Thank you for reading my post.
Can you help me interpret what the following line from "netstat -anb" means:
Proto Local Address Foreign Address State
TCP 192.168.2.241:52440 64.233.166.103:443 ESTABLISHED
[firefox.exe]
In particular:
does this mean that the TCP port 52440 is opened on the machine which IP is 192.168.2.241?
does this mean "firefox.exe" is bound to this port?
Can you guess how "firefox.exe" knew it could use this port (without interfering with another program already bound to that port)?
As a matter of fact, "firefox.exe" is using a lot of ports.
For example, right now on 192.168.2.241, "firefox.exe" is using the ports nro 52163, 57019, 57022, 57030, 57045, 57046, 57049, 57051.
I am asking all this because I would like to write a program which binds to a TCP port to enable communication between the machine where the program is installed and a remote machine on the Internet using sockets.
Contrary to "Firefox" I need only one TCP port on the machine where the program will be installed.
I only need this mechanism to work once, the first time the program is executed (this is not a permanent feature of the program).
How can this port be chosen?
How can this port be chosen programmatically (not manually)?
If there is a firewall preventing the use of any port/the chosen port, how is the program going to behave?
Can an exception be added programmatically to the firewall to open this port?
The machine running the program is a Windows machine.
I would program this in C/C++.
Best regards.
Below is a complement to my original question.
Well, my apologies, maybe you're right: maybe it's wrong to add an exception in the firewall of the user...
What I mean by "adding an exception in the firewall of the user" is doing something like this:
netsh advfirewall firewall add rule name="An exn" dir=in action=allow protocol=TCP localport=6667 program="where/the/program/is/stored/prog.exe" enable=yes
Until now, I thought that, if an application was already "using" a TCP port for its own usage, no other application could "use" this very same port. (I'm aware of the fact that the word "use" is very imprecise. I'd be glad to be able to formulate things more accurately...)
I'm saying this because, as I need a TCP port, I was wondering if I could use an "already available" TCP port... (When I say "already available", I don't exactly know what I mean (maybe I would like to say "open" and "bindable" / or a port already "used" by another application): I'm thinking about TCP port 80 which is often "available"... Again, I wish I could be more specific about this.)
Please let me try to reformulate what I'm willing to do.
A user runs a program "setup.exe" on its machine "M".
"setup.exe" sends a message "m1" to an Internet remote server "RS".
"RS" sends back some information "m2" to "setup.exe" running on machine "M" through a TCP port.
To be able to allow this bidirectional communication between "M" and "RS", I need to "have" a TCP port on machine "M" from which "setup.exe" can receive information sent by "RS". ("RS" is not a problem to me, I can do anything I want on it).
Given the fact that I know nothing about "M" a priori apart from the fact that it is a Windows machine (in particular I do not know what kind of firewall protects it, etc.), I don't really know how to handle the problem correctly. What I would like to avoid is having "setup.exe" fail silently without telling why the TCP port on machine "M" can't be "used".
Given the fact that I need to "have a TCP port available" for the program "setup.exe" running on machine M, what steps should I follow to make it as smooth as possible for the user.
Suppose I'm trying to "use" TCP port 6667, and suppose I'm not "allowed" to.
Apart from a firewall, or another application already "using" this port, what could be the reasons why this port is not available?
I simulated the two machines "M" and "RS" basically using this code http://msdn.microsoft.com/en-us/library/windows/desktop/ms737889%28v=vs.85%29.aspx.
I didn't add an exception to "M"'s firewall.
The two programs on machines "M" and "RS" could communicate smoothly and correctly.
But as you pointed it out in your first answer, "there are no outbound port rules in the firewall at all" on these test machines...
So, I tried, as a simulation, to add an exception into the M's firewall in the section "Outbound rules" to block completely the connection to port TCP 6667 on machine "M": the scenario described above (steps 1) 2) 3)) fails in that case.
I hope this literature is not too indigestible and sorry for the approximations and misunderstandings.
Thank you for helping. Best regards.
does this mean that the TCP port 52440 is opened on the machine which IP is 192.168.2.241?
Possibly, but more probably it means there are no outbound port rules in the firewall at all, as there shouldn't be, being pointless.
does this mean "firefox.exe" is bound to this port?
It means that socket of firefox.exe is bound to that port. It can have many other sockets, and usually does.
I would like to write a program which binds to a TCP port to enable communication between the machine where the program is installed and a remote machine on the Internet using sockets.
You need to state whether your program is a client or a server. If it's a client, it's exactly like Firefox, and you don't have a problem. If it's a server, you have to bind to a port that is open for incoming in your firewall, and Firefox is completely and utterly irrelevant.
Contrary to "Firefox" I need only one TCP port on the machine where the program will be installed.
Sounds like a server, but you need to tell us. For simplicity I am assuming it's a server from here on.
I only need this mechanism to work once, the first time the program is executed (this is not a permanent feature of the program).
You don't need this mechanism to work at all. You need the user to open the port. The user won't appreciate software that breaks his firewall configuration, assuming you can do it at all, which you shouldn't.
