Packet forwarder (internet gateway) - TCP signature
Hi
I'm developing a packet forwarder application, how it works:
This application runs on IP 192.168.0.1 and all computers connected to this PC sets their internet gateway IP to 192.168.0.1. When they try to open google, my application receives their packet and sends it to real internet servers and receives response and sends response back to requester PC.
It works well if I have single IP/PC in my network, because I defined requesterIP as a global variable in my code and when I receive response I forward it back to requesterIP
Now when I have a lot of PCs in my network, I receive packets, I send them to google, google responds but I don't know to what IP I should forward it...
Please advice... How internet gateways work?
I have coded app using WinPcap, as I said it works, when I have single pc in my net...
Could I put a signature in sent packet, so google will response with same signature, so I can understand I should forward it back to which IP?
Please advice...
Thanks from now!
I'm developing a packet forwarder application, how it works:
This application runs on IP 192.168.0.1 and all computers connected to this PC sets their internet gateway IP to 192.168.0.1. When they try to open google, my application receives their packet and sends it to real internet servers and receives response and sends response back to requester PC.
It works well if I have single IP/PC in my network, because I defined requesterIP as a global variable in my code and when I receive response I forward it back to requesterIP
Now when I have a lot of PCs in my network, I receive packets, I send them to google, google responds but I don't know to what IP I should forward it...
Please advice... How internet gateways work?
I have coded app using WinPcap, as I said it works, when I have single pc in my net...
Could I put a signature in sent packet, so google will response with same signature, so I can understand I should forward it back to which IP?
Please advice...
Thanks from now!
ASKER
I checked that link before, but to be honest and frank, I don't know what to do with that? Which part of my code should be changed in order to work like NAT...
Can you explain NAT in easy words to me and what I can do to solve my problem?
Thank you so much
Can you explain NAT in easy words to me and what I can do to solve my problem?
Thank you so much
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Look what I do is this:
When I receive packet like GET / HTTP/1.1 to be sent for google.com from IP 192.168.0.10, I receive it, then
1) I change source IP (sender IP) from 192.168.0.10 to 192.168.0.1 (my ip)
2) I change dest IP to (internet gateway ip)
It's ok till now... I can do that for 1000 computer on my network, that's normal...
But in receiving....!!!!
When I receive the packet..
I don't know this packet is for computer X or Y...
How can I understand and solve this?
any ideas?
Thank you so much!
When I receive packet like GET / HTTP/1.1 to be sent for google.com from IP 192.168.0.10, I receive it, then
1) I change source IP (sender IP) from 192.168.0.10 to 192.168.0.1 (my ip)
2) I change dest IP to (internet gateway ip)
It's ok till now... I can do that for 1000 computer on my network, that's normal...
But in receiving....!!!!
When I receive the packet..
I don't know this packet is for computer X or Y...
How can I understand and solve this?
any ideas?
Thank you so much!
ASKER
So you mean I should define a global variable like this:
typedef Test
{
char SourcePort[6];
char SenderIP[20];
}
So I should modify source port and put a random number which doesn't exists in my list and associate a packet to that port, then when I receive response, I'll have destport the port I have set, right? so I can forward that to SenderIP which have same port num?
typedef Test
{
char SourcePort[6];
char SenderIP[20];
}
So I should modify source port and put a random number which doesn't exists in my list and associate a packet to that port, then when I receive response, I'll have destport the port I have set, right? so I can forward that to SenderIP which have same port num?
ASKER
Another question is this:
Computer A sends me a packet, I receive that, I put my IP as source IP instead of IP address of B, I associate a port like 1884 as source port and dest port is port 80.
Port 1884 is not open in my pc, nothing is listening on that port, so again I'll be able to receive packets using winpcap and compare to see if I have sourceport = 1884 in my array to detect real sender IP?
Thank you so much, I learned a lot from you!
Computer A sends me a packet, I receive that, I put my IP as source IP instead of IP address of B, I associate a port like 1884 as source port and dest port is port 80.
Port 1884 is not open in my pc, nothing is listening on that port, so again I'll be able to receive packets using winpcap and compare to see if I have sourceport = 1884 in my array to detect real sender IP?
