This is what I am trying to do:
I have a windows computer and a Linux computer (ubuntu 16.10) connected to the same wireless router. The router is not connected to the Internet, as this might raise some security concerns (and we don't want the windows computer to talk to the net).
The windows computer is running a program that is supposed to stream data to an UPD port (say port 1234). Using the Microsoft TCPView utility I can see that the windows machine opens the port. In fact, it should allow connections from any IP address and any port (that's what the *'s mean in TCPView).
View of the TCPView Utility
When I try to find the open port on the windows machine from the Linux computer using nmap this is what happens:
Starting Nmap 7.01 ( https://nmap.org ) at 2017-01-30 16:50 EST
Nmap scan report for 192.168.0.164
Host is up (0.051s latency).
PORT STATE SERVICE
1510/udp open|filtered mvx-lm
MAC Address: 74:DE:2B:D8:26:24 (Liteon Technology)
At the very least, this tells me that the linux machine can see the windows machine (I can also ping it). However, I am not sure about the open|filtered state of the port. According to the Nmap manual:
Nmap places ports in this state when it is unable to determine whether
a port is open or filtered. This occurs for scan types in which open
ports give no response. The lack of response could also mean that a
packet filter dropped the probe or any response it elicited. So Nmap
does not know for sure whether the port is open or being filtered. The
UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.
When I try to connect to the port using Python, an error occurs. This code
import socket
UDP_IP = "192.168.0.164"
UDP_PORT = 1234
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((UDP_IP, UDP_PORT))
results in an error 'connection refused'. A little C++ client program that is supposed to read out the streamed data also fails to connect to the port. I am using Python now to test the accessibility of the port more quickly.
In contrast, connecting to TCP port 8080 works fine. Also, I have been sending data back and forth over TCP through the same router between other machines and using a range of ports.
Other important info:
The same errors occur if I switch off the firewall and virus scanner on the windows machine
I have added UDP port 1234 as an allowed connection in the advanced firewall settings of windows.
So, my questions are:
Does anybody have any suggestions about how to debug/solve this situation?
What's different between UDP and TCP that would cause TCP to work without a hiccup (in my past projects) and causes UDP to give me nightmares?
You are forgetting that UDP is not a connection-based protocol. It is a datagram protocol.
There is no way to distinguish between a server that is receiving UDP packets but not responding to them, from a server which is behind a firewall which drops those packets. This is why nmap is describing a port as open|filtered -- there is no way for it to tell the difference.
Your call to sock.bind is failing because you are trying to bind (that is, to start listening for packets!) to a port on a remote IP. This is impossible in general.
It turns out that my problems were two-fold
1) I did have a bad understanding of the UDP protocol. That's been rectified by the answers in the forum. For anyone interested in how to use UDP and Python to communicate between two computers, see this recipe: http://code.activestate.com/recipes/578802-send-messages-between-computers/
2) The windows program that I was trying to communicate with can not be used to to send data over UDP through wifi. Why? I don't know. I called the developer and that's what he told me.
Current status: the problem is not solved but is diagnosed as a combination of my lack of knowledge and an ideosyncratic windows program (see my original post above)
You are trying to bind to a non-local IP address. Use 0.0.0.0 instead of the target address you're using, and connect() or sendto() the target address.
Related
I'm working on a custom yocto Linux for a Raspberry PI 3 and try to get the WIFI connection working with SSH. However when trying to connect from my PC (Ubuntu 19.10, SSH OpenSSH_8.0p1 Ubuntu-6build1, OpenSSL 1.1.1c 28 May 2019) to the PI on which Dropbear v2019.78 runs, the connection attempt times out. But only when I try this via SSH, and via wlan0. Other TCP/IP traffic works, and also using the same participants but with eth0. As this is for a robot, I would prefer to not use a tether though...
To try & debug this, I
enabled a serial console so I can work on the PI
disabled eth0
started a tcpdump on the PI (ip.host == 192.168.0.105)
started a tcpdump on the PC (ip.host == 192.168.0.106)
used a dirt-simple TCP/IP socket example written in Python (taken from https://realpython.com/python-sockets/#echo-server) to verify I can in fact communicate. The transmission is successful. I am aware that the example is lacking (no proper protocol etc), but that's not the point of it. It just works enough. The PI runs the server listening on port 2222.
attempted a SSH connection, it timed out.
