Static and public IP addresses for regular computers - webrtc

I want to do a messaging application on the browser using WebRTC, but I want to get rid of every third party like STUN and TURN servers (I also want to get rid of signaling servers but first things first). I want the users to keep their contacts in the browser localStorage in a key-value way: name of the person => IP address.
I don't really care how the users find their own public IP address (they can do an ipconfig as there is no web API to retrieve it) nor how they distribute it (they can use use a centralized service like Messenger to give their public IP address to their friends, or they can use a QR code on their business card).
But the main issue I have is that I want these public IP addresses to be static, because I don't want to notify all my friends to update their contact file every time my gateway changes my public IP address.
In IPv4, there are too few available addresses (only 4 billions), so the public static addresses are all reserved to website and residential gateways. Whenever I want to access the Internet, my gateway opens a specific port for my computer. For example, if my gateway has the public address 1.2.3.4, the "public address" of my computer would be temporarily 1.2.3.4:3000. This process is called NAT. To find one's "public address", one must send a request to a STUN server which would respond with what IPv4 address and what port it sees. But the gateway closes the connection of the port at some point, so that's not a public static address like I want.
But in IPv6 it's different, the number of possible addresses is ridiculously high (2^128), so we could theorically give one static public address to each computer in the world. NAT would basically be useless (I'm not talking about firewalls here). But again, there is a problem, in IPv6 you have one address that is static but not public, and you have one or more addresses that are public but not static. So nothing has really changed from IPv4, and it still doesn't solve my problem.
I have 2 questions:
How to have a public and static address for regular computers? I don't want my users to meddle with their router/ISP or install anything on their computer.
Why don't we all already have static and public IPv6 addresses? Is there a design choice behind this?
Thank you for your help.

Your question is not really a programming question, so I'm assuming you need to know this because you are developing software that uses IPv6. Looking at it from a application point of view:
You don't need TURN to discover your own public address. Without NAT your address is not changed by the network and your local address is your public address. You just need to let your software ask the OS what the currently configured addresses are.
With IPv6 it's usually not the gateway giving out addresses to connected devices. The gateway only communicates the network prefix (a /64) to the network, and all devices choose their own addresses (usually multiple addresses per device).
DHCPv6 does exist, but it is usually not used to configure IPv6 addresses on devices. It may be used in stateless mode to configure domain names, DNS resolvers etc, but that is not related to assigning addresses.
So the device chooses its own addresses within the prefix communicated by the gateway. How does it choose?
Originally devices used their interface MAC address for the suffix (using the modified EUI-64 algorithm). The problem with this was that if you had a lap for example, online services that you connect to could track your device. Because no matter what network you connect to, the last 64 bits of your address would contain your unique MAC address. That way it was possible to track your device from work to home to your favourite coffee place etc.
These days the OS uses privacy extensions to make your IPv6 address untraceable. Often there is a stable address that is linked to the network prefix, so that every time you connect to the same network you get the same address. That address is useful for peer-to-peer communication.
But they went further than that. There is often also a set of privacy addresses that (semi)randomly change over time. Your device might generate a new address every day, or maybe even every hour. That makes it even harden for online services to determine whether there is a single device that has changed it's privacy address, or whether there are multiple devices. Because this address changes over time it's good for short-lived outbound connections, but not so useful to accept inbound connections on. For that use the stable address I mentioned in the previous paragraph.
Probably the most difficult bit is how to ask the OS about the available addresses. Looking at my own macOS box I see:
en2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether c8:e0:eb:5c:af:61
inet6 fe80::1074:8568:e447:d9e3%en2 prefixlen 64 secured scopeid 0x12
inet6 2a02:xxxx:xxxx:xxxx:3e:873f:837:1417 prefixlen 64 autoconf secured
inet6 2a02:xxxx:xxxx:xxxx:b19c:71c5:1de8:8fde prefixlen 64 autoconf temporary
You can see both the long-term secured address and the short-term temporary address.
Without knowing which OS you are developing for and in which programming language I can't help you further. Please adjust your question to include that information.