Thank you so much, I learned a lot from you!
>> 1) I change source IP (sender IP) from 192.168.0.10 to 192.168.0.1 (my ip)
No, you change it to the EXTERNAL IP (the public internet IP) of the router. 192.168.0.1 is its internal (private) IP, which is only visible on the private network.
>> 2) I change dest IP to (internet gateway ip)
You don't change the destination IP for outgoing packets - only for incoming packets (from the internet).
>> I don't know this packet is for computer X or Y...
That's what the table I mentioned is for.
>> So you mean I should define a global variable like this:
You'll need a whole table - not just one entry. And you'll also need the port of the private network PC, not just its IP address.
Also, A port is a 16bit unsigned int, and an IP (IPv4) is a 32bit unsigned int in the packet. They're not strings.
>> Computer A sends me a packet, I receive that, I put my IP as source IP instead of IP address of B, I associate a port like 1884 as source port and dest port is port 80.
Let's use a simple example :
Router R :
-> external IP : 123.45.67.89
-> internal IP : 192.168.0.1
Computer A :
-> IP : 192.168.0.10
Computer B :
-> IP : 192.168.0.20
Google G :
-> IP : 209.85.135.103
Then suppose computer A sends a request to Google through the router. Then the router will receive this packet from A :
Source IP Source Port Destination IP Destination Port
192.168.0.10 12345 209.85.135.103 80
The router will create the following entry in its table :
Port Real IP Real Port
33333 192.168.0.10 12345
and will modify the packet like this :
Source IP Source Port Destination IP Destination Port
123.45.67.89 33333 209.85.135.103 80
and send it to Google.
Now, suppose computer B also sends a request to Google through the router. Then the router will receive this packet from B :
Source IP Source Port Destination IP Destination Port
192.168.0.20 23456 209.85.135.103 80
The router's table will now look like this :
Port Real IP Real Port
33333 192.168.0.10 12345
44444 192.168.0.20 23456
and will modify the packet like this :
Source IP Source Port Destination IP Destination Port
123.45.67.89 44444 209.85.135.103 80
and send it to Google.
After a while, Google will send back the responses. Suppose this response arrives at the router :
Source IP Source Port Destination IP Destination Port
209.85.135.103 80 123.45.67.89 44444
The router looks the port 44444 up in its table, and finds out that this packet is for 192.168.0.20:23456, so it modifies the packet like this :
Source IP Source Port Destination IP Destination Port
209.85.135.103 80 192.168.0.20 23456
and forwards it to B.
Next, Google might send another response like this :
Source IP Source Port Destination IP Destination Port
209.85.135.103 80 123.45.67.89 33333
The router looks the port 33333 up in its table, and finds out that this packet is for 192.168.0.10:12345, so it modifies the packet like this :
Source IP Source Port Destination IP Destination Port
209.85.135.103 80 192.168.0.10 12345
and forwards it to A.
No, you change it to the EXTERNAL IP (the public internet IP) of the router. 192.168.0.1 is its internal (private) IP, which is only visible on the private network.
>> 2) I change dest IP to (internet gateway ip)
You don't change the destination IP for outgoing packets - only for incoming packets (from the internet).
>> I don't know this packet is for computer X or Y...
That's what the table I mentioned is for.
>> So you mean I should define a global variable like this:
You'll need a whole table - not just one entry. And you'll also need the port of the private network PC, not just its IP address.
Also, A port is a 16bit unsigned int, and an IP (IPv4) is a 32bit unsigned int in the packet. They're not strings.
>> Computer A sends me a packet, I receive that, I put my IP as source IP instead of IP address of B, I associate a port like 1884 as source port and dest port is port 80.
Let's use a simple example :
Router R :
-> external IP : 123.45.67.89
-> internal IP : 192.168.0.1
Computer A :
-> IP : 192.168.0.10
Computer B :
-> IP : 192.168.0.20
Google G :
-> IP : 209.85.135.103
Then suppose computer A sends a request to Google through the router. Then the router will receive this packet from A :
Source IP Source Port Destination IP Destination Port
192.168.0.10 12345 209.85.135.103 80
The router will create the following entry in its table :
Port Real IP Real Port
33333 192.168.0.10 12345
and will modify the packet like this :
Source IP Source Port Destination IP Destination Port
123.45.67.89 33333 209.85.135.103 80
and send it to Google.
