We have installed a proxy inbetween host and internet. when i make a request google.com and if i see the communication in wireshark, i can just see the communication to proxy and reply from proxy, since proxy makes the actual request and reply to host.
in this case, how do we see the actual communication even if proxy is in intermediate. i have tried to open the packet and saw "Follow TCP Stream", but i could not find more information from it.
like communication from host to google.com in wireshark?
If you want to capture the traffic between the proxy and the destination, You would need to run wireshark on a machine that can see the traffic between the proxy and the destination. Eg, on the proxy, or on a machine connected to a switch setup to do port mirroring, or ...........
Basically though, without telling us the exact network layout, we cant help.
Related
I am new in Wireshark. My question is about Telnet and Eclipse. I have a program who communicate with Telnet. As you see in picture, When I write "a" in Telnet, [97] can be seen in Eclipse console as ASCII.
When i check Wireshark, I can not see any traffic on Telnet. When I filter as "ip.dst==10.10.10.12 && tcp.dstport==5000" or "tcp.port==23" or "Telnet", there is no data in wireshark. I guess, there is a problem in wireshark to see Telnet communication. How can i solve this problem?
Please check the screenshot.
Thanks in advance.Screenshot:
I assume your machine's IP address is 10.10.10.12 and that you are telneting from your machine to itself, right?
I don't know Windows, especially how network data are captured by a program like Wireshark, so I may be completely wrong. But I bet Wireshark on Windows can only see packets that actually use your network adapter (WLAN), i.e. which come from or go to an external machine. Traffic that stay inside your machine is probably invisible to it and to any program of that kind (because it's an limitation of the OS).
Instead of telneting to your WLAN IP address, you may try telneting to localhost (127.0.0.x) and make Wireshark spy on the loopback interface.
This may be a silly question but I was googling a lot last days and I've just found related but not a direct answer to this. In order to express it better let me mention a comparison:
If I setup an http server in a computer behind a router , I must set port forwarding and also that computer must have an static internal IP address in order to receive the requests on that port for that particular IP address. For instance, my router does not allow port forwarding so I could not set it up for the HTTP server. However , Bittorent works like a charm behind that same router without any static IP , nothing. How bittorrent can get requests and it can also seed? How other peers will connect to my computer while seeding? I did verify that when Bittorrent is running the port it uses for example 39031, is actually open ( using yougetsignal_dot_com). How the router can be made to open the port without using its admin settings ( we can also use Bitorrent in a public hot spot where is no way to mess with the router). I know the trackers may do some help, but there are a lot of information about a decentralized way with no trackers or basically that the peers are also trackers but not details on how it works.
Finally, why this "trick" (if any) cannot be used with an HTTP server and we must always depend on the router settings ?
BitTorrent does work behind NAT, to a certain extent. It works better if port forwarding is configured, though.
BitTorrent works reasonably well behind NAT for the following reasons:
BitTorrent is peer-to-peer, and either peer can initiate a connection; therefore, communication will succeed if either of two peers is not behind NAT or properly port forwarded;
some BitTorrent clients are able to automatically set up port forwardings using uPNP or PMP;
modern BitTorrent clients use µTP instead of TCP, and some clients are able to perform UDP hole punching.
When creating a peer to peer audio connection using webRTC, the STUN server we use will return the public IP if a user is behind a router. Now in the ICE objects, I can see that the rport is always something between 50000 and up.
Is there a way to use a specific port so that the user does not have to open all those ports?
Is there a way to use a specific port so that the user does not have to open all those ports?
I think you have a misunderstanding. The whole point of STUN and ICE (including its WebRTC derivative) exists to avoid anyone having to open a port on their NAT. Instead, STUN and ICE dynamically open the port.
Here's how it works (in a really brief description).
Client opens a socket on a random port (e.g. 50001)
Contacts STUN server using that socket to discover the external IP:port mapping for this socket. (e.g. 192.168.1.2:50001 maps to 1.2.3.4:50001). Ports don't necessarily have to match between internal and external addresses, but they usually do, so I'll keep with that for this example.
