I'm sniffing between two devices which communicate in a duplex fashion via udp. I'm using wireshark to sniff. The config file for the first device (a piece of hardware under test) states that the client port is 54718 and the server is 54717. In the config file for the second device (a simulator written years ago), only one port is specified. That of 54718.
The two devices communicate without any problems.
But how does the second device manage to connect and send to 54717 when it has no knowledge of it?
In wireshark I can see that the first device is sending to the second device such that the source port is 54717 and the destination is 54718. I can also see that the second device is sending to the first device such that the source port is 54718 and the destination is 54717.
The first device sends first and the protocol is described as that of UDP in Wireshark. The simulator replies, also via UDP. Subsequent exchanges are described as being STUN ChannelData TURN Messages. I've no knowledge of this protocol but maybe it explains why I don't see 54717 in the simulators config file.
Thanks for your help,
Barry
First, in UDP communication, there is no "connect" action. UDP is not connection-oriented.
Second, the second device will get the peer address and port from recvfrom() api call.
In all probability, the first device's use of the terminology "client port" and "server port" do not refer to two different ports within the client device. Instead, the "client port" refers to the port to be used as the point of origin within the first device, and the "server port" refers to the remote destination port on the far device, to which the first device's outgoing traffic will be sent.
The second device, on the other hand, is probably fundamentally a "listening" device. It only knows the UDP port it needs to listen on, and waits for any queries destined to that port to arrive from anywhere.
So, I will refer to the "first device" as the client, and the "second device" as the server.
Each datagram sent from the client to the server contains two sets of address information:
1) The destination IP address and port, and
2) The return IP address and port.
The server can use recvfrom() to extract the complete return address (including port number) from each incoming request.
This way, we really only need one port number to be predfined and agreed upon by both the server and the client ahead of time: The server's port number.
The client could conceivably choose to use any random port number as its origin port (but by convention it would likely choose to avoid any of the well-known reserved ports to avoid potential interoperability problems), and the server could dynamically read the return address information from each incoming request and send its responses to the correct destination dynamically.
But how does the second device manage to connect and send to 54717 when it has no knowledge of it?
UDP is connectionless, and your program likely gets the 54717 as a default fallback value if nothing else is specified (e.g. in a config file).
Related
I want to develop a P2P Gaming application. What is the fastest and efficient way to implement NAT traversal and Peer discovery. I have read about STUN and TURN server. But what are the Open source parts available and how can I use them?.
1. Does those STUN server work on 3G networks?
2. Does UDP HOLE PUNCHING works on 3G networks?
If you have a videogame, you probably want to have a central server that contains all the game data and allow the users to be clients. You know, like Puzzles and Dragons, where you have a username and password and sign in to a server.
Google "Stun Client" and "ICE protocol". There are plenty of open source implementations
STUN fails on mobile networks because mobile networks have symmetric, large scale NAT. Traversing that kind of nat doesn't work with STUN (see reason below)
Why Mobile Broadband NAT cannot be bypassed?
It boils down to statistics. In order for a connection to be established, you have to send a packet into the port that they are at and they have to send a packet into the port that you are at. If you send to the wrong port number or they send to the wrong port number, you miss and no connection is established. If both of you simultaneously bind to a port and send out a packet directed at the other's ip address, you have a 1 in 65535 (65535 being the number of port on an ip address) chance of sending a packet into their port and they have a roughly 1 in 65535 chance of sending a packet into your port. So the chance of you establishing a connection is (1/65535) * (1/65535), or (1 / 65535^2).
You can't know your port number for any subsequent connection because for every new outbound connection, the router randomly gives you a new port number on the interval between 1024 and 65535. So if you ask a server what you ip and port number is, it may tell you the right ip (your ip address doesn't change very often unless you turn off your phone or something like that), but the port number will change. If you try to guess the port number there is a ( (65535-1024-1) / (65535-1024) ), or 99.998% change of you guessing it wrong, assuming that the number of possible port numbers to choose from is (65535-1024).
