I'm trying to write a BOOTP server in c#.
I'm receiving and parsing the BOOTP packet from the client and I need to reply with my server IP address.
The problem is:
The computer can have multiple network adapters
The client doesn't yet have an IP address
Is there any way to find out what adapter the UDP packet was received on?
There are a few possible ways to do this. Bind a separate socket on each IP on each physical interface, then you'll always know which interface the packet arrived on. You can also try the IP_RECVIF flag together with the recvmsg socket function, although I don't know if that's supported on Windows. Steven's has examples in Section 22.2 and 22.6 of Unix Network Programming. You can use the SIOCGIFCONF flag with ioctl to get a list of interfaces on the machine. There is an example program in UNP section 17.6. If c# doesn't give you access to these functions but their supported on Windows you could write a simple C program to collect and update the interface / IP info and then use mmap to share a memory region between your C# program and the interface enumerator.
Related
I am sorry, this is kind of a noob question, but I don't get how ports work.
I think that when I open a tcp port in C# via the TcpListener on the server, anyone can connect to it. However, I only want my application client to connect to the port and send my predefined packets. Would it be possible for any person to connect to the port and send data that might harm my computer? Or is it just possible to send random data that is then just wrongly interpreted by my packet handlers?
I hope I could communicate my question clearly. Thanks in advance
Securing a port is generally a function of the operating system or the network infrastructure (could be as simple as a software firewall). You can use something like iptables to allow incoming connections from whitelisted IP addresses only.
If you want to do it through software, the server and client can use symmetric encryption. Only clients that know the key will be able to send meaningful messages. All other messages can be safely discarded.
The project is to build a messaging mechanism between a Python and C# program via ZeroMQ .
I want messages to be able to travel in/out from both ends at any time, which is NOT a basic request-reply model a.k.a. REQ/REP.
One way I can think of is to build a PUB/SUB model on two ports, i.e. two one way channels.
Is there any method to get a real duplex channel?
There are several ways to do this with ZeroMQ. I suggest using a DEALER/ROUTER socket pair:
Choose one program to be the "server", the other the "client".
The server will bind a ROUTER socket on a port.
The client will connect a DEALER socket to the server's ROUTER port.
(Note: this implies that the client must know the server's IP and port in advance.)
At this point the client can send messages to the server, but the server has no way to send to the client.
The client sends a "HELLO" message to the server.
The server will receive a message that includes the client's address and the HELLO message. Now the server can send messages to the client using the client's address.
DEALER/ROUTER is considered an "advanced" socket pair in ZeroMQ. My description here is very high level. You'll really need to read the docs to get the most out of ZeroMQ.
Oh yes, Sir!
Use the PAIR-PAIR or even the XREQ-XREP ought make it.
The best next step is to carefully read the respective Scalable Formal Communication Pattern archetypes' access-points' API documentation, so as to cross-check, that all pieces of pre-wired behavioural logic meet your Project needs and voilá, harness them in your messaging setup and tune-up the settings so as to meet you performance and latency needs.
That is this simple ( thanks to all the genuine knowhow hidden in these builtins ).
Using for years this very sort of inter-platforms integration among Python + C/MQL4 and other computing nodes, so well worth one's time to learn the powers and strengths of ZeroMQ.
I am currently working on a little chat utility in C#.
The problem is I can't figure out how to scan the network for a specific port on all machines. I am currently using this method
IPGlobalProperties network = IPGlobalProperties.GetIPGlobalProperties();
IEnumerable<IPEndPoint> connections = network.GetActiveTcpListeners()
.Where(x => x.Port == ConstParams.iPort);
where ConstParams.iPort is the port I want to scan (6910 here).
The problem is that the returned values are only local ports and the "0.0.0.0" ip address...
How can I scan for all open ports (6910) on the current network?
Rather than using port scanning, I suggest you to implement a simple discovery mechanism based on multicast/broadcast communication.
During the startup the application should broadcast/multicast its IP/Port information. All running instances should respond to this message with their IP/Port information. This kind of a discovery mechanism is easy to implement, and it is both faster in runtime and more dynamic than the port scanning approach.
You should consider multicast, but rather than rolling your own, rely on an existing standard with library support, like mDNS:
http://en.wikipedia.org/wiki/Multicast_DNS
Or, since you said C#, using one of its native solutions:
http://msdn.microsoft.com/en-us/library/system.net.peertopeer.aspx
Scanning ports is a poor choice, you will most likely trigger firewalls on machines in the network to display your machine as an attacker. Any Intrusion detection systems on the networks could potentially be triggered as well. It's a lot of overhead for what you need.
I would recommend doing a broadcast using UDP or a multicast to discover other clients
http://www.codeproject.com/Articles/1705/IP-Multicasting-in-C
Another option would be to have a centralized server, either on a web server (php script, asp.net page, etc) or a web service (REST) which the chat client would connect to on start up, POSTing it's listening IP/Port, and then in turn would receive a list of all recently announced IP/Ports of the other clients on the network. You'd probably want some keep alive here, IE: the client would POST to the page every 5 minutes, if an IP does not POST for 10 minutes, it would be removed from the list.
To get the public IP of the machine, you could check out this page:
http://www.whatismyip.com/faq/automation.asp
You'd just need to send a web request to it to retrieve the IP. If you want to get the non 0.0.0.0/127.0.0.1 IP of the local interface, you can check out these posts:
Get local IP address
How do I get the Local Network IP address of a computer programmatically? (C#)
GetIPGlobalProperties only returns info about your local machine (see http://msdn.microsoft.com/en-us/library/system.net.networkinformation.ipglobalproperties.getipglobalproperties.aspx ).
