I am building a simple chat application using a jabber based server. The clients are expected to connect over port 5222. But, when i was testing my app, I found that in some networks access is limited to port 80 or 8080 only.
I have came across a couple of solutions:
a) Use BOSH - but found it to be slow and flaky on mobile devices.
b) I was just wondering what if i make my jabber server listen on port 80 - (Not sure what would be the implications of this!)
I wanted to know your thoughts on above solutions and know how to make my app universally accessible like other chat applications like gtalk , fb-chat etc.
Edit:
Also, would there be any other firewall restrictions that i might be missing?
Use BOSH over HTTPS (port 443/tcp). Getting BOSH implemented well is a little tricky, but it can certainly be done. Use a different XMPP library.
Otherwise, use port 443/tcp, and use the old-style TLS-handshake-first mechanism that we used to use for encryption, rather than Start-TLS. Some network middle-boxes will mess with your traffic on port 80/tcp if it doesn't look like HTTP. Likewise, some middle-boxes will not allow your connection on 443/tcp if the first several network packets don't look like a SSL or TLS handshake.
Related
Are iPhone apps are free to access any low-number network port required? Is there any thing called low-number network port in iOS ? Is this true?
You can check this: TCP and UDP ports used by Apple software products
As it's written at the above article, Many of these ports are well-known, industry-standard ports. You should use a known port only for its purpose (for example - use port 443 only for https).
If you have your own custom protocol, use a port that isn't one of the common ports. For that - choose a big number. You might also run a test to check that the port you chose is not already been used.
In addition - see this thread
How to select a static port number for a custom app?
And finally, you can also check here, where you can see a lot of port numbers usage: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=1
iOS is based on Darwin UNIX, so I would use that as a rough guide to what's acceptable with regard to selecting ports to communicate on.
Here is a list of well known low ports.
This may be a silly question but I was googling a lot last days and I've just found related but not a direct answer to this. In order to express it better let me mention a comparison:
If I setup an http server in a computer behind a router , I must set port forwarding and also that computer must have an static internal IP address in order to receive the requests on that port for that particular IP address. For instance, my router does not allow port forwarding so I could not set it up for the HTTP server. However , Bittorent works like a charm behind that same router without any static IP , nothing. How bittorrent can get requests and it can also seed? How other peers will connect to my computer while seeding? I did verify that when Bittorrent is running the port it uses for example 39031, is actually open ( using yougetsignal_dot_com). How the router can be made to open the port without using its admin settings ( we can also use Bitorrent in a public hot spot where is no way to mess with the router). I know the trackers may do some help, but there are a lot of information about a decentralized way with no trackers or basically that the peers are also trackers but not details on how it works.
Finally, why this "trick" (if any) cannot be used with an HTTP server and we must always depend on the router settings ?
BitTorrent does work behind NAT, to a certain extent. It works better if port forwarding is configured, though.
BitTorrent works reasonably well behind NAT for the following reasons:
BitTorrent is peer-to-peer, and either peer can initiate a connection; therefore, communication will succeed if either of two peers is not behind NAT or properly port forwarded;
some BitTorrent clients are able to automatically set up port forwardings using uPNP or PMP;
modern BitTorrent clients use µTP instead of TCP, and some clients are able to perform UDP hole punching.
In my recent app I managed to send data (mostly audio) via UDP in my local network (WiFi) to other iPhone. And now I need to do this same but in WAN. Can You guys please point me in the right direction where to start? What I need to achieve this?
I'm using GCDAsyncSocket to manage sockets. I believe that I have to got server, where I can keep IP addresses of both devices.
Also, how can I connect to device behind NAT/Firewall? I'm guessing, that I need to have public IP address (scrapped for instance from http://checkip.dyndns.com/). And then do I need to traceroute? Or NSLookup? Or piggyback? Or do I need to use UDP hole punching?
I know it's a lot of question, but if you can just point me to the right technology, I would be very grateful.
To achieve a communication between two participants behind a NAT you could use Hole-Punching like you mentioned it. This is explained quite well here: http://en.wikipedia.org/wiki/UDP_hole_punching#Flow
Basically a Server with a Public IP and Port is used to share the Port-numbers of the iPhones.
But a NAT may use a different Port for every different IP the iPhone talks to. So if iPhone1 sends data to the server the NAT uses port X, but if iPhone1 wants to send data to a different IP the NAT may choose port Y. (See http://en.wikipedia.org/wiki/Network_address_translation#Symmetric_NAT)
To overcome this problem there is a protocol called UPnP and the lesser known NAT Port Mapping Protocol.
I am not well versed in UPnP but maybe someone else can provide some information on that.
The protocol NAT-PMP enables you to dynamically request an external port to be forwarded to your device. See http://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol, RFC 6886 .
This allows you to "predict" your external port and establish connections over NAT.
I'm attempting to learn UDP coding as a neophyte.
I've been doing iOS development for years and want to start learning to do some basic network coding using the UDP protocol.
Is there a practice site to play with where I can't do any harm?
Or... is it possible to merely wire up the Apache server that comes with OS X and work with that?
This is intended to be for an iOS environment so would at least have to work via simulation.
Apache is an HTTP server, HTTP being a protocol built on TCP not UDP. You're probably going to be best off trying to write both a client and server that run in the same application and having them talk to each other via UDP.
FWIW, DNS is based on UDP, so talking to a public DNS server might be a good starting point.
I'm looking for a tool under windows or mac that allows me to monitor (possibly in a simple way) the traffic going in and out of a computer of my network.
Long story short the residence where I live allows themselves to monitor the internet connection (and doesn't allow us to switch to another provider).
This annoys me on a personal level (I don't like the possibility of people checkin what I do without my knowledge as a general rule regardless of what I do) but also on a professional level (I sometimes work form home).
I'm using/trying out vpn providers (JAP, VyperVPN...) to avoid all this. it works fine with the http connections (if I run iptraces I end up in germany or US or UK ...) but I'm not sure for other applications such as online games, instant messaging softwares that use different ports.
So my question is how can I make sure that my internet traffic is using my vpn connection or not ?
Wireshark would do that for you on Windows and linux (Not sure about Mac). It uses WinPCap library and wraps in a nice UI for you to monitor the packets that you are interested. It allows you to listen to specific or all interfaces , so you can make sure your packets are going via the right interface
if you don't want them monitoring your internet usage, a vpn is a good solution, a vpn will encrypt all of your net traffic between your computer and the vpn gateway -- essentially you'd be surfing the web via a proxy and your landlords wouldnt be able to determine what you are doing.
assuming you are using a real vpn, and not just a browser based proxy solution, then the vpn should encrypt and tunnel all of your network traffic, this includes anything coming out of any port on your computer, not just http traffic.
when you install a vpn on your computer, the vpn creates a fake network device, and all of the vpn traffic gets tunneled to the vpn gateway. you can verify this by looking at your computer's routing tables. there are some vpns which allow for split traffic (split tunneling), e.g. traffic to certain domains gets tunneled through the vpn and others goes in the clear, but this is the rarity, most vpns will tunnel all of your traffic, which seems to be what you are looking for.
just make sure that your vpn uses an encryption protocol, there are some that don't -- this would defeat the whole purpose of your vpn.