I have an iPhone app which relies on connecting via the local network to a server running on a user's mac/pc.
The server is running an http service on port 8080
I already add exceptions to the default windows firewall, or the default mac firewall to ensure traffic is allowed to reach my app.
However the most common customer issue is that the iPhone can't communicate with the server.
Normally this is the network router blocking traffic - though sometimes the user is running their own firewall which blocks the traffic.
Is there a protocol which will let me say something to the effect of
'will all the firewalls on this network, please allow communication to <an ip> on <a port> if the traffic originates within this network?'
I have looked into upnp - but that seems to concentrate on opening a port to the outside world which I don't want to do.
suggestions?
thanks in advance.
No, there is no such way or protocol aside from UPnP. And I wouldn't recommend it anyway because in company networks it would cause all sorts of problems and security issues if this were possible.
I'd suggest that you set up a FAQ entry or installation section for your software where you describe this common issue and give details to the customers how they can detect and solve this problem.
In general, higher ports (above 8000 or 16000) are not blocked or firewalled. I would seriously consider allocating a random port in that range.
Also, consider to advertise your service with Bonjour. Using Bonjour has the nice side-effect that your iPhone app does not have to know the port number. It can simply browse the network for available servers. If there is just one then connect to that, otherwise present the user with a list to choose.
Is there any way to run the server on port 80? You're likely to encounter fewer issues on a standard port.
Related
at my firm we have a jupyterhub/lab installed and is used by roughly 70-100 people in a secure network that can only be accessed to from work. Recently the idea of hosting web-applications for short time use came up, but we are having port problems. User A is running a web application on port 5000, and User B can’t use the port because it is already in use. Port 5000 is default, it can be changed but this is not the behavior we want. Does anyone know of a way for web-applications to run on the same port in the same environment? Have looked into server-proxy but i do not really understand it. Is the way to achieve this really to be running a vm for each user securing that the port is not in use?
Any help is appreciated
For example, when you make an ssh connection, you are connected to port 22. What happens then? On a very high level brief overview, I know that if port 22 is open on the other end and if you can authenticate to it as a certain user, then you get a shell on that machine.
But I don't understand how ports tie into this model of services and connections to different services from remote machines? Why is there a need for so many specific ports running specific services? And what exactly happens when you try to connect to a port?
I hope this question isn't too confusing due to my naive understanding. Thanks.
Imagine your server as a house with 65536 doors. If you want to visit family "HTTP", you go to door 80. If you were to visit family "SMTP", you would visit door no. 25.
Technically, a port is just one of multiple possible endpoints for outgoing/incomming connections. Many of the port numbers are assigned to certain services by convention.
Opening/establishing a connection means (when the transport protocol is TCP, which are most of the “classical” services like HTTP, SMTP, etc.) that you are performing a TCP handshake. With UDP (used for things like streaming and VoIP), there's no handshake.
Unless you want to understand the deeper voodoo of IP networks, you could just say, that's about it. Nothing overly special.
TCP-IP ports on your machine are essentially a mechanism to get messages to the right endpoints.
Each of the possible 65536 ports (16 total bits) fall under certain categories as designated by the Internet Assigned Numbers Authority (IANA).
But I don't understand how ports tie into this model of services and
connections to different services from remote machines? Why is there a
need for so many specific ports running specific services?
...
And what exactly happens when you try to connect to a port?
Think of it this way: How many applications on your computer communicate with other machines? Web browser, e-mail client, SSH client, online games, etc. Not to mention all of the stuff running under the hood.
Now think: how many physical ports do you have on your machine? Most desktop machines have one. Occasionally two or three. If a single application had to take complete control over your network interface nothing else would be able to use it! So TCP ports are a way of turning 1 connection into 65536 connections.
For example, when you make an ssh connection, you are connected to
port 22. What happens then?
Think of it like sending a package. Your SSH client in front of you needs to send information to a process running on the other machine. So you supply the destination address in the form of "user#[ip or hostname]" (so that it knows which machine on the network to send it to), and "port 22" (so it gets to the right application running on the machine). Your application then packs up a TCP parcel and stamps a destination and a return address and sends it to the network.
The network finds the destination computer and delivers the package. So now it's at the right machine, but it still needs to get to the right application. What do you think would happen if your SSH packet got delivered to an e-mail client? That's what the port number is for. It effectively tells your computer's local TCP mailman where to make the final delivery. Then the application does whatever it needs to with the data (such as verify authentication) and sends a response packet using your machine's return address. The back and forth continues as long as the connection is active.
Hope that helps. :)
The port is meant to allow applications on TCP/IP to exchange data. Each machine on the internet has one single address which is its IP. The port allows different applications on one machine to send and receive data with multiple servers on the network/internet. Common application like ftp and http servers communicate on default ports like 21 and 80 unless network administrators change those default ports for security reasons
Setup:
I have client C connecting to server S
Both C and S are on the same machine
In C the server address is hardcoded to 127.0.0.1. Likewise, in S the client address is hardcoded to 127.0.0.1
Problem:
I want to be able to sniff the traffic between the client and the server.
Due to the configuration, I cannot move the client nor the server to different locations (the address are hardcoded)
Installing the loopback interface and using tools like Wireshark+WinPcap doesn't lead anywhere (was actually already known but was worth a try)
RawCap, suggested in another topic, doesn't work. IP 127.0.0.1 is listed, but does not record any traffic.