Now, suppose computer B also sends a request to Google through the router. Then the router will receive this packet from B :
Source IP Source Port Destination IP Destination Port
192.168.0.20 23456 209.85.135.103 80
The router's table will now look like this :
Port Real IP Real Port
33333 192.168.0.10 12345
44444 192.168.0.20 23456
and will modify the packet like this :
Source IP Source Port Destination IP Destination Port
123.45.67.89 44444 209.85.135.103 80
and send it to Google.
After a while, Google will send back the responses. Suppose this response arrives at the router :
Source IP Source Port Destination IP Destination Port
209.85.135.103 80 123.45.67.89 44444
The router looks the port 44444 up in its table, and finds out that this packet is for 192.168.0.20:23456, so it modifies the packet like this :
Source IP Source Port Destination IP Destination Port
209.85.135.103 80 192.168.0.20 23456
and forwards it to B.
Next, Google might send another response like this :
Source IP Source Port Destination IP Destination Port
209.85.135.103 80 123.45.67.89 33333
The router looks the port 33333 up in its table, and finds out that this packet is for 192.168.0.10:12345, so it modifies the packet like this :
Source IP Source Port Destination IP Destination Port
209.85.135.103 80 192.168.0.10 12345
and forwards it to A.
ASKER
Thank you so much for your perfect comment, I got all, but just 1 simple problem...
Main purpose of my application is to monitor packets and modify or drop some of them, with your last comment, I'll not receive response from gateway and gateway will directly respond to requester, I want to check response from google to not have some words, if have I drop that packet...
So what do you think for this situation?
Main purpose of my application is to monitor packets and modify or drop some of them, with your last comment, I'll not receive response from gateway and gateway will directly respond to requester, I want to check response from google to not have some words, if have I drop that packet...
So what do you think for this situation?
>> So what do you think for this situation?
You have two options.
(a) you just drop the packet and do nothing else. The client will time out, and show a timeout error message to its user.
(b) drop the packet, and send back an error message ("The request contains unacceptable words") to the client which will then be shown to the user.
The first is the easiest. The second is the nicest (and also the most common in similar situations)
You have two options.
(a) you just drop the packet and do nothing else. The client will time out, and show a timeout error message to its user.
(b) drop the packet, and send back an error message ("The request contains unacceptable words") to the client which will then be shown to the user.
The first is the easiest. The second is the nicest (and also the most common in similar situations)
ASKER
No... I'm asking for method... In your explanation when I send packet to router, I don't modify sender IP so router responds directly ro IP A, but I want to receive packet myself and process it then I want to forward that packet myself, not router....
What I can do for it? If I change the source port to X and store it, I'll receive response with dest port X so I'll identify reponse packet, right?
What I can do for it? If I change the source port to X and store it, I'll receive response with dest port X so I'll identify reponse packet, right?
Oh, so you want to send it to another PC on the private network ? You'd better encapsulate the packet into another one without your IP address as the destination, and send it.
ASKER
I want to act like this:
I'll be gateway
A sends request to me, I forward it to other gateway, gateway sends me response and I want to modify or check packet and if passed, send this packet to A
I'll be gateway
A sends request to me, I forward it to other gateway, gateway sends me response and I want to modify or check packet and if passed, send this packet to A
Why so complicated ?
ASKER
I receive 100 packets from 100 pc in EXACTLY same time, I forward all of them just by modifying sender IP to my IP and I send it to gateway, but when I receive packets back, I don't know which response is for which IP
Again : why so complicated ? Why not use your gateway for all that ? And use your own pc as a monitor ?
ASKER
No, I want to be gateway before gateway, for security
ASKER
I want it to be languard which when you install it on any pc of network, it will work
>> No, I want to be gateway before gateway, for security
?? How does that add security ? It'll slow the network down (let alone your PC), that's for sure heh.
