Is there any way to check that UDP ports 500 and 4500 of a VPN server are responding ? The goal is to check if a firewall or something is blocking these ports.
Thanks in advance
So, UDP doesn't do acks or connections like tcp does; so the only way to be sure the port is responding is to actually send some data and get a response (there is no requirement that it does respond though).
Since these are specific ports, I assume that there is a specific application/protocol you are looking at. For that you basically need to open the port and either send it some garbage data or some form of identification payload (depending on the protocol).
This previous question outlines what you need to do to handle that.
It seems that I should use ISAKMP protocol to talk to the servers.
There seems to be no way to test that the ports are available without using the protocol used by the server.
You may try to use some opensource VPN clients like strongswan and try connect through VPN. Use either IKEv1 or IKEv2 connection, it will try to hit 500/4500 ports for connection. If the response from the server is received then ports are open.
Related
I am sorry, this is kind of a noob question, but I don't get how ports work.
I think that when I open a tcp port in C# via the TcpListener on the server, anyone can connect to it. However, I only want my application client to connect to the port and send my predefined packets. Would it be possible for any person to connect to the port and send data that might harm my computer? Or is it just possible to send random data that is then just wrongly interpreted by my packet handlers?
I hope I could communicate my question clearly. Thanks in advance
Securing a port is generally a function of the operating system or the network infrastructure (could be as simple as a software firewall). You can use something like iptables to allow incoming connections from whitelisted IP addresses only.
If you want to do it through software, the server and client can use symmetric encryption. Only clients that know the key will be able to send meaningful messages. All other messages can be safely discarded.
i made basic TCP Socket server and client console application in c# with listener etc.. it works well with both server and client executed in same machine(127.0.0.1:10048). I want to try it with different machines in same network(both connected to same modem).
Which ip port should i use? I need help.
Thanks
You should use a port in the ephemeral port range. The ephemeral port range is the range of port numbers that is being selected from if you active connect to a server. The point is that it is free for use. Your kernel will skip the port numbers that are already in use so you don't have to worry about that either.
http://en.wikipedia.org/wiki/Ephemeral_port
And on top of this it is best not to hardcode your port numbers and ip adresses where you bind to connect or send to.
Make sure your OS firewall is turned off. For instance windows firewall can block this type of traffic.
Do not use just any free port that you detect is not in use. For instance you may not have an FTP or Telnet server running on your system, but that does not mean that you can just hijack those ports. From a functional point of view it will work if you do, but then you cannot run those services anymore somewhere in the future where you might need them, or your application will start failing. Which fails depends on which application is first started and starts using the port first.
When you bind an ip# you should use INADDR_ANY. Loopback communication will still work if you use this, you probably already did, most examples include it. Sending or connecting to an IP# should come from a configuration file (data driven) or commandline parameters. The IP# depends of course on the machine you want to communicate with.
Open your CMD and type ipconfig. There you can see your IPv4 address, that you should use to connect. The port doesn't really matter. Make sure to turn of your firewall(s) to allow a connection
I wrote messenger in c# with sockets, but i have little problem with ports. To clear comunication I have to open port on router which i use in my messenger. How to resolve this problem? Is method to automatic open default closed ports?
Thanks.
There are a couple things you can do.
The first is to change the programming of your application so that it uses the regular http port (80) for communication. This would allow your app to make outbound calls pretty much anywhere.
Alternatively you could use a high port number from 49152 through 65535. ( See Assigning TCP/IP Ports for In-House Application Use ).
However, depending on where you are deploying your application it is highly likely that all of those ports are blocked via firewalls; and neither will solve your problem
Most messenger type applications can't go direct due to firewall issues. For example, even if you use port 80, its likely the client machines have that port blocked for incoming TCP requests.
Instead they typically connect to a known public server. When one client wishes to connect to a different one, the server will route the message between the two clients. A very simplified look at this is: Client A sends a communication request to the server for Client B. Client B polls the server for messages, sees one and shows it on the desktop.
There are ways to keep the TCP connection alive between the clients and server in order to speed up communications; but that's the basics.
There are even ways for clients to directly talk to each other, when they determine that certain ports are open for communication or that proxy servers aren't going to interfere with the traffic. However, that's a little more advanced than a simple "answer" here can provide.
I'm developing a wake up on LAN project but that I want to control if computer is open or not on my local area network. But I don't want to use ICMP or WMI (there are DCs on my network). So is there any other options for this problem like Socket Connection, check specific ports are using or not like this?
What's wrong with ICMP?
Anyway, you try accessing a port and measuring how long it takes for the connection to fail. If it fails quickly (You'll have to measure what 'quickly' is on your system), the computer is probably up and refusing connections. If it fails after a long time (again, measure to find out what 'long' is), the computer is probably down.
I doubt you'll be able to achieve 100% accuracy this way.
As you probably know, "Wake on LAN" is just a UDP broadcast on port 60000, with the packet containing the MAC address of the host you wish to activate:
UDP 255.255.255.0:60000
Soooooo ....
What good is "ping" (or anything else?) going to do if the host is "off"?
All you're really interested in is:
1) Can the host(s) in question receive your UDP broadcasts?
2) Is there anything between you and the host(s) blocking the port?
I am supposed to connect to external server using UDP sockets in C#..
I could not understand these 2 lines in server usage notes:
"Use of dedicated sockets is enforced."
and
"If the server looses UDP connectivity with the client, it will ..."
I thought that the UDP socket is connectionless!
So what did "looses connectivity" mean? and how to avoid it?
Does there is a known way to ensure "dedicated sockets"?
Thanks
"Use of dedicated sockets is
enforced."
To me this says, create one unique socket for each connection and use it throughout that connection.
EDIT: Just to expand on this, from the servers point of view.
UDP sockets are not identified by the
remote address, but only by the local
address, although each message has an
associated remote address. (source).
That way the server can distinguish from which client each message came from. Because the remote address is made up of an ip address and port combination, you should use the same socket throughout your communication of the sever. This is because if you don't, it's possible you could get assigned a different port next time you change the underlying socket.
"If the server looses UDP connectivity
with the client, it will ..."
It is possible to loose UPD connectivity e.g. either of the endpoints in the connection is lost, say I go to the server and pull the plug?
EDIT2:
Dan Bryant makes an excellent point in the comments, that links in with what I was saying about.
One thing worth noting is that it's
possible for a call to a UDP socket to
throw a SocketException with
SocketError.ConnectionReset as the
error code. UDP does not have any sort
of session with structured
connect/disconnect, but it does use a
dynamically-assigned remote port to
allow replies, which is a kind of
'connection'.
After 2 hours trying different -may be random solutions:
The server wants you to introduce yourself on a port other than the one you will use to actually send data. "dedicated sockets"
You know which IP and Port you are sending start info on, but you do not know which will be used for actual data transmission..
Solution
1- You will create your socket -with known IPEndpoint, and send on it the 'start message'..
2- Then wait to receive from Any IP...
3- The server will response 'welcome message', stating the Endpoint it will use.(by changing parameter ref remoteEP of Socket.ReceiveFrom())
4- You must then change the port you are sending on = remote Endpoint port + 1 (why? standard way or something?)
5- At last you can send and receive normally using these ports