What is the best way of reading, changing, and resending UDP communications?
For instance i have a server application that tells a master server it's alive sending a packet over UDP on port 3209. It sends out "I'm alive, my ip is xxx.xxx.xxx.xxx and I have currently 3 clients connected to me." the master server then responds, "Hello xxx.xxx.xxx.xxx i see you there."
Whats the best way of MITM (Man In The Middle) of the server sending its packet to the master server? I would like to be able to change "I'm alive," to something like, "I'm changed," or even "currently 3 clients connected" to "currently 0 clients connected"
When trying to make a new UdpClient to the port the server is on i get a "Only one usage of each socket address (protocol/network address/port) is normally permitted" exception.
you mean packet analysis?
You should do two things:
Discover real protocol of
interserver communication. They are
comunicate over UDP but structure of
the data trasfered is not the
network protocol. You should
discover data structure are
transfered between servers
Decide on wich side you are going to
operate with packets. If you are on
one of the servers sides, you can
write filter driver wich would be
change data before it will be
sending or before it will be
recieving by application. If you are
not in the serber side I dont kwnow
hot to intercept network packets
UDP has no integrated security and is not connection oriented so in this case It will be much easier.
You can forge the source IP in the IP packet (no real problem doing that) and just sniff the UDP packets sent to the real IP server. The main problem here is avoiding the main server to receive the real packets from the real client. For that you'll have to tamper with the routing scheme which is not really easy to do...
I ended up writing a program to listen on the port that the server was sending to. I then resent all the data to the master server with the values changed that i needed. When the master server responded back i then sent that data back to the client application. Nor the server or the client application know there is a server in the middle changing the data.
Thanks for all the replies!
Related
I'm trying to make p2p connection using UDP hole punching method, but I always get ICMP packet with Destination unreachable status.
At first, there is created an UDP connection to server:
send = new IPEndPoint(IPAddress.Any, 0);
server = new UdpClient(send);
server.AllowNatTraversal(true);
without any direct connection (no ip, no port, just endpoint on random port).
I send some packets to server with direct server.send([..],[..],serverip,serverport) on server's ip and port and obtain information (remote IP, port used to connect to server) about another peer
Now I'm trying to make hole punch with sending simple UDP packets on peer's IP:PORT using server connection (but again with direct server.send([..], [..], peerip, peerport)). I know that the first packet is always dropped, so I'm sending it 50 in 100ms intervals, while remote peer does same thing.
If I understand UDP hole punching method, sending packet from first peer (A) opens NAT record in A's NAT and it is dropped by B's NAT because of no record in NAT. So when B send packet to A, there is record in A's NAT created with first packet (for B) and packet should be received by B. The NAT record in B's NAT is created. A should send another packet to B successfully.
P.S.: http://nattest.net.in.tum.de/test.php test was successful
http://nattest.net.in.tum.de/individualResult.php?hash=a5f229d156d4f5409a305c37729d9510
http://nattest.net.in.tum.de/individualResult.php?hash=3fd60e888721908a9480cd12836b97af - using VPN on second VM
P.P.S.: I'm using virtualized Windows in Virtual Box.
You should get a network capture trace from both endpoints and study the results. Pay close attention to port numbers on all sides, as the port number may be getting re-mapped as well as the IP address.
It is difficult to infer what are you asking. If you are getting an ICMP error, it's possible that the NAT or endpoint wasn't ready to receive your UDP packet. Repeating the hole punching test a few more times might clear this issue up.
I suspect the port number you think the remote peer is listening on is getting mapped differently from what you think it is. Such will be the case if you are on a symmetric NAT, which is very possible with VPN on VM.
i am wondering how tcp servers work because there is no multicasting. I am interested in using tcp for my game since it won't require to much packets to be sent like some other games. It still needs to have a client / server architecture though.
Since there is no multicasting, is there just a loop to send everything directly from server to client for every client? Is this what minecraft does (cuz i read it uses tcp)
it was my understanding that only 1 socket can be bound to a port. With udp, the server socket can accept connections from IPAdress.Any, so it can receive information from all clients. Since TCP is connection only, how would this work? Can multiple TCP connections be made on the same socket?
Only one listening connection can exist per port on the server. However, many clients can connect to that one listening port. A "Connection" under the hood is the combination of ServerIP + ServerPort + ClientIP + ClientPort, also the client port does not need to be the same every time (only the server side port needs to stay static), the OS chooses a random high number port and give that to the client side for the connection. That is why you can have many outgoing connections on a client but only one listening connection on the server.
Look at this page for a example on how to set up multiple connections to one port.
I have a custom TCP Server listening on port 5888(dummy port). The proxy server listens for incoming connections. When the proxy receives HTTP request for certain pages, it should relay it to the main server on port 80.For other page requests the proxy is required to send data to the main Server on port 8081.