How can this port be chosen?
By you. Choose it now. Use one that isn't reserved by IANA.
How can this port be chosen programmatically (not manually)?
You can specify port zero but then you have to tell the user so he can open it at the firewall.
If there is a firewall preventing the use of any port/the chosen port, how is the program going to behave?
Incoming connections won't succeed so the program will do nothing.
Can an exception be added programmatically to the firewall to open this port?
No idea, but it's a bad idea, see above.
I was exploring the ACE frame work and started experimenting its sockets framework. I would like to know if there is a way to spoof the source IP-Address in the IP-Packet using ACE Frame work.
I know this can be done using raw sockets of BSD Sockets. Moreover, I want to know the Local IP-Address of a machine for a particular interface (say eth0, wlan etc).
What I have tried is the following:
ACE_INET_Addr my_addr(1234);
cout<<my_addr.get_host_addr()<<endl;
The get_host_addr() returns the IP-Address of the local machine. But sadly, it prints 0.0.0.0 which is equivalent to INADDR_ANY. So what could be the appropriate solution?
Thank you.
I have two applications. One is the server app and the other is the client app. The server app listens for connections and then feeds messages to all connected clients.
So far all my testing has been done by running both applications on the same machine, and this is working fine. Now though I am trying to test the server running on one machine and the client running on a different machine.
Each of these machines are within my own home network. That network is behind a router with a firewall. From what I have read, my problem might have to do with port forwarding not setup on my router. Does that sound likely?
Is this something I can fix with just my code? Do I really have to require all my users to manually open the port on their firewalls? I have used plenty of other commercial applications that connect to servers and don't require me to open ports on my firewall. What is different about those applications and mine?
Then again, maybe I am barking up the wrong tree here. Maybe there is some other problem preventing my code from working in this situation?
I can provide any code snippets that might help, but I am unsure as to where to start looking and I don't want to just post my entire solution :)
Thank you in advance
You need to bind to 0.0.0.0 (simplified version) in order to accept connections not coming from the local machine. Have you checked that you don't bind to 127.0.0.1?
When you bind to 0.0.0.0 you actually bind to all current and future addresses of the current host and so will be able to accept connections from everywhere, you can also bind to just the address of one of the network interfaces.
I have an application which communicates over the local area network. However, I want to instead make it communicate over the internet. To do this I propose making an intermediate program which will read the network traffic generated from the application on one computer and send it to the application on another computer.
This involves:
Reading the outgoing network traffic of the application
Sending a copy of this traffic over the internet to another computer
Giving this copy to the application on the other computer
Instead of this:
Application on computer A <-LAN-> Application on computer B
I want to achieve this:
Application on A <--> My Program on A <-INTERNET-> My program on B <--> Application on B
I can accomplish (2), but with (1) and (3) my problem is that I have very little experience with networking and I do not know where to start. I can program in python but would be willing to use c++ to accomplish this.
(Hamachi does not work for this application, I do not know why.)
In response to comments
I do not intend to manipulate any data unless it is necessary to make the connection work. I have no control over the application itself and it does not provide me with any methods to configure the connection with the exception of a port number.
TCP and UDP are both used on the port 6112. The IP addresses used are first 255.255.255.255 for a generic broadcast used to discover other applications on the LAN (with UDP), then a TCP connection is established.
The term you are missing in your original question is proxy. You specifically need a transparent forwarding proxy.
Here is a link to some source code in Python that will get you started with writing a proxy.
That said, if you search around you should be able to find a transparent forwarding proxy that you don't have to write yourself.
If you want to do this the most robust way, you can do it in hardware and setup a managed router/switch/firewall to route things to where ever you need without having to write anything.
Why re-engineer the wheel? Why not just use OpenVPN, n2n or vtun etc etc.
I'm running a client/server application locally on my Windows XP PC and for testing purposes I want to run multiple clients.
The server has a configuration file containing the IP addresses of the clients that can connect; in the real world, these would all be on separate hosts with separate IP addresses.
Currently I am able to test locally with a single client which binds to 127.0.0.1 however because I can only have one client-IP mapping in the server configuration (that's how the system works and can't be redesigned!) I can only run one client on my development PC.
I've tried to start another client application bound to 127.0.0.2 connecting to the server which is bound to 0.0.0.0 however the server thinks that the client is connecting from 127.0.0.1 again and so rejects what it believes is a second connection from the first client.
Can anyone suggest a way to get around this problem? I believe I could run one more client bound to the external IP address of the PC but I'd really like to be able to run multiple.
I know I could use VirtualBox or similar to run new instances but I'd like all of the client applications to be running in the Visual Studio debugger.
Any help greatly appreciated!
Nick.
PS. Not sure if it matters but the applications are written in C++ using standard winsock sockets.
You might be able to create more loopback interfaces. See the chosen answer to How do you create a virtual network interface on Windows?
AFAIK Windows 7 (maybe Vista too) lets you add multiple IP addresses to a single interface (card).