Through an external mechanism (SIP, XMPP, Jingle, cups with strings), the candidate address list of both nodes are exchanged. This includes all known internal and external addresses collected (e.g. 192.168.1.2:50001 and 1.2.3.4:50001).
Using the same socket opened in step 1, both sides send (STUN) messages (UDP packets) directly between each other. The first pair of messages may be blocked by the router/firewall. But because one side initiated an outbound packet to the remote address, subsequent packets from that address are allowed back in. This is called the "hole punching step". Hence, the port is dynamically open without the router needing any specific configuration.
Hope this helps.
You can't programatically unless you are using webrtc API in your own application. The browser will pick specific local ports from a range locally; and then it will inform you about them in the SDP and ICE candidate information.
STUN server only helps discover whether a client is behind a NAT/firewall; and then ICE uses this information in establishing peer-to-peer connection.
I have heard somewhere there might be a way to control that port range via Chrome policy templates(used by enterprises to restrict Chrome settings) - http://www.chromium.org/administrators/policy-templates. It might worth looking into...
I am attempting to establish a connection between two computers using MSDN codes:
Client code:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms737591(v=vs.85).aspx
Server code:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms737593(v=vs.85).aspx
These codes run perfectly on a local network, but my intention is to establish a connection over the internet, where both computers are behind routers. I know port-forwarding is a viable solution. But I just don't know how.
For example, does even the client need port-forwarding, not just the server?
Further more, I am unable to properly configure my router to port-forward. Its model is Level One WBR-3407a. I tried this guide:
http://portforward.com/english/routers/port_forwarding/LevelOne/WBR-3407a/defaultguide.htm
But it didn't work. As you may note, this guide doesn't anywhere in it specify what port to use? is it possible to port-forward without specifying which port to forward?!
You need to configure port forwarding on the router to which the "server" is connected, and yes, you do need to specify a port (there's an exception, but let's not worry about it now). You typically wouldn't need port forwarding on the router to which the client computer connects.
Looking at the MSDN code you linked, you need to port forward port 27015, so on the router for your server, you want to add port forwarding entries for incoming TCP connections on port 27015 and to forward them to the IP address of the computer running the server, also on port 27015.
For future reference, this question is more appropriate for SuperUser or, less likely, for ServerFault.
In my recent app I managed to send data (mostly audio) via UDP in my local network (WiFi) to other iPhone. And now I need to do this same but in WAN. Can You guys please point me in the right direction where to start? What I need to achieve this?
I'm using GCDAsyncSocket to manage sockets. I believe that I have to got server, where I can keep IP addresses of both devices.
Also, how can I connect to device behind NAT/Firewall? I'm guessing, that I need to have public IP address (scrapped for instance from http://checkip.dyndns.com/). And then do I need to traceroute? Or NSLookup? Or piggyback? Or do I need to use UDP hole punching?
I know it's a lot of question, but if you can just point me to the right technology, I would be very grateful.
To achieve a communication between two participants behind a NAT you could use Hole-Punching like you mentioned it. This is explained quite well here: http://en.wikipedia.org/wiki/UDP_hole_punching#Flow
Basically a Server with a Public IP and Port is used to share the Port-numbers of the iPhones.
But a NAT may use a different Port for every different IP the iPhone talks to. So if iPhone1 sends data to the server the NAT uses port X, but if iPhone1 wants to send data to a different IP the NAT may choose port Y. (See http://en.wikipedia.org/wiki/Network_address_translation#Symmetric_NAT)
To overcome this problem there is a protocol called UPnP and the lesser known NAT Port Mapping Protocol.
I am not well versed in UPnP but maybe someone else can provide some information on that.
The protocol NAT-PMP enables you to dynamically request an external port to be forwarded to your device. See http://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol, RFC 6886 .
This allows you to "predict" your external port and establish connections over NAT.