?? How does that add security ? It'll slow the network down (let alone your PC), that's for sure heh.
ASKER
Anyway, assume I'm doing that :P
Please advice how to determine received packet, still you think I can do that with source and dest port?
If I set source port to X, I should listen on that port or?
Please advice...
Thanks
Please advice how to determine received packet, still you think I can do that with source and dest port?
If I set source port to X, I should listen on that port or?
Please advice...
Thanks
Since your PC is in the same private network, you don't need NAT, and can simply analyze and forward. Just configure your default gateways correctly.
ASKER
So I can detect which received packet is for which PC with source and dest port, right?
ASKER
And it's not needed to listen on that port with winsock or any app?
Of course. Just like packets are normally routed.
>> And it's not needed to listen on that port with winsock or any app?
On what port ?
On what port ?
ASKER
Need to listen or no?
ASKER
Port that I'll set for each packet randomly...
I receive packet from computer A, I forward it to Gateway with this modification:
1) Making sender IP my IP (to receive data back to me)
2) Setting source port to a number
3) Saving that port number with IP address of requester
Then when I receive packet, I'll receive it in same port, right? So I'll look up in my table and send it to relevant IP address
I receive packet from computer A, I forward it to Gateway with this modification:
1) Making sender IP my IP (to receive data back to me)
2) Setting source port to a number
3) Saving that port number with IP address of requester
Then when I receive packet, I'll receive it in same port, right? So I'll look up in my table and send it to relevant IP address
>> Port that I'll set for each packet randomly...
As I said, you don't need NAT, so you don't need to modify the port (or anything else in the packet). You just need to configure the default gateways correctly.
As I said, you don't need NAT, so you don't need to modify the port (or anything else in the packet). You just need to configure the default gateways correctly.
ASKER
No no .... I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...
ASKER
Default gateway of ALL computers will be mine manually by users and my software will act as forwarder and analyzer...
Scenario is correct just I want to know method to determine I should forward response back to which IP
Scenario is correct just I want to know method to determine I should forward response back to which IP
>> just I want to know method to determine I should forward response back to which IP
As I said, you don't need to, you just send it out of the interface where all PC's are connected. If the default gateways are set properly, then the network will take care of the rest.
>> I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...
You're either confused yourself, or you're confusing me. Can you make a drawing of your network, and indicate the different machines and their roles, as well as the connections between them ?
As I said, you don't need to, you just send it out of the interface where all PC's are connected. If the default gateways are set properly, then the network will take care of the rest.
>> I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...
You're either confused yourself, or you're confusing me. Can you make a drawing of your network, and indicate the different machines and their roles, as well as the connections between them ?
ASKER
There is an internet access server, windows shared connection...
I'll set internet gateway of all pcs in my network to my IP, computers will send me internet packets, I have a lot of rules for internet access, I'll check them and decide to send or not to send.
There is nothing confusing, assume I'lm developing internet sharing application, all will set gateway server IP to my IP.
As I said my app works properly if there is only 1 computer on my network, I receive packets from 1 PC, check them forward them to server and receive response and send it back to sender IP.
But when it reached more than 1 computer, I forward all packets properly to server, but I can't send them back properly, because when I receive answer I don't know which packet is for what IP.
Please advice only about this, how can I put a signature on packets and store them, so when I receive reply I send it back to proper IP.
Thanks
I'll set internet gateway of all pcs in my network to my IP, computers will send me internet packets, I have a lot of rules for internet access, I'll check them and decide to send or not to send.
There is nothing confusing, assume I'lm developing internet sharing application, all will set gateway server IP to my IP.
As I said my app works properly if there is only 1 computer on my network, I receive packets from 1 PC, check them forward them to server and receive response and send it back to sender IP.
But when it reached more than 1 computer, I forward all packets properly to server, but I can't send them back properly, because when I receive answer I don't know which packet is for what IP.
Please advice only about this, how can I put a signature on packets and store them, so when I receive reply I send it back to proper IP.
Thanks
>> There is nothing confusing,
There is. This was a confusing statement, especially in response to my post :
>> No no .... I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...