Related

Is a network device hostname determined by the device itself or a network admin?

I have a local network with several PCs and specialized controllers on it. These specialized controllers must be configured with static IP addresses and do not have DHCP capabilities.
I was asked to put together a list of the device hostnames and IP addresses. It's easy to figure out the IP address of each device, however, I'm struggling to find out the host name for these specialized controllers. If it were a Windows PC, I would simply navigate some menus to find the host name.
I'm confused about how the host name is configured for network devices in general. For Windows PCs, it seems like the PC itself determines its own host name. When it joins a network, it simply broadcasts its host name to a DNS server and the DNS server remembers it. For devices that are not DHCP, it seems like I would need to manually go to a DNS server and enter the host name for the specific IP address.
So what exaclty determines the host name? The device itself or a network admin?
This more of networking question and belongs to ServerFault - you will get your answer faster there.
If it were a Windows PC, I would simply navigate some menus to find
the host name.
What kind of system is there if there is no Windows? Linux, *BSD, AIX, other? I'll answer for Linux for now.
So what exactly determines the host name? The device itself or a
network admin?
This depends on your configuration in Linux check - /etc/nsswitch.conf
e.g.
hosts: files dns
Which defines that the hostname will be defined by /etc/hosts and if it is not found there it will check DNS next.
If hosts file, the local resolution, contains the pair ip <-> name it is used. If the DNS takes precedence and it contains the pair it is taken from there. As shown above, it can contain both at once in defined order, then the resolution is done in that order.
By the way, DHCP server can give you static IP addresses based on your MAC address so your controllers will have always the same IP address, if same network card is used. It is way easier to manage than configure all servers manually.

IPv6 and Traffic Tracking

I have been reading up about IPv6 and given that the number of available addresses in in the trillions upon trillions for each household on the internet, could we get to the stage where each computer in a household would have an IP that is unique to that computer, rather than the router that is next to the internet?
With that in mind, could a webserver (that is IPv6 Compatible) be used to track a specific computer's traffic through a website without using any session cookies, such as repeat viewing or if the website is visited in something like incognito mode?
each computer in a household would have an IP that is unique to that computer, rather than the router that is next to the internet?
If you mean no more Network Address Translation, yes, that is possible. Whether or not that actually happens for the internet connection in your house is a different question.
With that in mind, could a webserver (that is IPv6 Compatible) be used to track a specific computer's traffic through a website without using any session cookies
That could happen (that could happen to some extent with IPv4 now), but as mobile devices become more and more prevalent, tracking via this method would become less useful (as devices would switch IP addresses frequently).

