Can someone please let me know if there is some blog/webpage/tutorial which clearly describes the packet traces involved in Apple Bonjour protocol? I understand how PTR, SRV and A/AAAA records play their role, but I want to actually get trace of bonjour in action, hope some of you could help.
I guess the best thing would be to listen to packets (through something like Wireshark, TCPDump, e.t.c) being sent to the multicast address 224.0.0.251 on port 5353. They're pretty much standard DNS packets, only sent over multicast.
Related
So I know how to broadcast a packet on the LAN (send it to x.x.x.255) IP. I am confused on how to receive the packet on the receiving host. Like i don't know what kind of socket connection I need to use. Please help me. Thanks
You need to use UDP sockets. At receiving side just keep on listening like any normal UDP socket. No special setup is needed.
I'm using Flash Media Server to stream audio. I used to use it on port 1935 (the default port) but a lot of users were complaining they couldn't hear the stream, I figured it may be a firewall issue and their firewall was blocking that port. So I changed it to port 80 and most of the users who couldn't stream properly, were now able to.
Ever since then, i've still encountered a few users who complain about not hearing the stream. I'm not really sure where to go from here, I would have thought port 80 is open for everyone seeing as HTTP goes through port 80 and if you can browse the web then you should be able to stream right? Clearly not... Does anyone have any suggestions on what I can do my end to enable streaming for these users who can't hear anything port 80?
Thanks for the help, much appreciated.
In some organizations, there is an intelligent firewall or some device that does deep packet inspection. These devices can be configured to analyze the data running over a port, and flag it accordingly.
So, you sent RTMP over port 80, the device recognizes it and will usually do one of two things:
"Hey, that's RTMP being sent over the wrong port! Not on my watch!! [BLAM, packet killed]"
"Hey, that's RTMP being sent over the HTTP port! Let's not apply rules for HTTP and apply the packet shaping rule for RTMP, which says it should be blocked (or throttled down to 0.03kbps)"
Unfortunately, there's not much you can do about this. It is very common for this kind of thing to get blocked or throttled near the client's end.
If you can find someone this happens for, you can analyze the packets with Wireshark, or some other packet sniffing software. Then you can see for sure what is reaching the client, and what isn't.
I'm just reading about TCP and UDP and from what I've read when the packet gets encapsulated in the IP protocol and the header gets added is it not possible to create a false IP address at this stage?
Granted, the response will never be received on your connection, but is this possible?
I do not want to do this btw. I'm in no way associated with immoral ethics. It's just something that I had to ask whilst reading about TCP and UDP. I'm actually learning how to use sockets in C++ for a game I'm working on.
Yes, this is possible.
Use raw sockets and craft your own packets
Use scapy, hping, etc
Search for "packet crafting"
EDIT
A nice scapy tutorial that teaches you to send lots of valid and invalid stuff is here.
I'm trying to find a way for client to know socket server ip:port, without explicitly defining it. Generally I have a socket server running on portable device that's connect to network over DHCP (via WiFi), and ideally clients should be able to find it automaticaly.
So I guess a question is whether socket server can somehow broadcast it's address over local network? I think UPnP can do this, but I'd rather not get into it.
I'm quite sure that this question was asked on Stack lot's of times, but I could find proper keywords to search for it.
One method of doing this is via UDP broadcast packets. See beej's guide if you're using BSD sockets. And here is Microsoft's version of the same.
Assuming all the clients of the application are on the same side of a router then a broadcast address of 255.255.255.255 (or ff02::1 for IPv6) should be more than adequate.
Multicast is another option, but if this is a LAN-only thing I don't think that's necessary.
Suggestion
Pick a UDP port number (say for the sake of an example we pick 1667). The client should listen to UDP messages on 255.255.255.255:1667 (or whatever the equivalent is. e.g.: IPEndPoint(IPAddress.Any, 1667)). The server should broadcast messages on the same address.
Format Suggestion
UDP Packet: First four bytes as a magic number, next four bytes an IPv4 address (and you might want to add other things like a server name).
The magic number is just in case there is a collision with another application using the same port. Check both the length of the packet and the magic number.
