees a lot of packets incoming on random ports that get dropped will blacklist the ip and drop all its packets for some time? I read that sometimes this could happen in case of a DoS attack but my packet rate is something like 4 to 6 orders of magnitude lighter than a DoS attack.
I am asking about reasonable network configuration: I am pretty sure that in principle it is possible to setup a firewall to behave in that way. I will be targeting mainly users that lie behind standard home connections, so my main target is common internet providers that use NATs.
It's an interesting question.
First of all, I'm not sure anyone has the exact answer you're looking for. Different networks use different equipment and different configuration. Two ISPs can use ten different vendors for their routers, firewalls, NATs, intrusion detection equipment, DPI equipment etc; not to mention the number of possible configurations all of this equipment has.
And while commercial and corporate networks are bad enough, home networks are even worse. Here there are even more vendors selling modems, NAT boxes, and various software that affects network connectivity (such as firewalls and anti-viruses). All of which is in the hands of users who aren't technically savvy that leave it with the default settings, or worse.
Moreover, in both home and commercial networks there might be several layers of NAT. I know of a company that has a NAT for each lab (to isolate it from other labs and the R&D network). Each lab is then connected to the R&D NAT (to isolate it from other departments), which in turn is connected to the company-wide NAT, which, by the way, is also heavily firewalled. Add to that a possible ISP-level (carrier grade) NAT, and you're looking at up to 4 layers of NAT. Hopefully this is an extreme example, but two layers of NAT are quite common nowadays with home NAT and carrier grade NAT.
Given that, how likely it is for a random network to consider this behavior suspicious and limit it? Frankly, I don't know for sure and I don't think anyone else does with a high degree of certainty.
Despite that, my educated guess is that sane default configurations of communication equipment (NATs, routers, etc) should not block such behavior. After all, many applications open several ports; not to mention the fact that the NAT has no way of knowing that the IP sending this traffic isn't itself a NAT device with dozens of computers behind it - each of them with several open ports.
I also guess that simple firewalls should be fine with it as long as UDP itself isn't blocked, and the usage of the various ports is allowed. Firewalls that attempt to block port-scanning, and anti-DDoS equipment, however, might pose a problem as this traffic might seem suspicious to it, so it might depend on the configuration/implementation details of such equipment and software. So unfortunately, the only way to tell how your strategy will behave in the real world it to try it out on a variety of different networks.
Second, I'd like to say a few words about your hole punching strategy. If both Alice and Bob have a shared server, and Alice is behind a cone NAT, I don't see the point in your strategy. A cone NAT is the simplest NAT to overcome. If you want Alice to be able to connect to Bob (which is tricky since he's behind a symmetric NAT), all you really have to do is to get Bob to connect to Alice upon Alice's request.
To do that, both Alice and Bob should always have a long-lasting TCP or UDP connection to the server. The connection shouldn't carry any data for the most part, and should be just kept alive once in a while.
When Alice wants to connect to Bob, it just opens a port (say port X), and connects from that port to the server. The server sees Alice's external port that corresponds to port X - say port Y. At this point, Alice informs the server that she would like Bob to connect to her. Since Bob is connected to the same server, the server informs Bob that it should connect to Alice at at port Y. This should establish a connection between them without the need for any guessing.
I ask myself that for some days now, and couldn't find a clear answer.
Imagine a network with several rooms, each room with it's own (Layer 2) Switch.
Those are then connected in star topology to another switch which is then connected to the router.
All Clients get IPs from the same range, all clients are in the same subnet and in the same VLAN.
Do you know a way how to determine, which client is connected to which switch, without involving the switch. E.g only with technologies and mechanisms taking place on the client.
The goal would be to be able to draw automated maps of the client distribution in the network, but, as I said, without involving the switch (for example access it's API or somethign like that).
Regards
Me
I am afraid that you are right: In general, in a "normal" Network (which means: In a Network with just Standard Switches and Routers), there is no way to do so.
Only if the Switches were managed, you could write a script which polls the arp-tables from the Switches, but of course this doesn't work with unmanaged Switches.
I realised that there is no way to do this.
The problem is, that a normal network switch, which works on Layer 2 of the OSI model, is not "visible" for tools like traceroute or such.
If you want to traceroute to, lets say: google.com, your traceroute application sends a packet with a TTL of 1 to your default gateway. Your default gateway then decreases the TTL and discards the package, because it has reached a TTL of 0.
Because of that, it answers to your computer and your computer can record, from where it received the first answer.
It then sends again a package to google.com, but this time with a TTL of 2, and the process begins from start.
