I am working on a Deep Packet Inspection project of my own. In order to test this, I need https/ssl packet dump from a specific site.
As an example I want to capture all the packets transmitted during a Facebook session.
I tried wire-shark but I do not know how to capture packets, only related to Facebook since they can be originated from different domains, not only from www.facebook.com
Can anyone suggest me a way to do this?
Thank you.
Not sure wireshark can do it now. Correct me if I am wrong, currently it supports capture filter like "host www.facebook.com" by doing a DNS query to get a list of IP addresses for this hostname. Then it generates binary code to filter out packets to/from those resolved IPs.
If you know the list of hostnames in this domain (x1.facebook.com x2.facebook.com ...), you can create a filter like "host x1.facebook.com or host x2.facebook.com ..."
If you don't know the list of hostnames, then you have to write a specific capture software, which monitors all the DNS queries sent from the host, if it's for xxx.facebook.com, then keep track of the resolved IP addresses, save any packets sent to/from these IPs. For this to work, you have to clear DNS cache.
Hope it helps.
Related
I'm new to WebRTC and I was wondering if it's possible to have webRTC application on a local network without need for signaling since we have the IP addresses of all members on the network and if so how should I use RTCPeerconnectio to create an offer?
Thank you
No it is not possible.
Signalling is for more than just exchanging IP addresses. The clients also exchange information about media types and codecs.
You could possibly do some of the exchange via hard coding. But you would basically need to go through the whole negotiation, logging out all the candidates, offer, and answer. Even then I don't know if it would work the second time (with everything hardcoded). It also wouldn't work if you ever wanted to change media. It would be an interesting experiment.. but probably a huge waste of time.
It can be done! But kradical is right there will need to be some configuration ahead of time check out pion/offline-browser-communication
Here are the things you need to worry about
You don't need to hardcoded IP addresses anymore thanks to mDNS candidates. If you know the hostnames of the two computers they can both change IP addresses, and still be able to connect.
You need to know the DTLS certificate and ICE credentials ahead of time. If you look at the repo I shared you can see how it is done there. I did Go <-> Browser because it is the Open Source project I work on, but can easily be Browser <-> Browser as well.
I would connect with only a DataChannel at first, and then re-negotiate with all the details around media (tracks you wish to send and supported codecs)
I want to list all the valid ip present in my local network. For that i tried pining my broadcast address then i queried ARP table. While doing some network devices ip addresses are not getting listed in ARP table. If I do ping that particular ip address then if i query ARP table those are getting listed. Why such behaviour ?
While doing some network devices ip addresses are not getting listed
in ARP table. If I do ping that particular ip address then if i query
ARP table those are getting listed. Why such behaviour ?
Hosts can be, and quite often are, configured to ignore broadcast pings. This is the default at least for some (I'd like to say "most") Linux distributions and Windows versions. RFC 1122 (section 3.2.2.6) explicitly allows this.
I want to list all the valid ip present in my local network.
For that, you may either try to (unicast) ping each host on your subnet, or run a host discovery with nmap.
The ARP-table is just a cache for your machine to skip the ARP lookup everytime you try to access Another machine. So, if you haven't communicated witih a specific IP-address Before there will be no record in the ARP-table about that specific IP-address and corresponding MAC.
If you run for example WireShark you'll see that your machine (should you communicate with a machine for the first time) will send out a broadcast message stating, more or less "Who has 192.168.0.4 (just an example) - Reply to 192.168.0.19). When that reply comes back it will then store the MAC and corresponding IP in the ARP table.
For more information regarding this, have a look here:
http://www.tummy.com/articles/networking-basics-how-arp-works/
What I want is, basically, to create a connection between two different computers on same local network. But i want to do this by computers' local IP's. (like 192.168.2.23 etc)
This must be a totally local connection. no TURN or STUN Servers. I am not sure if this is possible. Because there are not much documentation/example/information about WebRTC.
So, how can I create a connection from my computer to another one just passing its local IP as parameter?
Update: To be more clear; imagine there is an html page contains some code that activates my camera and audio services. and another -almost same- page is open in other computer. Waiting a connection request... And there is a textbox in my page to type an IP belongs to other computer on my local network. type 192.168.2.xx and bingo! i have connection between me and other computer.
I want this process as IP based, because there may be more than 2 devices on the network. And all of them are possible devices to create connection. So i need to reach them by their IP's.
Any example code or explanation would be great! even if it tells that this is not possible.
Thanks
Peer discovery is a vital part in any WebRTC application. It's an expensive term for saying: "Hi, I'm computer 4 and I want to talk to you!".
See it as calling a friend over the phone. You need to dial his number first.
This part is not defined in the WebRTC standards. You need to implement this logic in your application. Once you know who you want to call, you need a way of exchanging vital information. This is called signaling, like flo850 put in his answer.
Signaling is needed before any peer-to-peer connection can be set up.
To come up with an idea for your use case of 7 devices in a LAN.
If you have these devices connected to for example a WebSockets server and are in the same channel.
The WebSockets server can be written to route messages to specific receivers.
Devices connected to the channel often are identified with some kind of ID, imagine you use the device's IP.
