I am sorry, this is kind of a noob question, but I don't get how ports work.
I think that when I open a tcp port in C# via the TcpListener on the server, anyone can connect to it. However, I only want my application client to connect to the port and send my predefined packets. Would it be possible for any person to connect to the port and send data that might harm my computer? Or is it just possible to send random data that is then just wrongly interpreted by my packet handlers?
I hope I could communicate my question clearly. Thanks in advance
Securing a port is generally a function of the operating system or the network infrastructure (could be as simple as a software firewall). You can use something like iptables to allow incoming connections from whitelisted IP addresses only.
If you want to do it through software, the server and client can use symmetric encryption. Only clients that know the key will be able to send meaningful messages. All other messages can be safely discarded.
Related
i made basic TCP Socket server and client console application in c# with listener etc.. it works well with both server and client executed in same machine(127.0.0.1:10048). I want to try it with different machines in same network(both connected to same modem).
Which ip port should i use? I need help.
Thanks
You should use a port in the ephemeral port range. The ephemeral port range is the range of port numbers that is being selected from if you active connect to a server. The point is that it is free for use. Your kernel will skip the port numbers that are already in use so you don't have to worry about that either.
http://en.wikipedia.org/wiki/Ephemeral_port
And on top of this it is best not to hardcode your port numbers and ip adresses where you bind to connect or send to.
Make sure your OS firewall is turned off. For instance windows firewall can block this type of traffic.
Do not use just any free port that you detect is not in use. For instance you may not have an FTP or Telnet server running on your system, but that does not mean that you can just hijack those ports. From a functional point of view it will work if you do, but then you cannot run those services anymore somewhere in the future where you might need them, or your application will start failing. Which fails depends on which application is first started and starts using the port first.
When you bind an ip# you should use INADDR_ANY. Loopback communication will still work if you use this, you probably already did, most examples include it. Sending or connecting to an IP# should come from a configuration file (data driven) or commandline parameters. The IP# depends of course on the machine you want to communicate with.
Open your CMD and type ipconfig. There you can see your IPv4 address, that you should use to connect. The port doesn't really matter. Make sure to turn of your firewall(s) to allow a connection
I had an argument with a colleague on the selection.
We have two processes running on the same machine.
=> NamedPipe and UDP are KERNEL OBJECT so as far as i understand this is same overhead.
The advantage of UDP is that if tomorrow we will separate those two processes and they will run on two different computers so I do not have to change anything.
I think that the NamedPipe performance are better since there is no need to use a network card to send the information to the same machine (am I right .. sending localhost will use the network card - right ?)
Can anyone advise us please ??
Thanks
Before Implementation , you can care below points :
Named pipes:
Named pipes provide interprocess communication between a pipe server and one or more pipe clients.
They support message-based communication and allow multiple clients to connect simultaneously to the server process using the same pipe name.
Named pipes also support impersonation, which enables connecting processes to use their own permissions on remote servers.
User Datagram Protocol :
User Datagram Protocol (UDP) is a simple protocol that makes a best effort to deliver data to a remote host.
The UDP protocol is a connectionless protocol, UDP datagrams sent to the remote endpoint are not guaranteed to arrive, nor are they guaranteed to arrive in the same sequence in which they are sent.
Applications that use UDP must be prepared to handle missing, duplicate, and out-of-sequence datagrams.
Is there any way to check that UDP ports 500 and 4500 of a VPN server are responding ? The goal is to check if a firewall or something is blocking these ports.
Thanks in advance
So, UDP doesn't do acks or connections like tcp does; so the only way to be sure the port is responding is to actually send some data and get a response (there is no requirement that it does respond though).
Since these are specific ports, I assume that there is a specific application/protocol you are looking at. For that you basically need to open the port and either send it some garbage data or some form of identification payload (depending on the protocol).
This previous question outlines what you need to do to handle that.
It seems that I should use ISAKMP protocol to talk to the servers.
There seems to be no way to test that the ports are available without using the protocol used by the server.
You may try to use some opensource VPN clients like strongswan and try connect through VPN. Use either IKEv1 or IKEv2 connection, it will try to hit 500/4500 ports for connection. If the response from the server is received then ports are open.
I need to read some data from a rs485 device. It is connected to a Aport-211W and this one is connected to my local network. This device opens a server on port 502 and this is the rs485 port of the device I wanted to read. The protocoll is modbus.
My first try was to link this mobus/tcp to a local COM Port on my computer with this Software and read everything through it. But I dont want to use an other software for this and now my question is: How can i directly connect from a C# program to the modbus/tcp server and read data out?
I have already found some libraries but none of them is able to connect to the device. I have closed the Serial Port Redirector because it blocks the communication. Has anybody done something like this before?
Aport-211W is just a gateway between your MODBUS device (probably MODBUS RTU) and network. It does not do any protocol conversion, which means that you have MODBUS RTU over TCP and not plain MODBUS TCP protocol. These are different protocols, and you need to adjust according to that.
Well, you can write on yourself if you want, that way u can contol the stuff ur self and will be bespoke.
mostly, it would be Modbus RTU over TCP from the Slave.
Just create sockets to communicate with the Aport as they communicate through TCP.
this is my first question here, after searching and reading through many places I have not choice but to ask.
I have a C# application that receives data from a GPS device and stored in a database, I need now is to send a string that contains commands which the device should be interpreted.
This device connects to the Internet over GPRS, I haven't idea how to send this packet over TCP over GPRS because the IP is dynamic.
I hope any suggestions or ideas on how to solve this.
Best regards.
You should do it the other way around - the device should poll the server for instructions. Just make sure the server is accessible.
As you have specified that you have developed a C# application to read the GPS data through GPRS that means you are running C# application on a public/static IP.
Nwo as soon as you get a request from the GPRS client, you get the DHCP IP address of the remote endpoint too.
Once you have that endpoint and socket open, you can transmit any data to the GPS device back.
Assuming that your GPS device is having some microcontroller to drive the GSM/GPRS modem.
I'm going to make an assumption here that the 'Device' is some kind of mobile phone connected to a standard GSM network?
If it is, then the short version of the story is "Forget it" even if the IP wasn't dynamic, you simply wouldn't be talking to the IP of your device, you'd actually be talking to the IP address of your providers GGSN, and for a standard consumer connection this is going to be where the buck stops.
Now that said, IF you have the budget, and all your devices (Assuming multiple ones) are with the same carrier, then you can approach the carrier and request a dedicated APN (Access point name) essentially what this is , is the mobile network equivalent of a DNS record, or at least similar enough to use that analogy anyway.
When you set up your data connection on your device you may recall having to enter something like 'pp.vodafone.com' or 'INGhub411.o2-uk.inbound' we'll this is your actual APN, and if you have a custom one they your devices can be set up so that the IP the presents itself at the GGSN actually has a static route back to the individual device in the suppliers GSM network.
As a general rule of thumb however on consumer grade connections this is not enabled and hence there is no ingress available to the individual device.
As zmbq says, the ONLY option you have is for the device to keep polling the server on a regular basis, and yes unfortunately that is going to be very unforgiving on the battery.
of course there is one other way of approaching this, and that's to have the device open a socket directly to your server then keep that socket open. Once the socket is open, 2 way communication can be performed across the link, unfortunately your going to also have to write all the code to manage this connection including, but not limited to monitoring the connection to make sure it's still open and re-establishing it if it's not, something which is incredibly important on a mobile device.