I have a strange issue I can't solve.
Customer is using standard MS Teams. When some users are trying to preview files, like PDF, there is an unexpected problem.
After some checks it was discovered, that when firewall on Azure is disabled, it works fine.
I checked, and ports recommended by Azure are opened:
For Teams to function correctly, you must open TCP ports 80 and 443 from the clients to the internet, and UDP ports 3478 through 3481 from the clients to the internet.
What other ports must be opened, so this preview works ?
Thanks in advance.
Related
I'd like to know that a specific device (phone/tablet) has joined my WiFi network created by ESP8266 microcontroller. It shouldn't require any installed apps on that phone/tablet, if possible, to simplify the whole setup.
So I think I need to somehow identify connected clients, and MAC is not an option because it is subject to change randomly on, say, Apple devices.
Maybe it's possible to collect host names of connected clients?
I know that Windows and Ubuntu clients send their host names when getting IP from DHCP server (see here). Also, it's possible to find such information on, say, home Wi-Fi router admin web page (i.e. host names, their IPs and MACs).
I'm running DHCP server on ESP8266, but I haven't found any API that allows to get peer host name (i.e. reverse DNS). Does ESP8266 support getting such information?
I'm using Charles Proxy and Wireshark to monitor http(s) traffic from various iOS apps I'm using on my iPhone. These apps require me to set the HTTP Proxy under the iOS Wifi settings (let's call these the Proxy Settings).
My business needs to see ALL URL's that are being called from my phone. From all apps. All URL's, not some of them.
Now Charles and Wireshark both work fine and I can see a ton of traffic coming from my phone.
However, I can't help but wonder whether I might be missing some HTTP calls. Maybe calls that don't use the Cocoa Core Foundation libraries as the basis for their networking.
For instance, I could write my own HTTP library out of TCP/IP and these would bypass the Proxy Settings.
So my question is: what is the likelihood that some apps are using custom-rolled HTTP libraries and side-stepping my Proxy Settings. Or worse, they're using raw TCP/IP to communicate with a server. I know it's possible, but do any APIs work this way? Does anyone do it?
I found the answer: Use mitmproxy in transparent mode. proxy is not used. harder to setup because it needs work on the router, but it reliably captures every packet on port 80 and 443 regardless of proxy settings.
Assuming that you are able to keep your device tethered, then you may be able to use the pcap service to monitor all traffic. According to the following paper (2014) the pcap service is running on every iOS device:
"Identifying back doors, attack points, and surveillance mechanisms in iOS devices"
You should be able to connect to it via usbmuxd. I'm not sure whether there is a pre-rolled client for the pcap service. There is a list of services supported by libimobiledevice here. Pcap is not on that list.
Alternatively, you can use wireshark to capture all traffic on your wifi network.
I'm trying to make a file sharing app. One solution that I came up with is using an embedded mini HTTP server to allow others to connect to my app (and serve content to them). Now, I wonder, what if, the user already has an app that uses this technique, and already has the port 80 busy listening for incoming connections. When I'll try to start my server, it will fail, won't it? Can I avoid this situation?
80 tcp port well known as HTTP, best way to avoid this problem is select some non popular port after 1024 to your app
Assuming that you run your mini web server in your iPhone and your user is in another iPhone or a PC, they will connect to you based on your IP or bonjour address. The HTTP traffic will use port 80 by default so if you are not using http you will probably want another port other than 80. The webdav apps for iPhone typically use 8080. Regarding your question - if they have a web server app in their iPhone installed - it does not matter even if they are using the same port, the server runs on your iPhone not theirs.
I do not think that the iPhone can operate more than 1 wen server at a time, I understand new virtualisation technology allows multiple web servers running in a common server with a common IP, Far as I know the webdav apps that I have cannot run concurrently.
I am implementing a client (IOS device) and Server. I wish to keep the payload of request/responses to a minimum so plan to implement a custom TCP based service. My only concern is if I can rely on the port I use being always open through 3G etc. There must be other apps that use non standard ports and TCPon IOS?
If you can, you might use Port 80/443(SSL) for your custom TCP server. You only have to ensure that your have a free IP on your Server to bind your custom server-application to port 80.
If it's not HTTP(D) behind port 80/443(SSL), thats not a problem!
When using other port you may run into problems with blocked traffic in firewall rules.
But that's the standard case. Like a VOIP/SIP iOS App needs the SIP Port 5090. So if you are try to make a call within your University WiFi where only some Ports except 5090 are supported, the app won't run/connect.
So. You should make it like Viber or WhatsApp Messenger does. Use Port 80/443(SSL) and try to get the max possible connects trough possible firewalls.
I'm testing an iOS application and I just want to see when HTTPS traffic is sent. I'm not interested in the contents of the traffic. How can I configure Wireshark to do this?
This is just to verify that an analytics package is working. I don't have any control over the servers that my app is talking to.
Thanks!
Edit #1: My current Wireshark configuration can see traffic to http://www.duckduckgo.com but not https://www.duckduckgo.com
An alternative is using your Mac as a Wi-Fi access point and sniffing the traffic with TCPDump. Here are the steps:
Connect your Mac to your router using an Ethernet cable (the Wi-Fi card will be busy working as access point). Or skip this step if you only want to sniff traffic from the app to your own computer.
In the Wi-Fi icon of your toolbar, click Create Network. Give it a random name, select security, and set a password.
In System Preferences > Sharing set To computers using: Wi-Fi. In Wi-Fi Options... choose the network you created before. In Share your connection from:, choose the interface you are getting Internet from, usually Ethernet.
Enable Internet Sharing, and connect to this new Wi-Fi network from your iPhone.
Disconnect 3G on your iPhone from Settings > General > Network and check your Internet with Safari. Sometimes it takes a few seconds.
In your Mac type sudo tcpdump -s 0 -A -i en1 port 443 > log.txt. Use ifconfig if you have a network interface other than en1. The log generated can also be imported by WireShark (which is a GUI version of tcpdump).
Now all Internet traffic from your iPhone will be recorded.
TCPDump is included with all versions of OS X. For other options, see Technical Q&A QA1176 Getting a Packet Trace.
If you want to decrypt the SSL traffic in order to listen in on it, have a look at the Wireshark Wiki. The explanation is a bit longer, but enables you to decrypt SSL traffic.
You also might want to listen on port 443 instead of 80.. :-)
Set following as a filter after you've started capturing the appropriate network interface:
tcp.port == 443 || tcp.port == 80
This will ensure display of data for only http & https connections that you can further inspect.
Yes. Wireshark can watch any and all ethernet traffic made available to it. The issue to solve is whether the machine running Wireshark will see all of the ethernet traffic you are interested in detecting the presence of.