Consider a phone which is connected to wifi with phones A, address as Dynamic Ip ex:192.168.0.34 and its listening over a server socket at port 7567, In what way can i connect to that socket using any programming language if i have another phone B to connect that which is on public ip say 10.0.0.56 and i have the wifi router ip say ex 55.56.89.76 ?
It is not possible to connect directly to a client behind a NAT if you don't use port forwarding. But there is a technique called hole punching to open a port thrue a NAT.
From Wikipedia:
Hole punching is a computer networking technique for establishing communications between two parties in separate organizations who are both behind restrictive firewalls. Used for applications such as online gaming, P2P and VoIP, both clients establish a connection with an unrestricted third-party server that uncovers external and internal address information for them. Since each client initiated the request to the server, the server knows their IP addresses and port numbers assigned for that session, which it shares one to the other. Having valid port numbers causes the firewalls to accept the incoming packets from each side. ICMP hole punching, UDP hole punching and TCP hole punching respectively use Internet Control Message, User Datagram and Transmission Control Protocols. Using TCP nefarious hole punching, it's possible to send compressed SYN packets through into a common ACK path. Numerous software does this.
See also the questions related to this topic.
Related
if when i try to connect with webRTC from outside the local network, it uses a STUN server to exchange info like ip address, port..., and then once the two clients know each other they will directly connect, but the thing is, if any router by default blocks any port that's opened exept for 80, then how do the two clients connect, on what port?
WebRTC is an open framework and does not dictate how the connections are established between the communicating peers. Establishing the connection itself involves the following.
1-The peer discovery is made via Signaling for doing SDP exchanges and exchanging remote host identities. The Signaling can be done over any transport – UDP/TCP, any protocol and via any standard (SIP/XMPP) or custom application level protocol over HTTP/WebSockets etc. The choice of Ports for signalling traffic is left open to the application developer.
2-Once the peer discovery is complete, and the PeerConnections are established at each endpoints, the media data can be sent. Depending on the network topology of the Peers (whether they are in the same host network, or they are in different network (behind Nated IP address), they can choose to connect such that the media traffic is sent over UDP or over TCP. For a more protected environment, the peers may even need a TURN server to relay the media traffic on Peers behalf. Here again, the choice of Media Ports is left open and can be decided via the end application.
I found this on web I hope its helpful
I know that when two machine communicate they may use the TCP/IP protocol.. But after the IP packet is routed to my router and it is converted to physical signal , how does my computer again decapsulate it and send it to proper application....I know that transport layer header is used for identifying port numbers to send it to proper process,but which device will do all these inside a host..am new to network and apologize if something was wrong or silly here
A packet comprises of information in the form of [header[body]] which will be looked up and processed across all the layers in the TCP/IP stack.
The information related to the all layers are encapsulated into a single packet.
Packet being a general term here, can be of many types based on the protocol with which two nodes are communicating (TCP Packet, UDP Packet, IP Packet etc). The information from a TCP/IP packet for example, are processed by different devices or services working at specific layers.
Switches or Bridges operate at the Ethernet layer. These devices switch packets inside LAN by looking up the MAC address information.
Routers operate at the Internet Layer and utilizes the IP protocol (i.e., IP address) to route traffic between networks.
Stateful firewalls, Proxies, Load Balancers etc. are at the transport layer. They work based on the TCP or UDP information to allow/deny/direct traffic.
Application layer facilities effective communication between application programs in a network. The application layer is not the application itself that is doing the communication. It has protocols such as DNS, FTP, SMTP, SNMP to help and serve the purpose.
References:
https://docstore.mik.ua/orelly/networking/firewall/ch06_03.htm
https://technet.microsoft.com/en-in/library/cc786128(v=ws.10).aspx
We all say that IP is connection less protocol but network layer provides us with switching facility wherein we have packet switching under which, we have virtual packet switching which is connection oriented i.e resources are reserved on the way. Then why do we say IP is connection less as every packet travels in IP datagram?
Well I think that network layer has many other protocols which might use virtual ckt concept. IP uses datagram service, so it is connectionless. Because in datagram service packets go independently without any reservation of resources.
So right now I'm using only TCP for my clients - they connect to the server, open socket and freely getting packets.
But what if I will decide to use also UDP in my game? Will they gonna have to open ports? For example, if they are using a regular WiFi, can I send UDP to the client without having opening ports problem?
Thanks.
TCP and UDP are just two examples of transport layer implementations. Both of them are using term 'port' to determine which app should receive incoming packet, but they could be routed/filtered differently by routers/switches/firewalls/etc.
So the answer is no. You will have similar problems with opening ports. Just except 'TCP port xxx should be opened' you have to demand 'UDP port xxx should be opened'.
In most home networks firewall rules allow outgoing packets (requests) to any remote port (on your server for example, where this port should be opened). And when such a packet goes through a router - it creates temporary rule to allow answers come back to the local port from which request packet.
So, normal scenario is like that:
Packet originated from home computer with IP 5.5.5.5. Lets say it has source UDP port 55555, source IP address 5.5.5.5 and destination port 8888.
Packet reaches home router. As it is going from inside - router allows it to pass through and creates rule say for 2 minutes to allow packets targeted to 5.5.5.5 to UDP port 55555.
Packet reaches corporate router before your server. It has rule to pass packets for port 8888 so packet is allowed to go.
Your server receives the packet and processes it. In response it creates packet for IP 5.5.5.5 and UDP port 55555.
Corporate router allows response to go.
