Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I know that when a HTTP request is made, packets are sent from a seemingly-random high-numbered port (e.g. 4575) on the client to port 80 on the server. Then the server sends the reply to the same high-numbered port, the router knows to route that to the client computer, and all is complete.
My question is: How is the return port (4575 in this example) determined? Is it random? If so, within what range? Are there any constraints on it? What happens, for example, if two computers in a LAN send HTTP requests with the same source port to the same website? How does the router know which one to route to which computer? Or maybe this situation is rare enough that no-one bothered to defend against it?
The NAT is going to decide/determine the outbound port for a NATed connection/session, via it's own internal means. Meaning, it will vary according to the implementation of the NAT. This means any responses back will come back to that same outbound port.
As for your question:
What happens, for example, if two computers in a LAN send HTTP
requests with the same source port to the same website?
It will assign different outbound ports for each. Thus, it can distinguish between the two in responses it receives. A NATs would create/maintain a mapping of translated ports, creating new outbound port numbers for new sessions. So even if if there were two different "internal" sessions, from two different machines, on the same port number, it would map to two different port numbers on the outgoing side. Thus, when packets came back in on the respective ports, it would know how to translate them back to the correct address/port on the inside LAN.
Diagram:
It depends on the NAT and on the protocol. For instance I'm writing this message behind a full cone NAT and this particular NAT is configured (potentially hard-wired) to always map an UDP private transport address UDP X:x to the public transport address UDP Y:x. It's quite easy to shed some light on this case with with a STUN server (google has some free stun servers), a cheap NAT, 2 laptops, wire shark and a really really light STUN client which uses a hard coded port like 777. Only the first call will get through and it will be mapped on the original port, the second one will be blocked.
NAT's are a hack, some of them are so bad that they actually override on return the public transport address not only in the header but even in the transported data which is kinda crazy.
ICE protocols has to xor the public address to bypass this issue.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have read somewhere that "if you are the remote user connecting to a web server, then your web browser would pick a random TCP port from a certain range of port numbers, and attempt to connect to port 80 on the IP address of the web server". Does that mean that a particular ip address at client side have multiple ports?
Every system which implements TCP/IP has multiple "ports". The IP address refers to the entire system, if that's all we had it would be pretty boring. One program on a system could talk to one program on another system.
Hence the idea of "ports". Ports are just a 16-bit number which "completes" the address. So, your program on system 1.2.3.4 wants to talk to the webserver running on 2.3.4.5. The webserver "binds" itself to port 80. This is an example of a "well known port". But, how is the webserver to get data back to you? Your program needs a "port" of its own. But, it can be any old number, it doesn't need to be well known, so it just tells the OS I need a port and the OS finds one not in use and your program is "bound" to that port. Say it is port 3456.
So now we have all we need: 1.2.3.4:3456 can talk to 2.3.4.5:80
and when the packets of data for port 80 arrive at 2.3.4.5, the OS delivers them to the webserver. And when the packets of data for port 3456 arrive back at your computer (1.2.3.4), your OS delivers them to your web browser.
Whereever you read that, it's wrong. The TCP implementation picks a random local port. Not the browser. There are 65535 TCP ports per IP address, and another 65535 UDP ports.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I want to establish an UDP communication between two peers, say Alice and Bob. Alice is behind a port restricted cone NAT (so that the same internal port gets mapped to the same external port even if the destination is changed), while Bob is behind a symmetric NAT (which means that the external port will change every time a new destination is chosen regardless of the internal port, thus making the external port unpredictable). I have a server in between and I want to make an UDP hole punch.
I implemented the following strategy:
Bob opens a large number of ports and from all of them sends a packet to Alice's external port (he gets to know if through the server).
Alice sends packets to Bob's NAT at random ports until the connection is established.
Having two NATs of those types at hand, I did some experiments. Bob opens 32 ports, and Alice sends 64 packets every 0.1 seconds. The connection is usually established within 1 or 2 seconds, which is more than suitable for my needs.
However, I was wondering if I could get in trouble with some strict NAT routers or firewalls. On example, could it happen that a router won't allow an internal peer to open 32 ports? Or (and this sounds somehow more likely) could it happen that a router that sees a lot of packets incoming on random ports that get dropped will blacklist the ip and drop all its packets for some time? I read that sometimes this could happen in case of a DoS attack but my packet rate is something like 4 to 6 orders of magnitude lighter than a DoS attack.
I am asking about reasonable network configuration: I am pretty sure that in principle it is possible to setup a firewall to behave in that way. I will be targeting mainly users that lie behind standard home connections, so my main target is common internet providers that use NATs.
It's an interesting question.
First of all, I'm not sure anyone has the exact answer you're looking for. Different networks use different equipment and different configuration. Two ISPs can use ten different vendors for their routers, firewalls, NATs, intrusion detection equipment, DPI equipment etc; not to mention the number of possible configurations all of this equipment has.
And while commercial and corporate networks are bad enough, home networks are even worse. Here there are even more vendors selling modems, NAT boxes, and various software that affects network connectivity (such as firewalls and anti-viruses). All of which is in the hands of users who aren't technically savvy that leave it with the default settings, or worse.
Moreover, in both home and commercial networks there might be several layers of NAT. I know of a company that has a NAT for each lab (to isolate it from other labs and the R&D network). Each lab is then connected to the R&D NAT (to isolate it from other departments), which in turn is connected to the company-wide NAT, which, by the way, is also heavily firewalled. Add to that a possible ISP-level (carrier grade) NAT, and you're looking at up to 4 layers of NAT. Hopefully this is an extreme example, but two layers of NAT are quite common nowadays with home NAT and carrier grade NAT.