I filtered the resulting PCAP down to contain just TCP, as there is other information (e.g. Dropbox discovery) that I don't think matters and might potentially be information leaking. On the host side (enp4s0-tcp-and-pi.pcap) I also filtered with ip.host == 192.168.0.105 to only contain any traffic to the PI.
Another note on my setup here: I use a TP-Link router which LAN ports the PC is connected to, and who provides the 2.4GHz WIFI for the PI. So both are part of the same subnet, and no special routing or anything is configured.
Also I stopped the dropbear daemon and adapted my Python code to use port 22. It works.
I'm only broadly aware of the inner workings of TCP, so I can't really make much sense of the things I see here. Any insights are more than welcome.
https://www.dropbox.com/s/5o4rqr5zdws2wq7/wlan0-tcp-only.pcap?dl=0
https://www.dropbox.com/s/amypjtk1nvja4qb/enp4s0-tcp-and-pi.pcap?dl=0
Which is the most correct way to give Nmap my own computer as a target? Example commands:
nmap -T5 -A -v localhost
nmap -T5 -A -v 192.168.0.7
nmap -T5 -A -v (my external ip address)
Can you explain what's the difference in calling one or the other of those?
Thanks
The difference between those would be which interface nmap tries to connect to. If you use localhost, nmap will attempt to establish connections to any application listening on your local computer using a virtual loopback network device. This means that the OS will process the connections, but your network card will likely not be involved.
If you use 192.168.0.7 (I assume this is the address assigned to your ethernet or wifi card), it will attempt to connect to any application listening on your local computer, but (depending on how smart your OS and networking drivers are), it may actually go through your network card, and maybe even out to the first switch that you are connected to and then back. The connections will not be routed on the internet, so your router will not be involved.
Finally, if you use the public IP address of your router, the connections will go through your network card, to your router, and then through any port forwarding or routing rules configured in your router. This may or may not route the connection back to your computer, depending on which rules are set up and the firewall on the router.
Note that for the first two invocations, it is possible for application listening for connections locally to listen on either one or both of the interfaces (loopback or network card), so it is possible for applications to be listening only on the loopback device and not the network interface and vise versa. So they could return different results. However, anyone outside your computer would not be able to establish a connection to anything listening on only the loopback interface. However, experience tells me that most applications listening for connections tend to listen on all available interfaces, so there is not likely to be a difference in the result of the first two invocations.
I am learning to use Nmap. I set up pidgin which uses port 5222(xmpp) for chatting. But when I scan my ports, port 5222 is shown as closed. But chat is working. How is this possible?
Before you can meaningfully use a program like Nmap, you need to understand more about how basic network protocols work. In this case, XMPP uses TCP to communicate. Your chat program is a TCP client, so it does not listen on any ports, but instead connects to a server which is listening on TCP port 5222. You can see this connection by using the program netstat, which is included in most operating systems. On Windows: netstat -an | findstr "5222". On Linux: netstat -an | grep 5222.
You should see two columns that contain IP addresses and port numbers. The address of the chat server will be listed with the number 5222, because that is the port that the server is using. The address of your computer will be listed with a high-numbered port like 35791. The server has to use a known port in order for you to contact it, but the source port your computer uses is included in the TCP packets like a "return address" on an envelope.
Nmap (like other port scanners) looks for services on listening ports. It would be able to discover a chat server, but not the chat client. Similarly, it could find a web server, but couldn't look for a web browser because the browser is a client that makes outgoing connections, not a service that listens for incoming connections.
I have just installed a mainframe emulator and I have problems for running it. I think the problem is my 3270 TCP port. Reading a guide I found somebody say that you can do this:
telnet 127.0.0.1 3270
but when I try the answer is:
The connection to the host it can't be opened with port 3270 more or less
(I have windows in spanish) . Error on the connection.
Do you know how can I get connection with this direction and this port?