To find out which other machines on the network have that port open, you'd have to iterate through the a range of IPs, attempting to connect on that port. There is no central repository to query on this.
This article describes an approach: http://www.dijksterhuis.org/building-a-simple-portscanner-in-c/
I have a working system that receives data via UDP packets sent to a fixed IP:Port and I want to use a program (some kind of proxy?) to send a copy of those packets to a new IP:Port (or a list of IP:Ports, but all inside the same LAN as the program).
Not as easy as it seems, because I need the copied packets to have the same Source IP address as the original ones.
In my research, I have found PCap.Net (WinPCap .NET wrapper) to be useful, because it can build a Packet from scratch and it supports modifying all the address fields. I have managed to capture the packets and build them. But somewhat they are not arriving at the desired destination (!?). Should I use a different PacketCommunicator to receive and send them?
Anyway, the question is not fully related to PCap.Net but to know alternative ways to achieve my desired goal. Via a free application? commercial application? Open source sample? Any other library to use?
My systems are Windows based (no Linux available here). And I have C# (.NET) experience (I can not use a C++ library, if NET bindings are not available).
Many thanks for your help
I know it's an old question, but this is the answer:
http://code.google.com/p/samplicator/
Listens for UDP and forwards it to one or more other IP addresses, optionally spoofing (the original) source IP address.
Used for forwarding netflow/sflow/syslog etc. packets.
you should think about network first. it may not be possible if traffic needs to go through router.
the original packet came through:
source->router->your server
if you are trying to sent it back out like so:
your server->router->another computer
then the router may not even accept this traffic, since it can not originate from your computer, according to routers configuration. just think about it - i could send traffic as anybody, if that was allowed.
however, in LAN that's very doable (unless you have some sort of MAC spoofing protection on your switches)
What you are trying to do is called "UDP Forwarding". You receive a UDP packet and then forward it to another host
Here is an application that does that (seems to be free)
in addition to keeping the source ip address and changing the destination ip address
you MUST swap the source and destination mac addresses.
if you send a raw packet out to your router/switch/modem, but the mac address is not addresses to it.
it will be dropped.
basicly, you have to revise every network layer your dealing with, and handle addressing approperately.
Sorry for my spelling
If you try to spoof the destination address to do things like netflow relaying you often will get blocked by anti-spoofing routers inbetween. I encountered this with AWS for example.
The solution is to take the RAW udp packet and then just send that along to your new destination inside another udp packet. When it reaches the destination you have to "unwrap" the packet and then send it to itself on the loopback interface (essentially "unwrapping").
You can do this with python code with the sockets module.
Recently I have started working on a program that will monitor the packets of one of my open-source programs in an attempt to learn more about programming and networking. Also, I want to add additional functionality to the program without editing the source, like an external control panel.
(I used WPE Pro to filter packets in case you'r wondering, WireShark is too much hassle for such a simple task.) One thing bothers me though, the Socket ID.
I know what it is, and I've asked a question about it before, but I cant figure out how to use it/assign one/intercept one.
Without the right socket ID, my program wont be able to do anything, so my question is if it's possible to find out what Socket ID a socket is using, once you capture the packet?
If not, are there any other ways of doing? -or possible other languages like Visual Basic?
Thank you for your time.
If, by socket ID, you mean the return value of a successful call to socket() function, I don't think there's a way.
The closest thing you can obtain is the process ID because, as you may already know, each IP packet has a destination that's described by the tuple (IP address, port) and inside a system only one socket can be successfully bound to that tuple. Utilities like TCPView are able to map an IP tuple to a process, so a way does exist if that information is enough for you.
If that's not the case, I'm not aware of any method to retrieve the socket ID you need if the target application is not collaborative.
This library: SharpPcap promises doing capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET (more info).
It is the library used by Wireshark and it is for sure that it can capture and analyze.
socket() returns a file descriptor if this is what you are referring to as a socket ID then the ways to get this without the process's collaboration on windows are limited. FWIW on linux open FDs are enumerated in the proc filesystem.
That being said, the only thing you would be able to do with the fd is send additional information from the socket. You could also read from the fd, but any data read in this way would not be sent to the application that owns the socket. Without some coordination, that would probably not be what you desire as you would just get bits and pieces of data.
If just want to be able to listen in on the traffic in your program, then something like packet filtering should be sufficient so I assume you actually want to be able to be like a man in the middle for it.
If this is the case, then the best thing to do would actually be to set your application up as a proxy for your other service.
By this I mean, write a program that opens a listening port and accepts connections when a connection is initiated, it should immediately open its own connection to a pre-configured IP:port combination and begin forwarding traffic. Once this is written it's a simple matter to inspect the traffic before forwarding and possibly modify it.
If your program is a server, run it on a non-standard port, configure this application to open the server's normal port and then forward connections to the non-standard port you set up on localhost.
If your program is a client, simply point the interceptor application at the server and choose a random listen port on your box. Then configure the client to connect to this listen port as though it were the server.
This should work for pretty much anything. The only caveat is if the traffic is encrypted you will (obviously) not be able to inspect/modify it. This is effectively the same as placing your application behind a NAT.