So unless the port numbers are predictable (which in many 4G networks they are not), you're hosed - no chance.
Your best bet is to use stun and not support evil routers.
My task is to determine the connectivity of a single browser client. I was wondering if the emitted Local ICE Candidates are any indication to the client's connectivity. So examining a candidate originating from google's STUN server:
mid: audio, candidate: a=candidate:941443129 2 udp 1845501695 2.84.19.92 49669 typ srflx raddr 192.168.1.2 rport 49669 generation 0
I can see my public ip 2.84.19.32 and i can also view my local, behind the NAT, ip 192.168.1.2. At this point i also know that the browser is listening on UDP port 49669 and waiting for connections. Can i infer at this point that the STUN client has made a successful connection to my public ip and port?
I understand it is ICE's job to determine if a connection is possible to that Candidate, but is it possible to determine connectivity with a single client (browser)?
My ultimate question / task, is to tap into the ICE process and know for a fact if the [single] client is behind a NAT and what type of NAT that is. Is that possible?
The presence of candidates doesn't give the information that you have connectivity. But if you analyze the content of them, you can conclude some things.
You need to take into account what STUN/TURN servers you are using.
If nothing is defined you can still have candidates, if the device is connected in a network and has an IP attributed (even if the network has no access to the Internet), you will only have candidates with local IP address.
If you define a server, and you get candidates with other types than host, it means that you have connection (at least connection to the defined STUN/TURN server, that is supposed to be outside of your machine).
To know if you are behind a NAT, you can check the presence of host candidates with local IP's.
After you get a candidate, it means that that host:ip is accessible from the internet. That's the whole idea of contacting a external STUN/TURN server. Is to open that ports... But, the fact that they are accessible, doesn't mean that you will receive attacks. You can in fact receive, but that is where the key negotiation enters and checks that only other peer (the ones with the keys) can "establish a connection" to that host:port
There are two ways to get this data out of the webRTC connection object:
pc.iceConnectionState, this tells you the connection process
pc.iceGatheringState, this is about the 'getting' of the ice candidates
But both don't really seem to work, as I am behind a firewall which blocks the RTC, but pc.iceConnectionState still gives me connected, but you might give it a go and see if it works for you.
What I want is, basically, to create a connection between two different computers on same local network. But i want to do this by computers' local IP's. (like 192.168.2.23 etc)
This must be a totally local connection. no TURN or STUN Servers. I am not sure if this is possible. Because there are not much documentation/example/information about WebRTC.
So, how can I create a connection from my computer to another one just passing its local IP as parameter?
Update: To be more clear; imagine there is an html page contains some code that activates my camera and audio services. and another -almost same- page is open in other computer. Waiting a connection request... And there is a textbox in my page to type an IP belongs to other computer on my local network. type 192.168.2.xx and bingo! i have connection between me and other computer.
I want this process as IP based, because there may be more than 2 devices on the network. And all of them are possible devices to create connection. So i need to reach them by their IP's.
Any example code or explanation would be great! even if it tells that this is not possible.
Thanks
Peer discovery is a vital part in any WebRTC application. It's an expensive term for saying: "Hi, I'm computer 4 and I want to talk to you!".
See it as calling a friend over the phone. You need to dial his number first.
This part is not defined in the WebRTC standards. You need to implement this logic in your application. Once you know who you want to call, you need a way of exchanging vital information. This is called signaling, like flo850 put in his answer.
Signaling is needed before any peer-to-peer connection can be set up.
To come up with an idea for your use case of 7 devices in a LAN.
If you have these devices connected to for example a WebSockets server and are in the same channel.
The WebSockets server can be written to route messages to specific receivers.
Devices connected to the channel often are identified with some kind of ID, imagine you use the device's IP.
When you want to talk to computer 4 with IP 192.168.0.4 you send the exchange messages (signaling) on the channel to the receiver with ID, the IP of the device you want to connect with.
How to send the signaling (offer, answer) is described here with example code.