Using rinetd to route the traffic elsewhere, as suggested here doesn't work (cannot bind on 127.0.0.1)
Not interested in using a HTTP local proxy, such as Fiddler, because I'd like to capture also other protocols
Two commercial tools work, specifically CommView and Local Network Monitor, which means it must be possible to do that ;)
How can I do to capture the traffic?
Any pointer on functions I should use or documentation I should read?
Thanks!
Basically you need to write a TDI filter driver to achieve that... for some pointers see:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff565685%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff563317%28v=VS.85%29.aspx
Another option is to write a WinSock LSP.
BEWARE
Since Windows 8 it is strongly encouraged to use WFP (Windows Filtering Platform) for this sort of thing...
Although it might be more cost-effective to just use/buy an existing solution - esp. if you are not a very experienced driver developer...
Use RawCap, which can solve your concerns, see this
I want to develop an iPhone app with a simple IM feature. I am thinking about setting up an HTTP server on an iPhone. If the iPhone is using wifi and is behind a firewall, how can I make sure that other iPhone clients can connect to it?
It's not the firewall that will disturb the connection as much it is the NAT.
When you are connected through wireless router to connect the internet you are surfing via NAT. it means you dont really have an extenral IP but once you initiate connection the router will map your intenral IP to one of his externatl ports and for certain time window he will pass connections to you if he will get it to the right port.
That being said, there is no actual way of setting a server behind a NAT unless you can configure port forwarding in the router and internal static IP.
Hope i was clear enough, good luck
I do not really think that you need to get an HTPP server up and running on iPhone to make an application that can send and receive messages (IM). The idea of making one iPhone user to directly connect to one another does not seem right to me since the users will need to know IP addresses of one another to do that.
Interconnectivity between different users of the chat can be solved by making your application communicate via a dedicated TCP port. It is generally advisable to choose ports with a number higher than 1024 since those below are generally found on the list of so-called well-known ports and are used for Web (like port 80), FTP (port 21), SSH (22), DNS (53), etc., it will be the responsibility of the user to make sure the port used by your application is open on the firewall. In order to solve this problem you can actually use port 80 for communication if you find that the port you have selected is blocked. You can do this because you know that this port will not be blocked in most cases. Indeed Yahoo Messenger is reported to use this technique when the firewall blocks the port it uses for communication.
The port should be used by your application to connect to the Web-server that will actually store user credentials, perform authentication, message transmission, etc., and the server should reside on capable hardware to be able to support large number of simultaneous connections. I can suggest using either a VPS (like the one provided by Linode) or a cloud (like Amazon EC2, Google Application Engine, Rackspace).
When developing and testing WP7 apps you're pc is connected to either a real WP7 phone or to the WP7 Device Emulator. For a specific development-purpose I would like to connect directly to the development pc (let's call it the host pc) from the WP7 app without having to rely on an external toast-server. I'm using plain sockets, System.Net.Sockets.Socket.
There seem to be two options:
Obtain the host pc's LAN IP and connect to that
Connect to localhost
Option 1 usually works well, but not always: The host pc may not necessaily have an IP, in which case there's nothing to connect to. Also, in some scenarios all LAN traffic is directed through a company-wide proxy which will disrupt this mechanism.
That lead me to try out option 2. To my surprise it seems to work, but I need to be more sure than simply "it seems to work". I've googled all over but can't find any definitive answer, not even on Microsoft's site like e.g. http://msdn.microsoft.com/en-us/library/ff754351(v=VS.92).aspx. So this is my question:
What exactly is the defined behavior of connecting to localhost from a WP7 app?
Altrernatively, is there a fool-proof way of connecting back to the host-pc?
(Let me stress this again: For this particular purpose I can't use toasts, because the development pc may not even be online.)
Edit:
I work at EQATEC and the application in question is the EQATEC Profiler. Right now the profiler/app-communication is handled by injecting a socket/http-client into the deployed WP7 app that connects back to the profiler's LAN IP address. It works very well and is really fast, but in some very rare cases users are offline and therefore doesn't have an IP, or have some prohibitive lan proxy rules.
Therefore connecting to "localhost" would be excellent if that somehow magically would always work for everybody. It works for me and a couple of test-users, but does it work for all our many thousand profiler users all over the world? I'd like to be more sure.
"localhost" by definition is the machine running the code (well specifically the NIC doing the communication). For either the Phone or the Emulator, that would mean the phone or the emulator, not the PC they are attached to.
When you attach to a PC, you do have a network - it's an RNDIS connection in which both sides get an IP address which traditionally (pre-WP7) could be resolved with 'ppp-peer', though I've not tested that resolution on the Phone. I suspect it will be the same, since WMDC is still what's connecting and they'd have little reason to change that connection mechanism.
If the emulator is resolving localhost to the PC on which is resides, that's a definite bug and I would not count on it continuing to work as they add more robust socket support to the Phone platform.
System.Net.Sockets.Socket isn't really currently available for WP7 programming, but it might be available at some future point (maybe in Mango... maybe...)
AFAIK, the only way to reliably do what you want to do is to set up an http server on the development PC and to provide your app with an HTTP address of that server - or to route messages via some "Cloud proxy"
I'm surprised localhost works at all on the real device... I can only assume that they are asking the connected PC to resolve that DNS name - but even then I'm surprised 127.0.0.1 works.
The ip you're looking for is "192.168.55.100"
That's the ip address the phone uses to connect to the host pc.
If you'd like to connect to the phone, apparently its ip address will be "192.168.55.101"
For the emulator just use localhost or 127.0.0.1
This is from the old ActiveSync days, so I don't know how official it is or how likely it is to last, but for right now at least it worked on my phone.