IP Address using VB.Net Code

What kind of IP address does whatismyip.com provide?
How can I get it using VB.Net code?
Also what is IP port?
Thanks
Furqan
PART 1
Okay, let's pretend you have a router in your house and that you have several computers in your house all connected to the internet through your router.
In order for the router to know where traffic goes on your network, it assigns unique IP Addresses to all computers on your home network (Usually beginning with 192.168.x.x). These IP addresses are local ip addresses, meaning only your router and computers/devices connected to it in your house knows about them. If you open a command prompt and do command IPConfig you will see the IP address that your router has assigned your computer.
So what is the IP address that WhatIsMyIP.com showing you? In much the same way that your router assigns addresses to all the computers on your network, your internet service provider hands out unique IP addresses to all of their customers. Now, because you have a router, the only thing the ISP can see on your network is that router and your ISP assigns an IP address to it. This is why routers are also called hardware firewalls, because people on the other side of it, can't tell how many computers or devices are connected to it.
What this means is, when you are visiting websites on the internet, the only IP address they see is your routers external IP address (the one assigned by your ISP). So no matter which computer in your house you use, the website wouldn't know the difference because all it can see is your router's IP address. Go ahead and try it; go to www.WhatIsMyIP.com on several different computers in your house. You will see that they all show the same IP address. However, if you did IPConfig in your command prompt on each computer, that shows you the local address your router assigned and it would be different on every computer in your home.
So, now that you understand the difference between local and external IP addresses, how would you retrieve your external IP address in VB or C# .net code that is running on your PC? Well the only IP address your computer is actually aware of is that local IP that we talked about. The only way you can see your external IP address is to go to a website that tells you what address the request came from (which would be your router's IP address).
What you would need to do is write up some code in your VB.net program that would navigate out to WhatIsMyIP.com (or some other website that can give you your IP address) and tell the code to grab it. I have written a web service located at http://www.u413.com/test/terminal/myip that returns only your IP address as the entire HTTP response. Find something similar though for your application because this little sample will not stay there forever; I only put it up there as a temporary example on a domain I already own.
Visit http://www.vbdotnetheaven.com/UploadFile/kbawala/WebRequestClass04182005054320AM/WebRequestClass.aspx to see how to make web requests from code running on your computer.
NOTE: You may not be aware of what DNS is either if you are unaware of how IP addresses work. Everything on the net has an IP address, including the servers that serve up website pages. But what a pain that would be, trying to remember up to 12 digit IP addresses for all your favorite websites. That is what DNS servers were invented for. DNS servers take a domain name (e.g. www.facebook.com) and translates it into the correct IP address. That way all you need to remember is facbook.com instead of 69.63.181.12 (this is facebook's IP address. Go ahead, try it! Put that IP in your browser's address bar and you will see facebook.), domain names are much easier to remember!
If you want to see the IP address associated with a website, open up a command prompt. Once the prompt is open type PING [websitedomain] (e.g. PING Facebook.com) and your computer will send 4 test requests to the address which is displayed for you.
PART 2
Let's pretend your IP address is like the address of an apartment buliding. The pizza delivery boy needs to know the address to the apartment building in order to deliver your pizza. But what is he going to do when he gets there? There are hundreds of doors/apartments to choose from. He needs to know the apartment number (port number on your computer).
Your computer has thousands of ports, and programs can listen on any one of them for requests from the outside world. When you go to a website almost all websites are served on port 80. Port 80 is the default port for web pages. When you go to facebook.com you are actually going to facebook.com:80, you just don't see the :80 because it is implied since it is the default. If I put up a web server, I could decide any port to serve websites on. If I served web pages on a different port than port 80, then you would have to include it in your URL. http://www.SomeDudesCustomWebServer.com:1337.
Outgoing requests use a port too, but that one is usually unimportant and your computer just picks one that is available. So when you go to Facebook.com, the facebook web servers are all serving up pages over port 80, but the port your computer opened up to send the request does not have to be port 80 because it picks an available port and then sends the port with the request. Then when facebook sends its response, it sends the reply back to the ip address and port that made the request.
Outgoing ports are only used for the duration of the request. Ports that must listen for connections must stay the same otherwise the computers making requests would have no idea what port to send the request to.
Easy huh!
Hope that helps you understand a bit better.
EDIT:
Port Forwarding
Okay, in light of the chat application you want to use/create, if you want it to communicate over the net you'll have to learn about port forwarding. Basically, because all you could see of your friend's network would be his external ip address, you will have to use that address to connect to his chat server (or vice versa if he is connecting to your chat server then it will be your external IP). Because of this, the connection request would only get as far as the router that has the external IP, but it would not know what computer on the network to forward the request to.
You will need to access your router's firmware and set up port forwarding so that the router knows to forward requests on a specific port, to a specific computer on the network. Visit http://portforward.com/ for more detail on how to setup port forwarding.
EDIT 2:
Firewall
When setting up stuff to communicate with your computer using your PC, you may start getting frustrated that it just won't connect. What is likely stopping you is your firewall. By default, most ports on your PC are completely blocked by the windows firewall. For each port that you want to communicate on you will want to go into the firewall and create a rule that will open up the port. Go here http://www.top-windows-tutorials.com/windows-7-firewall.html for a video on how to use the windows firewall. I did not watch it, but it is what came up first on a google search.
Do not simply disable the firewall. Even though this is an easy and quick solution to open up all your ports, you are leaving yourself open to attack. Viruses love to set themselves up in your computer if they can and listen on an open port for a connection from their beloved creator so he can obtain access to your PC. Only open the ports you need.
UDP vs TCP
When opening and forwarding ports you may notice that it asks for UDP (User Datagram Protocol) or TCP (Transmission Control Protocol). What they stand for may not make sense but all you need to know is this: UDP is for single packet transmissions which means that two packets sent by a pc may or may not be related to each other. These types of data packets are usually used for broadcasts on a local network. An example I would use is LAN games. When you host a game on a LAN the other computers/devices can see the name of the game and join it. That is because the computer hosting the game is transmitting a UDP broadcast across the entire LAN so that any devices can see the game. Those UDP transmissions usually contain the name of the game and the connection info required to connect to the game.
TCP is for continuous packet transmission. TCP requires an established connection, any packets transmitted on this connection are always related to that one connection/request. To continue my example from the last paragraph, once you click connect on the LAN game, your computer then establishes a TCP connection with the host and uses that connection for the duration of the game or games. TCP is the most commonly used connection type and your chat program would likely communicate over TCP, especially if you are connecting across the net because UDP broadcasts are useless across the internet. UDP is only really useful on a LAN.
You should be safe forwarding and unblocking only the TCP ports, but sometimes when I'm unsure I just do both UDP and TCP just to be safe. In fact, many routers and firewalls have 3 options: TCP, UDP, or Both which saves you from having to create two rules for both types of the port.
When in doubt, open/forward both.
What's my ip provides your IP v4 public address.
It's really easy to retrieve it, this topic explain how to proceed : How to get the IP address of the server on which my C# application is running on?
The code is only a few lines long, so the language (c# in this example) does'nt matter.
They provide your external internet facing IP.
This IP will depend on how you connect to the internet. If you connect straight from your computer to your ISP without any kind of router or firewall in between, it might be the same as your internal IP, but in most circumstances this will not be the case.
If you're at home and you've connected via a router of some kind, then you might be able to query it for the IP, but there is no standard way of doing this.
There is no standard way of getting hold of your external IP from the client it self. If you've got access to a server on the internet where you could deploy some code you could connect to that server from your client PC and ask it what IP you're connecting from.
IP Port Numbers
I also needed external IP using command line, but because I didn't find it I wrote small application using vb.net. You can use reflection for source code or ask on app home page for it. Basically application opens web page that provide your IP and parse it using regular expression, but because is designed with this purpose uses many "tricks" for this (can use more web pages at once, uses fastes page, etc). Check source for details.