If I understand you correctly, you are trying to eliminate issues with your 3270 emulator configuration by attempting to telnet to the mainframe from the PC. Again, if my understanding is correct, then you need to use
telnet <ip or hostname of the mainframe>
In your example, you are using the local loopback address.
It is unlikely that you should be using port 3270. 3270 connections are typically configured on port 23, which is the default telnet port.
If the connection to the mainframe is successful, you can input any character string in the terminal and then press Enter.
An error such as this:
IKJ56710I INVALID USERID,xxxx
Will validate the fact that the port is open and that your emulator issues are down to something other than network problems (probably local configuration).
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 13 years ago.
Improve this question
Ok, computers have ports for applications to transfer data from the outside world into a firewall and then into a computer.
Then how does firefox and internet explorer use the same port on the same computer?
And why can't we use port 80 to pass all traffic from all places into the computer.
So why do we need specific ports?
It's not the ports on local that are important generally. It's the remote ports.
So when you open a browser and go to a site, you are establishing a connection from a (somewhat) random port on your end, to port 80 on the server end. The server responds back to you on the same connection. Web servers use TCP/IP, so this is what is called and established connection. If you were to go look at netstat -an on the server you connected to during web traffic, that is exactly what you would see:
tcp 0 0 ::ffff:192.168.1.223:22 ::ffff:192.168.1.230:2369 ESTABLISHED
That line says that my local machine has established a connection to my remote machine on port 22. My local machine picked a random outgoing port of 2369 to make this connection.
In this case, this is an ssh connection to my webserver in the basement.
Ports that servers should use for a particular service are listed here, but if you are going to control both ends of the connection, there is nothing stopping you from running a webserver on port 8383 if you wanted to. Just don't expect anyone else to get to it without you telling them about it. (or it being found in a port scan).
If you were running a webserver on your computer, it would open port 80 and listen for connections. Only one service can be LISTENing per IP address, so you couldn't run two web servers at once. Same thing if you then connected to your local webserver. You'd open a random local port and connect to your local port 80 on the same IP.
The opening the random local port is what allows you to have multiple local connections to a known remote port like 80.
There are 65536 ports available so it's unlikely you will ever run out, but many have 'well known' usages and are therefore avoided for your end of the connection. Generally everything above 1023 is fair game though. ( All services which require any kind of priviledge run on ports below 1023 )
This is a TCP/IP connection. TCP/IP has internal language to ensure the reliable delivery of information and does a handshake at the open of every connection to ensure the data can be transmitted.
Another common type of connection would be UDP. UDP does not establish a connection and is therefore a bit faster and has lower latency, but the programs that use it must be able to loose information and still work. It's basically a send off the data and pray protocol. Many online games work this way.
Each connection has a source and destination port. This is what allows you to have multiple connections from your machine to (say) a web server running on port 80. Connections are uniquely identified by SourceIP:SourcePort and DestIP:DestPort.
So in your example, Firefox and IE will be using the same port on the remote web server (port 80), but will have a different ports on your machine to tell them apart.
Try running netstat in a command prompt to see current connections.
ports can be used for anything, but there are conventions of the protocols to expect on certain ports.
and you can use 80 for other functions, some people do that as a simple way of bypassing firewalls...
however, only 1 application can be listening on a port.
Some netstat output can show you what's going on:
C:\Temp> netstat -an
TCP 192.168.XXX.150:1493 74.125.45.100:80 ESTABLISHED
TCP 192.168.XXX.150:1504 69.59.196.213:80 ESTABLISHED
TCP 192.168.XXX.150:1507 74.125.91.138:80 ESTABLISHED
TCP 192.168.XXX.150:1510 65.55.11.162:80 ESTABLISHED
TCP 192.168.XXX.150:1518 69.59.196.211:80 ESTABLISHED
TCP 192.168.XXX.150:1519 69.59.196.216:80 ESTABLISHED
TCP 192.168.XXX.150:3711 64.208.186.96:80 CLOSE_WAIT
Note that the 192.168.XXX.150 address is my computer's address on my home network. The 4 digit numbers following the IP address are the local port my computer is using to communicate with port 80 on a bunch of different servers.