Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I am trying to fully understand the TCP/UDP protocol before starting a network project.
Let's say I have a TCP Server. I understand that if I want someone to communicate with via Internet I need to open my listening port: the router/firewall let it pass and redirect it to me.
A TCP client is connecting to me, there is now a bound socket between the two systems. But how the server can send data to the client if this one have his port blocked:
The port is chosen dynamically, how the firewall/router know that it need to allow the data from my server, is it because I already send something to it and now knows that there is some kind of connection?
If yes, does it mean that for UDP both machines needs to unlock the port?
I don't completely understand how it works but this is what I got so far :
Server is listening on port X
Client try to connect to Server on port X (random port Y generated)
Server can now repond to Client on port Y
Port Y is maintened open thanks to TCP with keep-alive packet.
The firewall/router let it 'open' for some.. seconds ? because there was out-coming packet from his network (waiting for in-coming ?)
And that's how two UDP client can for example communicate :
http://en.wikipedia.org/wiki/UDP_hole_punching
Example with Skype :
http://www.h-online.com/security/features/How-Skype-Co-get-round-firewalls-747197.html
Please correct me if I'm wrong or something seems you not quite well.
Thanks
Edit
A NAT router therefore keeps tables of which internal computer has communicated with which external computer and which ports the two have used.
That's the trick that let the firewall "unlock" our port.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have a conceptual question.
If I have a Java socket (this socket stablish a TCP connection by a channel)
If I run a nc command, the nc command open a tcp connection, then the nc can affect my socket
The same question with telnet, is possible that the telnet affect my socket connection?
Not normally. The operating system will keep those sockets separate. You won't easily affect one socket from another.
If your Java application uses local port 10001 to connect to an HTTPS server on port 443, that socket would be dedicated to that connection between those IPs and ports. IF netcat from the same machine connected to the same server on 443, it wouldn't use the same local ports, and they would not be the same socket.
Now, in unixland at least, open sockets are just file descriptors, and those can be passed between programs. So, for example, your Java application can spawn a new thread and hand the open socket to the thread. But an independent process on the system can't easily just nab data from the open socket.
Of course, these limitations are merely enforced in software, not physical laws, so "anything is possible". But operating systems are going to try to stop this kind of thing from happening.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
Very short qustion. Lets say user1 is connected to internet and running a http server # local. he needs to set port forwarding to work this. redirecting all incoming requests from public ip to local ip's port 80.
my doubt is that, User1 opens mozilla firefox , lets say, port 12343 , assigned by the os.
from this, (192.168.0.14:12343) to google.com:80... sometimes our router changes the incoming port to another port # NAT . clear..
My question: is there is any port forwarding set at the router to handle to route the packet.. ie, requests from google:80 to :12343 . plz correct me if am wrong at any protocol suite layers. i am new to this.
When connection is established through NAT, NAT maintains mapping between inside port and outside port. That is, when the packet comes from outside to the port 54321, NAT knows to forwward it to internal network IP 192.168.0.1., port 12345.
To explain further, let's dwell into details. Let's talk about transparent NAT. Transparent NAT's are ones which do not require any special configuration on locla software (unlike HTTP proxy servers, for instance). They usually serve as network gateways, so that OS knows to route network trafic to such a gateway (almost all home routers work in this mode).
When someone opens web page from desktop - local address 192.169.1.1, local port 12345, remote address stackoverflow.com, remote port 80 - OS directs trafic to network gateway (192.168.1.0).
Gateway sees the trafic as coming from 192.168.1.1, port 12345. On the packet, it replaces 192.168.1.1 with it's outside IP (say, 2.2.2.2) and gives it a port - say, 54321. It also creates an entry in it's mapping tables, indicating that all trafic incoming from outside for port 54321 is to be forwarded to 192.168.1.1, port 12345. StackOverflow server sees the trafic as coming from gateway, and responds back to the gateway address and port. Gatewat sees response, consults mapping table and forwards it to the local machine, where it is seen by the browser - and thus my answer is displayed on your screen.