>> But when it reached more than 1 computer, I forward all packets properly to server, but I can't send them back properly, because when I receive answer I don't know which packet is for what IP.
I can only assume that you're doing this on a too high level. You need to capture the packets on a low level (not application level), and analyze/forward them from there.
>> Please advice only about this, how can I put a signature on packets and store them, so when I receive reply I send it back to proper IP.
If you don't modify the packets, but simply route them (as you should), then you don't have to put in a signature, as the information is already there, namely the destination IP address and port. (as I've said a few times already ;) )
There is. This was a confusing statement, especially in response to my post :
>> No no .... I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...
>> But when it reached more than 1 computer, I forward all packets properly to server, but I can't send them back properly, because when I receive answer I don't know which packet is for what IP.
I can only assume that you're doing this on a too high level. You need to capture the packets on a low level (not application level), and analyze/forward them from there.
>> Please advice only about this, how can I put a signature on packets and store them, so when I receive reply I send it back to proper IP.
If you don't modify the packets, but simply route them (as you should), then you don't have to put in a signature, as the information is already there, namely the destination IP address and port. (as I've said a few times already ;) )
ASKER
No no no....
I'm doing it in low level, I use winpcap... I want to modify them because I want to receive back response from internet, analysis that, if passed my rules, I'll forward... That's why I modify sender IP to my own IP, I'm doing it all in too low level... I directly modify IP headers....
As I said, my app works for 1 PC, I want a signature so it will work for all pcs in my net
I'm doing it in low level, I use winpcap... I want to modify them because I want to receive back response from internet, analysis that, if passed my rules, I'll forward... That's why I modify sender IP to my own IP, I'm doing it all in too low level... I directly modify IP headers....
As I said, my app works for 1 PC, I want a signature so it will work for all pcs in my net
>> I want to modify them
But you don't need to. You're acting as a router. You should just forward the unmodified packet on the right interface based on the routing table (which will be very simple in your case - one interface for outgoing traffic towards the gateway, and one interface for incoming traffic towards the private network).
But you don't need to. You're acting as a router. You should just forward the unmodified packet on the right interface based on the routing table (which will be very simple in your case - one interface for outgoing traffic towards the gateway, and one interface for incoming traffic towards the private network).
ASKER
Please assume I want to do so, I had to do that... Just please tell me how can I define a signature... How Windows Internet Sharing service do that so I can develop same... Please advice
You can't. That's not how things work. The proper way to forward packets is as I described. You really don't need to modify the packet, unless you are using NAT (which you don't need in this case).
And if you are still using NAT (or a NAT-like behavior), then I've already handled in great detail how to correctly forward data, haven't I ?
So, I'm not sure why you keep asking this ...
And if you are still using NAT (or a NAT-like behavior), then I've already handled in great detail how to correctly forward data, haven't I ?
So, I'm not sure why you keep asking this ...
ASKER
How NAT's do that? I asked for multiple times, with source port, right??? So I'll set a source port and I'll store it and when received response will check with source port to get IP....
If you say this will work, just as last question, I need to open and listen on that source port or no...
Just THAT
If you say this will work, just as last question, I need to open and listen on that source port or no...
Just THAT
>> How NAT's do that? I asked for multiple times
And I answered that :
http:#22777092
http:#22777736
If anything is still unclear after reading those, then explain what is unclear and I'll clarify it.
>> I need to open and listen on that source port or no...
You said you were doing this on a low level (not on application level), so why would you need to open a port ? You're analyzing all packets.
And I answered that :
http:#22777092
http:#22777736
If anything is still unclear after reading those, then explain what is unclear and I'll clarify it.
>> I need to open and listen on that source port or no...
You said you were doing this on a low level (not on application level), so why would you need to open a port ? You're analyzing all packets.
ASKER
>> You said you were doing this on a low level (not on application level), so why would you need to open a port ? You're analyzing all packets.
Yes, I'm doing that in low level, but if there is no port is open, I'll receive packet again, right?
Yes, I'm doing that in low level, but if there is no port is open, I'll receive packet again, right?