Home router allows response to go according to temporary rule.
Your computer receives the response.
Corporate computers and routers often more restrictive to ensure security, so second point could restrict packet if your user (IP 5.5.5.5) is in corporate network.
It is very simplified as in reality there's almost always things like NAT and rules are more complex... But in general it gives the idea how it works internally.
If I have two internal computers connecting to the same external IP address through a NAT router, how is the router able to get the traffic to the correct internal computer? It is my understanding that NAT forwards incoming packets to the computer that recently sent outgoing packets to the [incoming packet's] sender's IP address. Since both computers are sending to the same address, does the router forward the packet to both? If that is the case, is it the responsibility of the client software to determine which packets are relevant?
Is it possible if both computers are attempting to connect to the same port?
When you open a socket, you need to address a port of the destination system and open a conjugate listening port on your own system to receive any response. You have to send the destination system your listening port.
Having more than one system using the same modem
When you start a web browser, and go to www.google.com:80, your browser obtains/searches for a free non-system conjugate port from the system for listening. Let us say, the conjugate port is 10000. The listener port is for receiving the http stream back from google.
Then your kid sitting next to you incidentally also browses www.google.com:80 and his/her google session of the play station or xbox-whatever also incidentally is assigned conjugate port 10000.
Both of you are sitting behind a cable modem, and behind the cable modem is your wireless router. And both of your systems are behind the wireless router - All sitting in that sequence, network topology-wise.
To prevent port address collision on the router/modem
Let us say that your cable company DHCP assigns your modem ip4 adress 72.72.72.72. But your wireless router DHCP assigns 192.168.0.10 to your system and to 192.168.0.11 to your kid's system.
When the frame carrying the information of your listener ports passes thro your NAT router, it would translate either one or both listening- ports. Let's say port 15000 for your page and port 16000 for your kid's page.
Your wireless router then sends your requests to google server as coming from 72.72.72.72:15000 and 72.72.72.72:16000.
The google server then responds individually to 72.72.72.72:15000 and 72.72.72.72:16000 and when you wireless router encounters the response, it reaches into the mapping that it has stored and translates 72.72.72.72:15000 to 192.168.0.10:10000 to reach your system but translates 72.72.72.72:16000 to 192.168.0.11:10000 to reach your kid's system.
Running web/game/ftp/etc servers
But what if you have a web server or an ftp server running on your system. What if you have two systems and both have a web server and both web servers are listening on port 80?
Let us say the local ip addresses registered/assigned with your wireless router of your first web server system is 192.168.0.30 and your second web server system is 192.168.0.40.
The wireless router would have a configuration web page usually by default 192.168.0.1:80, unless you changed it. There would be a tab to on the page where you could define/reserve application port mappings.
You could register with your wireless router to reserve the mapping
192.168.0.30:80 => outgoing port 8080
192.168.0.40:80 => outgoing port 8088
So that you have to phone your friends your web/game servers are addressable through
72.72.72.72:8080 and 72.72.72.72:8088 respectively,
where the wireless router would preclude its port 8080 and 8088 from its own dynamic NAT usage.
Of course, 72.72.72.72 is as good as only before your ISP DHCP decide to renew the ip4 address of your modem to say, 72.72.90.200. After which you would have to phone/email your friends and say
Hey, the servers' addresses have changed to 72.72.90.200:8080 and 72.72.90.200:8088 respectively. Or you could subscribe to dynamic dns (ddns) service to use a named domain where the ddns service will need you to install a simple heartbeat utility on your system to help them monitor the address variation. DDNS translation is a separate issue/strategy.
NAT modems
Newer ISP contracts supply you with a modem that has NAT. If so, you have to switch off either the one on your modem or the one on your wireless router. You should not use both - what's the point in translating twice because NAT is simply to prevent address collision. When you switch off NAT from your wireless router, it can operate as a hub switch and not a router anymore so that you could connect it to the modem using one of its LAN socket instead of thro its WAN socket.
The router manages "source" ports that are separate for each computer. While you may be connecting to port 80 on the "destination" the router may assign the source port to some high number port.
Wikipedia sums it up as
Network address translation involves
re-writing the source and/or
destination IP addresses and usually
also the TCP/UDP port numbers of IP
packets as they pass through the NAT.
Checksums (both IP and TCP/UDP) must
also be rewritten to take account of
the changes.
Already good answers are provided, but here is another example:
HOST A addr HOST B addr
10.1.0.2:4040 10.1.0.3:4040
-----------------------------------------
NAT 200.50.50.28:4040 200.50.50.28:4041 (what external host sees)
200.50.50.28 is router's global (internet) IP.
Every port number is unique in the NAT table. And of course the router does all the dirty job of modifying the source and destination addresses transparently.
It uses different ports for incoming external traffic, and the NAT then routes the packets on one port to one internal IP address, and the packets from the other port to the other internal IP address... The iniital request from each internal computer, when it goes through the NAT on the way out, establishes which port will be used for the incoming traffic from the external ip address, and it tells the external server what port to send it's traffic back on for that connection.
RFC3022 provides a lot of information on how this works
Since public facing or external IP Address that was given by Internet Service Provider (ISP) has been discussed, I would like to add on this.
You can ask your ISP to have your public IP Address not change. It will become static, so that you do not have to inform your friends to change the IP Address if they want to access your server inside your Network Address Translator (NAT).
As of this writing, static IP Address cost around 100 bucks. Most of the ISP they call it business account.
You can determine your public facing IP Address by googling "what is my ip address".