The port 80 is used to service the HTML Pages where as the port 8081 is used for streaming data to the clients.
I am able to receive the incoming connections on the proxy and then read the data from the clients. After reading the data, I can determine which port to connect to on the main server for sending the data.
I am stuck at deciding how to connect on 2 ports for sending the data from the clients to the Main Server?
In that case you either need 2 socket connection objects to the same IP on the different ports (this is legal), or you have one connection object which reconnects according to the port you have to deal with.
Depending on how often you have to switch connections the latter version might have a huge overhead, plus the first one allows you to send data to both ports virtually simultaneously.
You need to stop thinking of your program as a server. After you have received the connection, read the data, and decided what port to send it to, shift gears and start operating as a client would.
Just open a new connection to "localhost" on either port 80 or 8081 and re-send the data you received as if you were the original client.
Your client is connected to the proxy server on port 5888 so no matter from what real server (Web or streaming) you take the data, you are going to provide the data to the client using port 5888 only.
It seems to be a not so practical solution. I am assuming here that you are trying to achieve a kind of control port and data port structure where one port is controlling the streaming from another port.
Just creating two sockets is sufficient for obtaining data from two servers. Here you will have to manually create a protocol which your client understands as you are going to provide both html and streaming data to the client using single port.
I am attempting to create a server and client that utilizes both TCP and UDP. The server works very well in a LAN setting but the UDP messages are not being received when transmitted over a WAN. I believe it is because the UDP socket used to send the data is not remaining in the NAT tables long enough to return any information. Is there a way to either make the UDP port stay open in the router (without port forwarding) or use the same port for UDP as the already connected TCP connection? Thanks in advance.
If you're not getting any traffic it is probably simply blocked by the firewall. In this case it is not about forwarding, it is about opening the port.
Most (if not all) NAT/Firewall devices will allow UDP traffic in both directions once a hole is punched through the NAT. That is, if my laptop here, sitting behind a NAT/firewall, sends a UDP packet out to the Internet my NAT/firewall will allow return UDP traffic to the originating port number through. I work a lot with UDP and my experience is that this is the rule and very few exceptions.
Keep in mind though UDP packets are not guaranteed to be delivered.
Is your client behind a NAT? Do any packets the client send get to the server? Is the problem in the server to client direction?
If you use the same port number for UDP and TCP this will not change the situation. You can't piggyback on a TCP connection because it is a different protocol.
Network Address Translation (NAT) Behavioral Requirements for Unicast UDP
http://en.wikipedia.org/wiki/UDP_hole_punching
I am supposed to connect to external server using UDP sockets in C#..
I could not understand these 2 lines in server usage notes:
"Use of dedicated sockets is enforced."
and
"If the server looses UDP connectivity with the client, it will ..."
I thought that the UDP socket is connectionless!
So what did "looses connectivity" mean? and how to avoid it?
Does there is a known way to ensure "dedicated sockets"?
Thanks
"Use of dedicated sockets is
enforced."
To me this says, create one unique socket for each connection and use it throughout that connection.
EDIT: Just to expand on this, from the servers point of view.
UDP sockets are not identified by the
remote address, but only by the local
address, although each message has an
associated remote address. (source).
That way the server can distinguish from which client each message came from. Because the remote address is made up of an ip address and port combination, you should use the same socket throughout your communication of the sever. This is because if you don't, it's possible you could get assigned a different port next time you change the underlying socket.
"If the server looses UDP connectivity
with the client, it will ..."
It is possible to loose UPD connectivity e.g. either of the endpoints in the connection is lost, say I go to the server and pull the plug?
EDIT2:
Dan Bryant makes an excellent point in the comments, that links in with what I was saying about.
One thing worth noting is that it's
possible for a call to a UDP socket to
throw a SocketException with
SocketError.ConnectionReset as the
error code. UDP does not have any sort
of session with structured
connect/disconnect, but it does use a
dynamically-assigned remote port to
allow replies, which is a kind of
'connection'.
After 2 hours trying different -may be random solutions:
The server wants you to introduce yourself on a port other than the one you will use to actually send data. "dedicated sockets"
You know which IP and Port you are sending start info on, but you do not know which will be used for actual data transmission..
Solution
1- You will create your socket -with known IPEndpoint, and send on it the 'start message'..
2- Then wait to receive from Any IP...
3- The server will response 'welcome message', stating the Endpoint it will use.(by changing parameter ref remoteEP of Socket.ReceiveFrom())
4- You must then change the port you are sending on = remote Endpoint port + 1 (why? standard way or something?)
5- At last you can send and receive normally using these ports