When you want to talk to computer 4 with IP 192.168.0.4 you send the exchange messages (signaling) on the channel to the receiver with ID, the IP of the device you want to connect with.
How to send the signaling (offer, answer) is described here with example code.
Hope this helps
Users usually sit behind NATs; that's why ICE concept implemented in WebRTC.
If both users are sitting behind same NAT; you can skip ICE servers by passing "NULL" parameter value over "RTCPeerConnection" constructor:
var peer = new [webkit|moz]RTCPeerConnection ( null );
Now, browser will use "host" candidates, also known as "local" candidates.
you still need a signaling server. During the ICE candidate search, your clients will exchange their local ip through this signaling server
Newbie programmer here. I'm building an app for an API that requires an IP address for authentication. Basically, users have to send the API management their IPs and then each time a computer makes a request to their server, it verifies whether it's coming from a registered IP.
Since I work in a number of different places and thus end up with different IPs, I thought it would be easiest to use DynDNS to establish a URL that points to whatever my current IP is and then send that URL to the API management. So my first question is if this approach would in fact work?
Secondly, assuming this would work, I set up ben.dynalias.com and downloaded the DynDNS Updater client. It appears to be working: the updater says status: OK and displays my current IP. However, when I navigate to the URL (ben.dynalias.com) there's no response. Should this be the case? How can I tell if it's working?
I don't see any reason it shouldn't work as long as your updaters aren't overwriting each other by running at the same time automatically from different locations.
You can ping ben.dynalias.com and see if your current ip matches.
I just hosted ben.dynalias.com and it gave me your IP.
Since there is no web server running on that IP, then your browser will not be able to show you a page result.
You can use http://www.kloth.net/services/nslookup.php
to check and see if you get the correct IP from a host lookup.
Depending on how often your IP changes this might not be a great solution as the DNS will cache your hostname and will not try and resolve it again until the TTL expires normally minimum 1 hour.
whether the API management accepts a hostname instead of an IP address is a question only they can answer. Some will, many won't as it's "easier" to hijack a domain name than to hijack an ip address.
trying to browse to you-address.dynalias.com that points to your own public address rarely works, even if you opened up the right ports because your router will be highly confused. The best way to test such a setup is by using a phone or tablet with 3g/GPRS internet - of course after you set up port forwarding in the router to point the appropriate port to your computer.
For an iOS app I am developing, I want multiple phone to connect to each other and be able to voice chat between those devices.
I have it working when both devices are on the same network. This was quite simple and most of the stuff I want to do, is possible.
But now I am adding internet support, which is quite a hassle. I'll first try to explain how I want to match the devices, using a small webservice I set up.
Server
Start a new GameKit session, with session-mode GKSessionModePeer
Find the "Peer ID" of the server on the session I just created
Create a new CFSocketRef on an free port and keep it ready to accept connections
Send Peer ID and Port number to my webservice, running on an external server.
WebService
Webservice receives the information and stores it together with an ID and the IP address of the client in a database.
Send ID back to Server, which displays the ID
Client
When the user chooses to use the "Online" feature of GameKit to search for games, I ask the user for an ID (where the user should input the ID the server receives).
Client connects to the webservice supplying the ID. The webservice returns the information about the session (IP, PORT, Peer ID) of the server.
The user tries to connect to the IP address, with the port information and set up an input and output stream with the server.
This does not work ofcourse, because my network does not allow incoming connections and a random port (from an external network).
But now the question is, how do I solve this? I want to be able to set up a peer to peer connection between 2 devices, those devices could be on the same network, but also on separate networks.
Is there a framework, example or anything showing how to do this? I want to be able to send data from device to device, without sending it to a server first.
I'm not aware of any frameworks that do this. I do however have a lot of experience with p2p networking across multiple networks.
One important rule I learned: when communicating between networks, don't create a direct connection unless necessary. There are just too many factors that can (will?) cause issues, such as firewalls, NATs, etc.
Sure, you can let the connection try first. You can try to connect to the given IP addresses*, but in most cases it will fail. Even when using UPnP and NAT-PMP, you'll find that in a lot of cases (more than half?) you won't be able to accept incoming connections at all.
So make sure to have a backup plan. Make a network layer abstraction that doesn't only listen(), but also connects to a server. That way, when you can't connect to the IPs* of the client, you simply setup a connection via the server and the network abstraction takes care of it all.
Let me reiterate the above: don't rely on incoming connections only, always have a backup plan.
* I write IPs because clients can have multiple local/remote IPs. Always iterate over all these IPs when connecting. Example: my phone has 2 local IPv4 addresses (10.0.0.172 and 10.8.0.2), and an IPv6 address ([2001:x:x::6]). Of these three addresses, only the IPv6 address is publicly reachable, and the two IPv4 addresses are on different subnets so whether you can connect to them depends on the subnet that the other client is on. Always try to connect to both, and fall back to a server-proxied connection when it fails.
** I mentioned IPv6, yes. Let's not forget that IPv6 is not limited by NATs, unlike IPv4, and this means that you're far more likely to get a good connection via IPv6 than IPv4, if supported.