Server would broadcast the packet at something like 30 second time intervals. (Alternatively you could have the server send a response only when a client sends a request via broadcast.)
Some options are:
DNS-SD (which seems to translate to "Apple Bonjour"): it has libraries on macOS, but it needs to install the Bonjour service on Windows. I don't know the Linux situation for this. So, it's multi-platform but you need external libraries.
UDP broadcast or multicast
Some other fancy things like Ethernet broadcast, raw sockets, ...
For your case (clients on a WiFi network), a UDP broadcast packet would suffice, it's multi-platform, and not too difficult to implement from the ground up.
Choosing this option, the two main algorithms are:
The server(s) send an "announce" broadcast packet, with clients listening to the broadcast address. Once clients receive the "announce" packet, they know about the server address. Now they can send UDP packets to the server (which will discover their addresses for sending a reply), or connect using TCP.
The client(s) send a "discover" broadcast packet, with the server(s) listening to the broadcast address. Once the server(s) receive the "discover" packet, it can reply directly to it with an "announce" UDP packet.
One or the other could be better for your application, it depends.
Please consider these arguments:
Servers usually listen to requests and send replies
A server that sends regular "announce" broadcast packets over a WiFi network, for a client that may arrive or not, wastes the network bandwidth, while a client knows exactly when it needs to poll for available servers, and stop once it's done.
As a mix of the two options, a server could send a "gratuitous announce" broadcast packet once it comes up, and then it can listen for "discover" broadcast requests from clients, replying directly to one of them using a regular UDP packet.
From here, the client can proceed as needed: send direct requests with UDP to the server, connect to a TCP address:port provided in the "announce" packet, ...
(this is the scheme I used in an application I am working on)
UDP doesnot sends any ack back, but will it send any response?
I have set up client server UDP program. If I give client to send data to non existent server then will client receive any response?
My assumption is as;
Client -->Broadcast server address (ARP)
Server --> Reply to client with its mac address(ARP)
Client sends data to server (UDP)
In any case Client will only receive ARP response. If server exists or not it will not get any UDP response?
Client is using sendto function to send data. We can get error information after sendto call.
So my question is how this info is available when client doesn't get any response.
Error code can be get from WSAGetLastError.
I tried to send data to non existent host and sendto call succeeded . As per documentation it should fail with return value SOCKET_ERROR.
Any thoughts??
You can never receive an error, or notice for a UDP packet that did not reach destination.
The sendto call didn't fail. The datagram was sent to the destination.
The recipient of the datagram or some router on the way to it might return an error response (host unreachable, port unreachable, TTL exceeded). But the sendto call will be history by the time your system receives it. Some operating systems do provide a way to find out this occurred, often with a getsockopt call. But since you can't rely on getting an error reply anyway since it depends on network conditions you have no control over, it's generally best to ignore it.
Sensible protocols layered on top of UDP use replies. If you don't get a reply, then either the other end didn't get your datagram or the reply didn't make it back to you.
"UDP is a simpler message-based connectionless protocol. In connectionless protocols, there is no effort made to set up a dedicated end-to-end connection. Communication is achieved by transmitting information in one direction, from source to destination without checking to see if the destination is still there, or if it is prepared to receive the information."
The machine to which you're sending packets may reply with an ICMP UDP port unreachable message.
The UDP protocol is implemented on top of IP. You send UDP packets to hosts identified by IP addresses, not MAC addresses.
And as pointed out, UDP itself will not send a reply, you will have to add code to do that yourself. Then you will have to add code to expect the reply, and take the proper action if the response is lost (typically resend on a timer, until you decide the other end is "dead"), and so on.
If you need reliable UDP as in ordering or verification such that TCP/IP will give you take a look at RUDP or Reliable UDP. Sometimes you do need verification but a mixture of UDP and TCP can be held up on the TCP reliability causing a bottleneck.
For most large scale MMO's for isntance UDP and Reliablity UDP are the means of communication and reliability. All RUDP does is add a smaller portion of TCP/IP to validate and order certain messages but not all.
A common game development networking library is Raknet which has this built in.
RUDP
http://www.javvin.com/protocolRUDP.html
An example of RUDP using Raknet and Python
http://pyraknet.slowchop.com/