Given that, how likely it is for a random network to consider this behavior suspicious and limit it? Frankly, I don't know for sure and I don't think anyone else does with a high degree of certainty.
Despite that, my educated guess is that sane default configurations of communication equipment (NATs, routers, etc) should not block such behavior. After all, many applications open several ports; not to mention the fact that the NAT has no way of knowing that the IP sending this traffic isn't itself a NAT device with dozens of computers behind it - each of them with several open ports.
I also guess that simple firewalls should be fine with it as long as UDP itself isn't blocked, and the usage of the various ports is allowed. Firewalls that attempt to block port-scanning, and anti-DDoS equipment, however, might pose a problem as this traffic might seem suspicious to it, so it might depend on the configuration/implementation details of such equipment and software. So unfortunately, the only way to tell how your strategy will behave in the real world it to try it out on a variety of different networks.
Second, I'd like to say a few words about your hole punching strategy. If both Alice and Bob have a shared server, and Alice is behind a cone NAT, I don't see the point in your strategy. A cone NAT is the simplest NAT to overcome. If you want Alice to be able to connect to Bob (which is tricky since he's behind a symmetric NAT), all you really have to do is to get Bob to connect to Alice upon Alice's request.
To do that, both Alice and Bob should always have a long-lasting TCP or UDP connection to the server. The connection shouldn't carry any data for the most part, and should be just kept alive once in a while.
When Alice wants to connect to Bob, it just opens a port (say port X), and connects from that port to the server. The server sees Alice's external port that corresponds to port X - say port Y. At this point, Alice informs the server that she would like Bob to connect to her. Since Bob is connected to the same server, the server informs Bob that it should connect to Alice at at port Y. This should establish a connection between them without the need for any guessing.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
Apparently there are two ways a client can access a port in the client machine. I've only found one so far.
The question:
When a client wishes to send a message to a server using TCP, it must establish a connection to a specific port and IP address. It must use a socket and a port on the client side to transport the data. Discuss the two ways that a client might get access to a port in the client machine.
I've read wikipedia and some other sites, and it looks like there is only one way TCP connects to a port? Am I not understanding this question?
Three 'ways a client might get access to a port in the client machine':
Specify a specific port and use the bind() system call.
Specify port zero and call bind(). The system will allocate a client port.
Don't call bind() at all. The system will again allocate a client port on connect().
Don't ask me which two your instructor wants, or whether he wants something else completely, but that's how I would answer the question. Unless there is more to it than this, it is very poorly posed indeed.
There are 2 types of network communication on TCP/IP protocol from a client to a server (or another client)
TCP protocol
UDP protocol
The main difference between those 2 are; TCP protocol works the way just like you described: The client should try to open a connection on a specific port to an IP address and the remote side should accept the connection properly in order to start sending and recieveing the data through the socket. But the UDP protocol does not need to open (establish) a connection from point to point. It allows you yo send any data at any time without any condition other than a valid IP address and port number.
Note that when talking about UDP protocol, unlike the TCP, you will have no guarantee that your data (actually called "packet") has been successfully sent or not to the remote address at all. You will never know that. And it's only recommended for small amount of data packages. The bigger the packet means the less change of proper transmission.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I'm trying to understand NAT (Network Address Translation) .
Can someone explain how can I determine if my computer is using a NAT (behind a NAT) , or
if it using its own IP address ?
What Barmar said in the comments is the easiest way. Obtaining your IP address over HTTP is indicative that you are behind either a NAT or an HTTP Proxy server. (I suppose it's possible you could have a public IP address, but your device is configured to route HTTP over a caching proxy).
Formal NAT detection and NAT classification can be done with the STUN protocol or equivalent protocol in which a UDP or TCP service echoes back the IP address back to the client that connected to it.
Another telling sign if you are behind a NAT is that your local IP address is in a private IP address range such as the 192.168.x.y range, the 10.x.y.z range, or then 172.16.0.0-172.31.255.255 range.
And pretty much any Wi-Fi setup is going to be a NAT configuration.
The NAT detection technique is based on two observations about the IP TTL (Time To Live) field.
Host operating systems have characteristic initial TTL values. This property of individual operating system implementations of TCP/IP is well known and can be used as part of a "fingerprint" to identify the operating system that a host is running merely by examining its traffic.
NAT devices or gateways decrement the TTL on packets that they forward.
For more details visit: http://www.sflow.org/detectNAT/
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Suppose we have messenger like GTalk, Skype etc running on two different PCs(A and B) which have private IP addresses but connected to Internet through some ISP. The two PCs could be located in different parts of the world. Now its possible to send messages and make VoIP calls between A and B.
This obviously uses server for communication establishment. For text messages it could be routed through the server to reach A and B.
But for VoIP calls, I believe initial establishment would be taking help of server and later VoIP data would flow directly between A and B. Now, A and B both have private IP addresses.
So my question is how is it possible to communicate between A and B directly over the Internet who have private IP addresses ?
Is there any specific standard for this ? I am not talking about VoIP standard like RTP etc but the mechanism to communicate over Internet using private IP addresses. In other words, I simply have a TCP client and TCP server running on A and B respectively. How can TCP client reach TCP server ?
I would like to know if messengers like GTalk, Yahoo, Skype and many of the Android applications like Viber, Kakoa talk, WhatsApp etc use any specific standard for this. And I have seen that these work almost always, calls between A and B work, located anywhere in the world.
It would be nice if somebody can share the architecture and the concepts involved.
[I did read about concepts like STUN and hole punching. But I don't see any specific way. And there is no guarantee that these would work depending on the NAT behavior]
Thank you.