Broadcasting hostname and IP address

In order to notify all computers within the same LAN about my existence, I want to broadcast my hostname and IP address.
How do I go about doing so without sending them as a string?
Avik, this is what DNS is meant to be used for. While "regular" DNS is meant to hold names and IP addresses for each machine (statically configured), there is a dynamic DNS protocol which allows machines to update their DNS entries in real time.
This sort of capability is used in some of the office environments for my clients where printers on a machine are shared but the machines they're attached to use DHCP (meaning their IP address can change).
See here and here for details and the Windows implementation with DHCP.
Lets call your machine that wants to advertise itself the SERVER and all the machines that can use it, the CLIENTS.
Of course, dynamic DNS only notifies DNS itself of the name/IP mapping and is useful if the CLIENTS are already aware of your SERVER so they can get the IP address from DNS. If you have no way for CLIENTS to discover that your SERVER has just been added, you'll still need to broadcast a packet occasionally indicating that your SERVER exists (this will only need the SERVER name since CLIENTS will use DNS to get the IP address).
This broadcast packet should be picked up by all CLIENTS and kept in a local table. If the communications from a CLIENT to your SERVER fails, the local table entry for your SERVER should be removed (it'll be re-added when your SERVER broadcasts again).
Basically re-inventing NetBIOS or ZeroConf, as popular with small embedded devices for discovery by a Windows or OS X based installer or setup utility.
You can try to use UPnP Discovery.

