In UDP, destination IP and destination port number are used to demultiplex the packets, but in TCP destination IP, source IP, destination port number and source port numbers (4-tuple) all needed to distinguish between the connections why reasoning for this usage.
This is entirely due to the fact that UDP is connectionless - it doesn't have any concept of connections, so it is only the destination address that matters.
Related
When using local forwarding we are free to pick destination port:
ssh -L 8000:10.10.1.11:80 user#192.168.56.102 - 80 is destination port - we explicitly specify which port to forward to.
Take a look at diagram in this article. If I understand correctly, in dynamic forwarding destination port is somewhat implicit (?):
ssh -D 8080 user#192.168.56.102 - 8080 is local host port, but still it somehow forwards to 80 for us.
Questions:
How SOCKS5 proxy knows which port to forward traffic to?
Does SOCKS5 proxy somehow sniff destination from the protocol of the traffic it proxies?
Can that destination port be configured?
Where is it configured - on my local machine, or remote that does final forwarding for us? Nowhere?
Is it a predefined fixed set of protocols/ports? Smth like http=80 destination port?
Any other internal details of forwarding you can add to clarify the picture.
thanks.
PS. Here https://unix.stackexchange.com/questions/213213/difference-between-local-port-forwarding-and-dynamic-port-forwarding#comment401063_213219 i found some hint to what i'm interested in, pity there are no details provided...
SSH and SOCKS are two completely different and unrelated protocols. But, to answer your questions:
How SOCKS5 proxy knows which port to forward traffic to?
A SOCKS client explicitly tells it where to connect. The destination host/ip and port are input fields in the SOCKS CONNECT command. So, there is no guessing/infering at all.
Does SOCKS5 proxy somehow sniff destination from the protocol of the traffic it proxies?
No. SOCKS is just a tunnel of raw bytes, it has no concept of protocols beyond its own.
Can that destination port be configured?
Not on the proxy itself, no. Since the client decides where to connect, any configuration would be on the client side.
Is it a predefined fixed set of protocols/ports? Smth like http=80 destination port?
No.
Any other internal details of forwarding you can add to clarify the picture.
Read the SOCKS protocol specs.
SOCKS v4: https://www.openssh.com/txt/socks4.protocol
SOCKS v4a: https://www.openssh.com/txt/socks4a.protocol
SOCKS v5: https://datatracker.ietf.org/doc/html/rfc1928
Through tcpdump in dhcp-server, it shows the server can receive the DHCPDISCOVER package and send the DHCPOFFER package, but can not receive the DHCPREQUEST package from the dhcp-client, so the client can not get IP address and always in send DHCPDISCOVER package.
But the dhcp-server which runs in VMWARE's instance can send DHCPACK to client and the same client will get the IP success. The dhcp-server using the same configure as in Openstack's instance.
And, if I configure the static IP address in the client instance, it will ping the dhcp-server's IP successful.
One more thing, the server and client are in the same vlan.
Is there any limit rule in Openstack's instance? How can I resolve this problem, THX.
The essential reason is that the traffic of port is limited by the security groups in openstack.
By default, all security groups contain a series of basic (sanity) and anti-spoofing rules that perform the following actions:
Deny egress DHCP and DHCPv6 responses to prevent instances from acting as DHCP(v6) servers.
Resolution:
disable security groups (no recommend)
set dhcp-relay to the dhcp server in router (recommend)
security groups limited the traffic by hypervisor's iptables which will drop the packets which's src port is 67 and dst port is 68.
DHCPOFFER packets will send to router by src and dst port 67, and it will works to all vlans.
For DHCP relay and DHCP proxy, packets sent to the DHCP server from the router have both the source and destination UDP ports set to 67. The DHCP server responds using the same ports.
Maybe there are some methods but I can't find out until now ?
When I connect to SSH I use port 22 as destination, but when the reply comes back, does it come in on port 22 as well? Or is the client source port randomly assigned as in other TCP communication?
If set up a firewall allowing outbound traffic to port 22 - Do I also need to allow incoming traffic on port 22?
The client SSH port is randomly assigned, as in most client/server systems over TCP/IP.
Were the client port fixed, you would not be able to open multiple SSH connections from the same client IP address, as the connections would be indistinguishable on an IP protocol level. The client port number is the only piece that makes the connection unique (client IP, server IP and server port being the same).
You do not need to allow the incoming traffic though. There is only one outgoing connection in SSH (the responses from the server come over an existing connection).
I am trying to monitor a remote IP port for outgoing data.
At the minute I have a TCP port connected which is stuck in a deliberate (almost) infinite loop.
This works, until the tcp connection is broken for any reason.
It just feels better to monitor the remote port for outgoing data, but all the classes/functions I find are for receiving data on a particular port.
Any ideas?
I'm tunneling all of my internet traffic through a remote computer hosting Debian using sshd. But my internet connection becomes so slow (something around 5 to 10 kbps!). Can be anything wrong with the default configuration to cause this problem?
Thanks in advance,
Tunneling TCP within another TCP stream can sometimes work -- but when things go wrong, they go wrong very quickly.
Consider what happens when the "real world" loses one of your TCP packets: after a certain amount of not getting an ACK packet back in response to new data packets, the sending side realizes a packet has gone missing and re-sends the data.
If that packet happens to be a TCP packet whose payload is another TCP packet, then you have two TCP stacks that are upset about their missing packet. The tunneled TCP layer will re-send packets and the outer TCP layer will also resend packets. This causes a giant pileup of duplicate packets that will eventually be delivered and must be dropped on the floor -- because the outer TCP reliably delivered the packet, eventually.
I believe you would be much better served by a more dedicated tunneling method such as GRE tunnels or IPSec.
Yes, tunelling traffic over tcp connection is not a good idea. See http://sites.inka.de/bigred/devel/tcp-tcp.html