Suppose we have a web browser with several tabs open and we are working with them.
All TCP packets will arrive with destination port 80 but I don't understand how the browser can know, from all the network traffic, which packages are destined for which tab.
What's more, if there are several browsers, I understand that all the packages destined to them come with port 80. How do you know which ones are intended?
Thak you
TCP connections are identified by the following tuple: Source Ip, Destination Ip, Source Port, Destination Port
Each connection that the browser opens might have the same destination ip & port (e.g. www.google.com port 80), but each connection will have a unique source port number.
Suppose we have a web browser with several tabs open and we are working with them. All TCP packets will arrive with destination port 80
No they won't. They will arrive at the browser with source port 80, from the server, but each connection will have a different local port number at the client host.
but I don't understand how the browser can know, from all the network traffic, which packages are destined for which tab.
It doesn't have to know. All it has to do is read from its various connections via their sockets. Demultiplexing to the respective local ports is TCP's job, not the browser's.
What's more, if there are several browsers, I understand that all the packages destined to them come with port 80.
Wrong again. They come with source port 80, and, again, different destination ports.
How do you know which ones are intended?
Same answer. They don't. TCP does.
80 port is used, usually, on the server side. Each browser tab is client, not a server, and uses different port numbers.
Client reads data from this "own local" port, not directly from the server's 80.
Related
I have Wamp 3.1.7 running on a Windows 10 machine. The goal is to have the projects on this server accessible via the internet.
The server is available and working as expected over LAN when accessed with the LAN IP, e.g.
http://10.0.0.3/.
The server runs behind my router, which has its web interface running on port 80, so when I access my public IP, traffic on port 80 goes to the router login page.
Steps taken to try and solve the issue:
change the port my server is listening to from 80 to 8080. (this is working, both locally and over LAN, accessed with http://10.0.0.3:8080)
Add inbound rules on windows firewall for port 8080, set to allow all.
Add port forwarding on the router settings (forward incoming traffic on port 8080 to local IP 10.0.0.3:8080 as per https://portforward.com/d-link/dsl-g2562dg/)
Using PFPortChecker, it says that port 8080 on public_ip is open and able to send data.
I remain unable to access my server. When I go to public_ip:8080, I get ERR_CONNECTION_TIMED_OUT.
As stated above, going to public_ip just displays the router login page.
So as far as I can tell: port 8080 is open, my server is accessible over LAN on port 8080.
What am I missing? Where else could my traffic be blocked?
Stupid mistake on my side.
Answer found here: Public IP Web Page "Connection Timed Out" When Connected To
The issue was that you cannot access the server with the public_ip if connected the LAN the server is running on.
By default docker appears to not do UDP hole punching.
Is there anyway to turn this on? Or is this not supported at all?
Note:
UDP hole punching is different from the port forwarding configured with the -p option. It means a device can respond to a UDP packet originating from your docker image using the source IP Address and port in the packet received and the NAT maps it back to the correct image and port. This is a feature most routers support by default.
Maybe I should explain why I want this instead of -p forwarding built into docker. We know the IP Address of the devices we want to talk to from our docker image when we send our UDP packet to that device if we use the -p forwarding then the reply packet gets forwarded to us but both the from address and port are changed by the docker NAT. This means that when we receive that packet we don't actually know who it is from. This might be OK if you are only talking to one device, however we can be talking to many, so when you get a packet from a different address then what we sent to, we have no way to know who that packet is actually from. We are hoping with UDP hole punching the from address would remain intact.
When from machine A, you do a telnet to machine B, you specify ip and port of B.
But what is the port on A from which the request originates? Does it pick any random port that is free?
Telnet runs on top of TCP. TCP clients use ephemeral ports. Most OSes allocate a special range of ports for this use, and when a new connection is to be opened, they select an arbitrary available port. See https://en.wikipedia.org/wiki/Ephemeral_port for more information.
Due to a virus in the system, one of our clients have made access to internet restricted in their server. We use two web services data on this server (both use a SOAP API).
The client company is asking me for the ports on the firewall they should leave open so we could be able to use those web services only. I'm not good at networks. So how can I get those information?
I need the port or any address from my two services so that they let them pass through the firewall.
I'm not sure I understand the question, but most web services receive connections on one of:
80 (http)
443 (https)
8080 (http)
Most firewalls client should be configured to allow outbound connections to these.
Server firewall MUST be configured to allow inbound connections on one of these (or some other pre-arranged non-standard port).
To work out what ports your existing web server is actually using:
how to investigate ports opened by a certain process in linux?
Its most likely, 80, 443, or 8080.
I installed a Jenkins server on port 8080.
Then I installed GitBlit, which usually takes port 8080 too, so that I changed to port 8082.
On the machine I can call localhost:8082, but from remote 192.168.178.3:8082 is not available.
Jenkins response works on 192.168.178.3:8080
I opened the port on the hardware firewall. Still no response.
The last thing I could image is the Windows firewall, but even after opening the port for TCP for in and out its not working?
Or where do you think the problem is?
If you are using Gitblit GO, the default config for Gitblit GO will bind to localhost and will be unreachable from another machine. Check out server.httpBindInterface and server.httpsBindInterface.
Perhaps you need to do any port forwarding on your hardware firewall?
If you suspect Windows, you can add your program/service to the exception list in you Win Firewall settings. You can make this by going to:
START->Control Panel->Windows Firewall->Windows Firewall with Advanced Security
and modify Inbound and Outbound rules.