192.168.0.71... What is this special address used for?

I have some accesses from 192.168.0.71 on my apache logs. I looked up this IP (because my server almost exclusively takes requests from 127.0.0.1, and I saw that it's reserved for "special purposes." What types of purposes might those be?
Edit:
I didn't tell you, typing 192.168.0.71 brings me straight to my site, just as 127.0.0.1 would. I just wonder how this is different, then from 127.0.0.1.
RFC 1918 reserves addresses starting with 192.168 for private networks. This most likely means that some computer on your local network is accessing the server.
I didn't tell you, typing 192.168.0.71 brings me straight to my site, just as 127.0.0.1 >would. I just wonder how this is different, then from 127.0.0.1.
That means that 192.168.0.71 is the assigned internal IP to your machine.
127.0.0.1 is just a local loopback redirect. 192.168.0.71 is actually directly connecting to your machine.
192.168.???.??? is a special, reserved range of addresses private IP addresses. So it's probably a computer from your local network.
Read: http://en.wikipedia.org/wiki/Classful_network
EDIT:
You've edited your post.
It seems, it's your address in the local network.
127.0.0.1 is the loopback address.
Difference between them is if somebody else from your network types 192.168.0.71, they go to your site, 127.0.0.1 is for their computer.
192.168.0.71 (Well the entire range 192.168.0.0 – 192.168.255.255) are for private (read. not internet accessible) network IP addresses, so that is from something inside your private network.
I believe it is reserved for any private intranet, as per this document.
The 192.168.x.y block is typically used for non-Internet connected devices. It's most likely from one of your own machines. If you have a router of some sort, go into its configuration tool and see if you can find the block of addresses it uses to assign to internal machines. It should be 192.168.x.y.
Judging from your edit, it sounds like 192.168.0.71 is your computer's IP address on your internal network.
As to why it's showing up in your logs instead of 127.0.0.1... well, I can only assume that, for whatever reason, one of the programs on your computer is contacting the computer by its network IP rather than the localhost IP.
The 192.168.0.0 network is defined as being one of the "private" networks.
As Krzysiek Goj has said, check this link for further details.
There are 3 ranges that have been designated as private ip addresses.
- 10.0.0.0/8 (meaning 10.0.0.0 to 10.255.255.255)
- 172.16.0.0/12 (meaning 172.16.0.0 - 172.31.255.255)
- 192.168.0.0/16 (meaning 192.168.0.0 to 192.168.255.255)
Typically a DHCP server on your network (of which most network switches are examples) are configured to dynamically hand out ip addresses in one of the private ranges. The 192.168.0.0/16 range is probably the most popular. Alternatively you may have been statically allocated one of these addresses by your network administrator.
To check the address that you've been allocated you can use one of the following:
- (windows) ipconfig /all
- (unix) ifconfig
By default your machine will also have a loopback interface enabled using the address 127.0.0.1. This can be used to access your own machine.
There is not enough information here to completely answer the question. The most likely answer is:
The web server is also your desktop system. Your browser is running on that system as well, so the the 127.0.0.1 traffic is from your surfing of your own site.
The 192.168.0.71 is the actual IP address of your desktop, which is connected to some kind of NAT'ing device which connects you to the internet. Almost every broadband WiFi device uses this subnet by default.
The reason some traffic comes from that address is that on occasion, for various web reasons, some of the traffic is directly addressing your 192.168.0.71 address rather than the 127.0.0.1 address.