How to direct router traffic to my PC? - router

I have a router and 4-5 devices connected to it over WiFi. Now I want all the traffic that is generated from every connected device to pass through my PC, where I can perform some task like filtering, authorization etc. This is how i feel the packet flow should be,
multiple devices --> router --> PC (where processing happens) --> internet
or
multiple devices --> router --> PC (where processing happens) --> router --> internet
I tried to find a solution but could not find anything precise. I think my PC has to act as a gateway, but all this is little confusing. My final goal is my PC should be able to authorize whether a device can connect to internet or not.

No Way, you have to put some hardware in between, like an Access Point or an Hardware-Firewall.
EDIT: there's a way, you could use your PC as an Access-Point.

Related

Asynchronicity between behavior and flows on Mitmproxy

I am trying to reverse engineer the API of an IoT device using mitmproxy. My setup is an iphone, computer running on MacOS 10.14, and an IoT device (watering pump) that can only access the wireless network after being plugged into the computer via USB connection, i.e. a not genuinely WiFi device. My phone is configured to point to the computer, which is running mitmproxy on a standard configuration.
When I send instructions from the app controlling the device on my phone to the device itself, presumably these instructions are sent to the computer, to the device cloud server, and then to the device. With these assumptions, one would think that they would see the flow of POST requests in mitmproxy before observing the results of those instructions. That is, if you send an instruction to turn on the pump, you'd think you'd see POST request containing that instruction show up in the mitmproxy flows before you see the pump turn on.
However that is not the case here. What happens is that, when I send instructions from the app, I observe the expected behavior from the IoT device, and then the flow of requests appear on the mitmproxy console seemingly at random. There seems to be no determinate relationship between the instructions I send and the requests that appear; they show up 5 seconds later, 5 minutes later, or 30 minutes later. Is this an intentional security feature? To somehow jam MITMproxies so that hackers cannot easily isolate the knowledge of which packet is performing which instruction? Or is it just something that I am doing wrong? Does anyone have any ideas as to what could be happening hear and potential solutions for making the flow of requests appear in real time? Ty

How to connect from Internet to a a lot of devices behind domestic routers

For an IoT related project I need an internet server to be able to interact with devices (they will be small PCs, probably raspberry pi) that will be behind the home router of each user. One of the requirements of the project is that these devices are self-installable by the user.
Therefore the server will not know the public IP of each home router and there is no possibility of NAT configuration in the router to reach each device within the home network.
In this scenario, what possibilities exist? At the moment I am studying the use of websockets initiated from each device to the server on the Internet (in fact, the devices know the server location); over this websocket should run all the communication (in a bidirectional way) simulating a REST interaction between both sides. Is there any other alternative? What do you think about the use of websockets to solve this need?
Websockets are used for interactive communication between a client and a server. By 'interactive' I understand near real-time. If this is your requirement, then you can use it.
If you only need non-interactive communication (request / response), you can use a classical REST API over HTTP, initiated from the devices. As long as they are connected to the router, the network stack takes care of everything.
You need to know the public IP of a router only when the server has to initiate the connection to a specific PC/workstation. In that case, a NAT rule has to be set up on the router which directs the traffic to the right workstation in the local network.

Secure, local IoT Device Discovery using PWA without a remote server

I'm looking for a way to managing and controlling IoT devices without the (constant) need for a remote server to be part in it and with a PWA instead of a native application on the managing device. The resulting goal is an IoT device that keeps working when a product eventually goes obsolete (no more server running/allocated) and having an application that has PWA benefits like always up-to-date, easy to replicated and cheaply hosted on something like S3.
As an example, let's say I have one or more IoT devices of different classes like an ESP8266 and a Raspberry Pi for instance. Just as with any new IoT device I want to add it to the network and from there on manage its state from an app. The app in this case is a PWA instead of full blown native app.
1) Traditionally, in the initial setup a native app would scan for wifi networks, connecting automatically to one that has the right name. Using PWA's we are limited to just the "state" of the network. So users would have to manually switch to the network of the newly connected IoT device. This is okay.
2) Next up, the user would need to enter his/her wifi credentials. There might be methods to set this up automatically using a native app, but I don't believe this is the case on a PWA. This, also, is okay.
3) The device then restarts, tries to connect to the network set up in (2). If set up correctly it should get its IP using DHCP. And now things get difficult. I want to 'discover' that network from my PWA. There used to be a way to retrieve the IP from a device using the WebRTC API. but that since has changed to show an obfuscated mdns that resolves to localhost. The ip leak would have allowed for a browser based network scan, but that is no longer possible. I always hoped that Android would default to using a users router as a DNS server, but that is not the case. The result is that simply using an mDNS isn't an option either. I do not want user having to check their router, install an app like fing or do anything else that disrupts the flow from a UX perspective.
Step (3) needs to run every time the app starts so you'd want something reliable. Scanning for devices isn't possible using a PWA, so I need to find another method. I was thinking of something like the way Docker containers can find each other in between networks (see etcd for example), using a predefined key that is shared during installation. The problem with this, is that it requires a remote server to store the IPs attached to that key. I don't want that.
Ideas on how to solve this are very much appreciated! I want to be able to offer a solution that would work even when WAN is out. That being said, I am aware that a connection to a remote server is needed if the end user would want to enable any voice assistant or wants to control a device from WAN.