Hope this helps
Users usually sit behind NATs; that's why ICE concept implemented in WebRTC.
If both users are sitting behind same NAT; you can skip ICE servers by passing "NULL" parameter value over "RTCPeerConnection" constructor:
var peer = new [webkit|moz]RTCPeerConnection ( null );
Now, browser will use "host" candidates, also known as "local" candidates.
you still need a signaling server. During the ICE candidate search, your clients will exchange their local ip through this signaling server
I am trying to send a UDP packet to a device that is behind a NAT. Using a 3rd party program it is possible to send packets to this device no problem, and the packets show up in wireshark fine.
Using my own UDP client to send a packet to the device doesn't work... but if the device sends ME a packet, in the onReceive() method, sending directly back to the device in this method DOES work...but interestingly if I take the EndPoint and connect to this using a new UDP client, then it doesn't work again.
It seems like only when the device connects to me can I send messages downstream (like reverse connecting in TCP) and even taking the EndPoint as a reference to the 'connection' is not enough.
Can anyone think of reasons why I can't send directly to the device, even though I know it is possible to do so because the 3rd party software can do it?
Sending directly to other IP's such as my local computer works fine too, it is just this device that I cannot contact. My local computer is on an address like 192.168.10.2 and the device is on an address like 12.0.1.5 (when connected it creates its own LAN)
Many thanks
I am working on a C++ server/.NET client applications couple in which my server (which runs the c++ on linux) broadcasts a message to show it's alive to the whole network and my .NET program listens for packets and parses to get the uptime of the server.
As I have read, to send a regular UDP broadcast to the broadcast address, I simply have to send a packet to 192.168.0.255 (in my case 192.168.2.255) or 255.255.255.255. Is this right? Can I use the same port address? Are there any other necessities?
I understand the fact that if my .NET program listens on that particular address it is possible to receive packets from other applications than my C++ server program. Is there any method of "signing" the packet on the C++ server-side in order for my .NET program to read the header of the packet and see that it is (almost) the one I am looking for?
Regardless of the language you are using, here is my answer:
Regarding the broadcast IP addresses, both addresses are broadcast addresses but the limited broadcast address (which is 255.255.255.255) won't be forwarded by routers. It is better to use the subnet-directed broadcast address (192.168.2.255).
In order to send/receive a broadcast address, you need to define your broadcast address (broadcast IP address and port number). For example: 192.168.2.255 and port number 3000. The client applications (the senders) MUST enable SO_BROADCAST socket option as follows:
int enabled = 1;
setsockopt(sockfd, SOL_SOCKET, SO_BROADCAST, &enabled, sizeof(enabled));
where sockfd is the socket descriptor.
The server application will listen on a specific port number (port 3000). Normally, the server will respond to each request using unicast message.
There will be no conflict as long as no application is listening on the same port number. Your server will not run if another application is listening on the same port unless you enabled SO_REUSEADDRESS socket option. However, if there is a conflict, then your signiture is depending on your protocol (message format). So, check the message format and reject the message if it does not follow the message format defined by your application protocol.
For client applications, the received packet is unicast (unless you have another design). So, no conflict at this side.
You also have to enable the SO_BROADCAST socket option in C++ to send broadcast traffic, or you'll get a permission denied error:
int broadcastPermission = 1;
setsockopt(socketDescriptor, SOL_SOCKET, SO_BROADCAST, (void*)&broadcastPermission, sizeof(broadcastPermission))
If your .NET program listens for broadcast traffic, it will receive any and all broadcast traffic on the network sent on that port, including traffic not sent by your server. You could put a "marker" in the payload of the broadcast messages sent by your server. This way, your .NET program could distinguish which ones it cares about.
Beyond that, I would recommend using multicast instead of broadcast. Broadcast traffic is usually restricted to hosts on the same subnet. In layman's terms, if you have a router in your network, a host on side A of the router will not see broadcast traffic sent by a host on side B (and vice versa) because the router "blocks" it. Routers will almost always forward multicast traffic if a host has joined the multicast group.