What do you mean ? You're not currently receiving the packets through a listening port, are you ? You're just catching all packets on the interface, and processing them ... Or at least I hope that's what you're doing :)
What's the part you have a problem with ?
What's the part you have a problem with ?
ASKER
Ok, so as I'm doing that in too low level, I'll receive packets even that port is not open, so when I receive packet from computer A, I'll make source IP -> My IP and I'll choose a port num like 1886 and I'll send it to internet, then when I recive packets, I'll look for packet have source port 1886, then I'll forward that packet to computer A after needed mods.
All is ok?
All is ok?
>> I'll make source IP -> My IP and I'll choose a port num like 1886 and I'll send it to internet, then when I recive packets, I'll look for packet have source port 1886, then I'll forward that packet to computer A after needed mods.
No. You don't need to modify anything in the packet. You just leave it as it is and simply forward it over the right interface. That's all. There's nothing more to it.
No. You don't need to modify anything in the packet. You just leave it as it is and simply forward it over the right interface. That's all. There's nothing more to it.
ASKER
If I don't modify anything... WHEN I SEND GET REQUEST (HTTP PACKET) TO SERVER, WHO'LL RECEIVE RESPONSE?
No need to shout.
The response will be received by whoever sent it, since that's where the web server sends the response to.
The response will be received by whoever sent it, since that's where the web server sends the response to.
ASKER
But that's wrong Infinity, that's wrong...
I analyzed packets, when I see packet it's like this:
Src IP: Computer A
Dest IP: My IP
If I send this packet to server, nothing will happen.
I modify packet and make it like this:
Src IP: My IP
Dest IP: Internet Gateway IP
It works well without problem for single PC... When I receive response back, I get a lot of packets, I only check for packet have my IP as dest IP and my port as dest port, then I send it with again modification to Computer A. And you know rest, it not works for multiple computers...
I analyzed packets, when I see packet it's like this:
Src IP: Computer A
Dest IP: My IP
If I send this packet to server, nothing will happen.
I modify packet and make it like this:
Src IP: My IP
Dest IP: Internet Gateway IP
It works well without problem for single PC... When I receive response back, I get a lot of packets, I only check for packet have my IP as dest IP and my port as dest port, then I send it with again modification to Computer A. And you know rest, it not works for multiple computers...
>> Dest IP: My IP
???? Then Computer A sent the wrong request :) It was destined for the Google web server, wasn't it ? So, the destination IP has to be the Google web server's IP.
>> it not works for multiple computers...
Of course it doesn't, since your approach is wrong - That's what I've been trying to make you understand all this time.
???? Then Computer A sent the wrong request :) It was destined for the Google web server, wasn't it ? So, the destination IP has to be the Google web server's IP.
>> it not works for multiple computers...
Of course it doesn't, since your approach is wrong - That's what I've been trying to make you understand all this time.
ASKER
Yes, maybe... But I receive packet... So I thought DEST IP is my PC.
Anyway, so for detection of response, port is the method.... Right?
Anyway, so for detection of response, port is the method.... Right?
>> But I receive packet... So I thought DEST IP is my PC.
No, you should receive the packet because it's routed through your PC. It's routed through your PC, because Computer A's default gateway is set to your PC.
No, you should receive the packet because it's routed through your PC. It's routed through your PC, because Computer A's default gateway is set to your PC.
>> Anyway, so for detection of response, port is the method.... Right?
No. You simply forward it to the destination address that is already in the packet.
No. You simply forward it to the destination address that is already in the packet.
ASKER
If I forward GET Request, sender will receive packet without my permission or knowledge!!!!!!
>> If I forward GET Request, sender will receive packet without my permission or knowledge!!!!!!
You only forward it when you give your permission. If you don't give the permission, then you don't forward it.
You only forward it when you give your permission. If you don't give the permission, then you don't forward it.
ASKER
Permission and rules apply on response of Google not on send request
>> Permission and rules apply on response of Google not on send request
Then you don't forward the response from Google :)
Then you don't forward the response from Google :)
ASKER
Thanks my code now works, I used dest and source port and now it works like a charm! Thanks for your time
http://en.wikipedia.org/wiki/Network_address_translation