Iphone to control PIC microcontroller

I'm interested in writing an app that send messages over IP (using 3g, not neccesarily on the same WiFi network as the receiving end) to a PIC microcontroller connected to a router (via ethernet or wifi)
I saw some descriptions and examples on how to send messages on the same network, not sure if just by giving a different IP it would work outside the network it self. I was wondering how can it be received by the PIC (still hasn't decided which PIC, depends on the possibility to perform this)
and in turn, depends on the msg received, the PIC will perform an action, for example, light a certain LED in a LED array.
I have the sending side (the app sending over IP), and receiveing side (the PIC which lights the LEDs)
I'm just not quite sure what to send, or if such "translation" is even possible.
I've searched the web but couldn't find any such thing except for made kit (for RC cars for example)
Thanks.
Carmel
Here's a UDP library I built for Mac/iOS wrapped in simple Cocoa that sends UDP packets to an IP address of your choice. Comes with sample server client app.
This is generic UDP packets so you just have to listen for them on the other end ( whatever that platform is ) and read the content. Let me know if you need help with that
https://github.com/Shein/Mac-UDP-Client-Server
Well, if the PIC can run a TCPserver, or maybe just UDP, then sure you can control a LED by sending an appropriate message. With an appropriate static IP address and routing, then you can use your iPhone to turn on the LED from anywhere you can get a connection.
PICs are not exactly renowned for having high performance and lots of RAM. If you do manage to get a server working, try to not use XML/SOAP
This looks more like a question for http://electronics.stackexchange.com.
If your familiar with SPI you could consider Microchip's MRF24WB0MA/RM module which
enables PIC to connect to a wireless network (either to an infrastructure wireless or
to AdHoc, or it can create its own AdHoc).
If you're using MCC compiler then you also have library available for this module
at Microchip Application Libraries.
TCP stack takes some memory space though. PIC18F would do but you'd be better of with PIC24F (they tend to be cheaper than 18F anyway).

Is it possible to connect a socket between two mobile devices (iPhones) over the internet?

Is it possible to connect a socket between two mobile devices (iPhones) over the internet?
I am trying to discover the IP of each device and connect directly. I know it can be done with Bonjour but that only works on local networks. I need a high speed connection between two devices over the internet.
Thanks.
If you had both the IP's and they were both routable, it should be possible. I'm not sure though if the IP's given out by the 3G network are routable. If you are using WIFI, the IP you get is almost certainly not routable. Assuming you have a routable IP though, it should be possible.
The trick is just discovering the IP of the other device. The best way to do that would probably be to have each device register its IP with a web service when your app starts up, then query that service to find the IPs of other devices.
It might get a bit tricky managing "unregistering" IPs when the app is closed or when an IP changes though, but it should be doable.
ETA:
If you have a server that they can both connect to, you should be able to implement a solution using that server (i.e. without the phones actually directly connecting to each other). This would avoid the issue of having routable IPs for the phones.
As for how to bridge the sockets together - your server program would basicly work like an old-school phone switchboard operator. You'd have some kind of registration & discovery protocol built into the server software that would allow a phone to register itself with the server, query a list of the other phones currently connected to the server, indicate which phone it wants to talk to, and accept connections from other phones.
Once it knows who wants to talk to whom, your server software would connect the two together by reading from one phone's socket and writing that data to the other phone's socket.
Only a suggestion, but if you can get each of them to connect to a third site, you'll then know the address of each. Send the address of phone A to phone B (and/or phone B to phone A) and then have them connect as you see fit.
Have you looked through all the 3.0 features? Specifically peer networking (the existence of which is public).
WiFi routers often have a feature called "Port Triggering" which allows internal hosts (in this case an iPhone) to inform the router that they would like to have a connections on particular port forwarded to them. I have no idea if the iPhone supports this protocol.
For IP lookup you may consider using DynamicDNS if the two hosts are known ahead of time OR as stated above a custom web service if they are not (i.e. friends exchanging hostnames vs. strangers discovering each other)
This is an old thread, but I just came across it. You could use a STUN server (or NAT-PMP) to get the public IP address/port combo and then SMS it over to the other phone. So long as you open a listening port on the first device, then your second device can just connect directly using the publi IP address/port you sent to it in the SMS (SMS push registry can automatically wake up your app on the second device to do this)
I have run into this issue with an app I was developing. I was trying to connect to a PC cell card from an iPhone. The problem is that AT&T doesn't enable mobile termination for iPhones so it is physically impossible for two phones on an AT&T network to connect to one another. This is straight from an AT&T antenna engineer.
I was able to get this to work by having the iPhone VPN into a server and then connect to the PC cell card but other than that, it wouldn't work.
I have a very strong feeling (but no evidence) that the iPhone address is going to be non-routable. Of course it actually depends on the operator but AT&T give out 10.x.x.x addresses.
Apple have sample (desktop) code that uses Bonjour to implement portmapping on a WiFi router that supports UnPnP.