Now you can't do with switches what you can do with routers, because (normal layer 2) switches do not know about IP...
Cisco offers a layer2 traceroute utility, but this is limited to the cisco ecosystem and only works with cisco hardware.
So, I fear the answer is, that it is not possible in general.
The Problem
Some friends of mine play a game which involves a maximum of 4 players. I am trying to write a program which will allow a 5th person to monitor what is going on in the game without actually being in the game.
Background
The multiplayer portion of the game functions as such:
One player is designated as the "host". All other players connect to the host by entering the hosts' ip address. The host's machine is responsible for controlling the game's AI. When an event occurs in game, the host copy of the game sends the event to each of the other players' game (Clients). If a client player performs an action, their game sends the action to the host, who in turn sends it to the rest of the players so that an action by any player is visible to all of the others. The host and clients all utilize a single TCP port predefined in the game's configuration file (ex: port 58282). The game is a real-time strategy game (not turn-based).
Constraints
1. The mechanics of the game are not changeable. It is pre-compiled and there is no way to change the multiplayer mechanics.
2. The game uses TCP to communicate between the server and clients
The Question
Is there a way to have a separate program, which is running on either the host or client computer listen to the game's port (while the game is going on)? I am aware that TCP only allows one socket per port per ip address, so having both the game and a seperate program listen to the same port at the same time is problematic. Assuming I launch the external app before the game and have the app listen to the game's port, is there a way for the app to hear the host over the game port, take/copy that information, and then forward it to the game? (Sort of like a local man-in-the-middle)
The Ultimate Question
Is this possible given the constraints? Am I going about it in the best way?
I'll answer the second question first. You're not going the right way. The right way would be implementing some functionality in the server to allow a separate "client" to connect on another port to collect statistics periodically.
is there a way for the app to hear the host over the game port,
take/copy that information, and then forward it to the game?
You don't need to do a mitm. You can do a simple packet capture, with something as ubiquitous as tcpdump or wireshark. For example, to capture everything on that TCP port:
tcpdump -n -w capture.pcap tcp port 58282
The other applications will never know you captured the data.
From a Joel's post on Copilot:
Direct Connect! We’ve always done
everything we can to make sure that
Fog Creek Copilot can connect in any
networking situation, no matter what
firewalls or NATs are in place. To
make this happen, both parties make
outbound connections to our server,
which relays traffic on their behalf.
Well, in many cases, this isn’t
necessary. So version 2.0 does
something rather clever: it sets up
the initial connection through our
servers, so you get connected right
away with 100% reliability. But then
once you’re all connected, it quietly,
in the background, looks for a way to
make a direct connection. If it can’t,
no big deal: you just keep relaying
through our server. If you can make a
direct peer-to-peer connection, it
silently shifts your data onto the
direct connection. You won’t notice
anything except, probably, much faster
communication.
How do they change the server connection to a P2P connection?
It's pretty tricky and interesting. I'm sure I have some details wrong, but the overview is this:
The programs can already talk to each other through Joel's server, so they can exchange information with each other and Joel's server. Further, Joel has their external IP addresses, and they give joel information about their internal IP addresses.
They decide to try this hole punch technique. Computer A initiates a TCP connection with Computer B using B's external IP address. It won't go through, but what it does is tell's A's router that it needs to allow incoming packets from B on a given port.
Computer B does the same thing, but its message gets through to A since A's router opened a port/ip combination that matches what B sent (there's some port magic that happens here - this is non trivial, but doable).
B's router remembers that B initiated a connection with A on a given port and IP, and so A's packets now flow into B past their router correctly as well.
So it's actually pretty straight forward, but the implementation has details, especially regarding how ports are given to new TCP connections, and how NAT routers typically deal with TCP requests and how they map to external ports. These details are the interesting, and difficult, bit.
-Adam
I believe the simple version is that they drop the server connection and replace it with the P2P connection.
Something along the lines of:
Machine1 connects to copilot's servers.
Machine1 connects to copilot's servers.
Machine1 connects to copilot's servers.
Machine2 subsequently connects, and they begin screen sharing.
Machine2 opens a port intended for Machine1 to connect to.
Machine1 tries to connect to the now open port on Machine2.
If this connection is established:
The connection to copilot's servers is severed.
Data is instead transfered over the direct (P2P) connection between the two machines.
There is a technique called "Hole Punching" that works well with "Cone" NAT (Cone is a technical familly of router). That's not an 100% sure technique, today, it works well with UDP on about 80% of the router.
There is some implementations of library to realize Hole Punching: STUN (wikipedia)