I think there is nothing to do with NAT here. NAT just translates the internal local address(like 192.168.1.1) to an external global address(like 139.130.4.5). I hope you have adequate knowledge on OSI model. Let me explain it. When a packet reaches the transport layer,it is assigned a random port number(ranging from 0-65535),either TCP or UDP, by the OS. However, the OS can only port numbers from 49152 to 65535, as several ports are registered or is used for some specific process. A port is used to identify a service or a process. After adding port number, the packets are given to the network layer, which adds the source address and destination address of the packet. Switching is a process that happens in the network layer. This switching mechanism is responsible for the source to destination delivery of packets. Internet uses packet switching. When you are sending a packet in this switching mechanism, the packets get routed to several switches between the source and destination. Every packet that is sent through these switches are routed based on a switching table or routing table. This table contains details such as the MAC address and a physical port of the switch through which the packet is received and sent.
This is the only port forwading that happens inside a router or a switch. Delivering the packet to a specified MAC address is the only duty of a switch.
Every packet you sent through a router goes to its destination based on the routing table. Several protocols work in this layer to make the source to destination delivery possible and some of them are ARP,IP,RARP etc.
Additionally, a packet is encapsulated with information from top layers as it moves down the layers. So, at the receiver side, the packet will comes at network layer and then gets decapsulated and it is moved to the transport layer, which then decapsulate the packed and send it to the corresponding process base on the port.
So, what I told is that there is no connection with a process (port number) and the physical port of the router. It is true that the packet travels through the physical port of the router but it doesn't know anything about the process that sends the packet.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
So I was looking into what port dropbox uses on my computer and tried to see what would happen if i created a new http server on that port. Surprisingly it worked. So both dropbox and my http server were running on the same port, but the incoming requests were routed to the different application depending on the source address.
lsof -i tcp:51311
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Dropbox 3811 user 18u IPv4 0xdedc291239eb197f 0t0 TCP 172.20.10.2:51311->108.160.163.34:http (ESTABLISHED)
node 3984 user 11u IPv4 0xdedc29123b1494cf 0t0 TCP *:51311 (LISTEN)
I am wondering how this works. I thought the os would refuse the bind my http server since the port was already alloted to dropbox but to my surprise it worked. Anyone thoughts?
TCP sockets match against the 4-tuple (source-ip, source-port, destination-ip, destination-port). As long as all four of them don't clash, you can have port reuse.
As long as your daemon doesn't receive a connection from 108.160.163.34:80 your stack can handle it. If the server 108.160.163.34 is well-behaved it won't let an application initiate a connection to your socket (172.20.10.2:51311) with 80 as source port. (bind() should fail with Address already in use).
If it isn't well behaved, the existing dropbox connection will receive an unexpected packet (wrong sequence number space) and your stack will RST it.
The HTTP port being used by Dropbox is at 108.160.263.34, not your local host.
Port 51311 is being used as one outbound port and one listening port. Not 'two services running on the same port'. Otherwise there would be two LISTENING lines.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
How may I create a socket on my computer that could be reachable from other computers via internet, and work like a web server, maybe using WebSockets?
By the way: could my web server become visible from the Internet and how?
I know I can install a LAMP web server on my computer (my OS is Ubuntu) and use it for a local network.
I know I can use sockets to let 2 computers communicate via internet using their IP addresses (I did it in Java).
You can make your LAMP server stack accessible from the internet by forwarding ports from your external internet connection to the computer the server stack is running on. If you're doing this at home, you can usually handle port forwarding from the admin interface for your router/modem.
Alternatively, WebRTC is a newer web technology (still in the testing phase) that allows two browsers to connect to each other without the need for an intermediate web server.
Browser does not permit raw sockets.
You can not create a socket from browser, because it would be security hole.
For example you download a page from internet and script on this page opened all sockets on your computer.
Websockets it is technology on top of TCP protocol.
Using Websockets you can connect two browsers to a Websocket server and exchange information via this server.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have configured ejabberd server on localhost. I am able to connect to local host like admin#localhost, but i am not able to connect gtalk server. Some one please help me how to connect to gtalk server.
Thanks in advance,
sathi
In order for you to talk to GoogleTalk, they have to be able to talk back to you using Dialback. There are several steps you'll need to do:
Rename your server to a fully-qualified domain name. (e.g. example.com)
Open a hole in your firewall in both directions to your server on port 5269/tcp.
Add an SRV record to your DNS pointing at that firewall hole. If your domain was example.com, your SRV might have _xmpp-server._tcp.example.com pointing to 10 0 5269 myserver.example.com.
At some point in the future, you may also need an X.509 certificate for doing TLS.
I almost lost hope, but this thread was really helpful:
Short summary - disable google apps for domain, it can be the reason of getting 404 errors in ejabberd log.