Solved

Packet forwarder (internet gateway) - TCP signature

Posted on 2008-10-22
54
312 Views
Last Modified: 2012-05-05
Hi

I'm developing a packet forwarder application, how it works:

This application runs on IP 192.168.0.1 and all computers connected to this PC sets their internet gateway IP to 192.168.0.1. When they try to open google, my application receives their packet and sends it to real internet servers and receives response and sends response back to requester PC.

It works well if I have single IP/PC in my network, because I defined requesterIP as a global variable in my code and when I receive response I forward it back to requesterIP

Now when I have a lot of PCs in my network, I receive packets, I send them to google, google responds but I don't know to what IP I should forward it...

Please advice... How internet gateways work?

I have coded app using WinPcap, as I said it works, when I have single pc in my net...

Could I put a signature in sent packet, so google will response with same signature, so I can understand I should forward it back to which IP?

Please advice...

Thanks from now!
0
Comment
Question by:CSecurity
  • 29
  • 25
54 Comments
 
LVL 53

Expert Comment

by:Infinity08
ID: 22775867
Take a look at Network Address Translation (NAT) :

        http://en.wikipedia.org/wiki/Network_address_translation
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22775893
I checked that link before, but to be honest and frank, I don't know what to do with that? Which part of my code should be changed in order to work like NAT...

Can you explain NAT in easy words to me and what I can do to solve my problem?

Thank you so much
0
 
LVL 53

Accepted Solution

by:
Infinity08 earned 500 total points
ID: 22777092
Sure, NAT is used to hide an internal network behind a single router (your gateway). All traffic between the internal network and the external network (usually the internet) will pass through the router.

Now, NAT translates the IP addresses in all packets like this :

  (a) for outgoing packets, it replaces the source address (the IP of the private network PC that sent the packet) with its own public address

  (b) for incoming packets, it replaces the destination address (which is its own public address) with the actual destination address (the IP of the private network PC that the packet has to be sent to)

(Note that it usually will also change the ports in the packet to avoid conflicts)

The router keeps a table that lists all current connections (source and destination IP addresses and ports). When an outgoing connection is set up, it stores the following information in that table :

        (a) router port
        (b) originating IP and port

When a response is subsequently received on a router port, it looks up the corresponding private PC IP and port in the table, and forwards the packet there.




So, I guess the simple answer to your original question

>> Could I put a signature in sent packet, so google will response with same signature, so I can understand I should forward it back to which IP?

That 'signature' would be the source port (which is set to the router port assigned to that connection).
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22777238
Look what I do is this:

When I receive packet like GET / HTTP/1.1 to be sent for google.com from IP 192.168.0.10, I receive it, then

1) I change source IP (sender IP) from 192.168.0.10 to 192.168.0.1 (my ip)
2) I change dest IP to (internet gateway ip)

It's ok till now... I can do that for 1000 computer on my network, that's normal...

But in receiving....!!!!

When I receive the packet..

I don't know this packet is for computer X or Y...

How can I understand and solve this?

any ideas?

Thank you so much!
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22777267
So you mean I should define a global variable like this:

typedef Test
{
char SourcePort[6];
char SenderIP[20];
}

So I should modify source port and put a random number which doesn't exists in my list and associate a packet to that port, then when I receive response, I'll have destport the port I have set, right? so I can forward that to SenderIP which have same port num?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22777306
Another question is this:

Computer A sends me a packet, I receive that, I put my IP as source IP instead of IP address of B, I associate a port like 1884 as source port and dest port is port 80.

Port 1884 is not open in my pc, nothing is listening on that port, so again I'll be able to receive packets using winpcap and compare to see if I have sourceport = 1884 in my array to detect real sender IP?

Thank you so much, I learned a lot from you!
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22777736
>> 1) I change source IP (sender IP) from 192.168.0.10 to 192.168.0.1 (my ip)

No, you change it to the EXTERNAL IP (the public internet IP) of the router. 192.168.0.1 is its internal (private) IP, which is only visible on the private network.


>> 2) I change dest IP to (internet gateway ip)

You don't change the destination IP for outgoing packets - only for incoming packets (from the internet).


>> I don't know this packet is for computer X or Y...

That's what the table I mentioned is for.



>> So you mean I should define a global variable like this:

You'll need a whole table - not just one entry. And you'll also need the port of the private network PC, not just its IP address.
Also, A port is a 16bit unsigned int, and an IP (IPv4) is a 32bit unsigned int in the packet. They're not strings.



>> Computer A sends me a packet, I receive that, I put my IP as source IP instead of IP address of B, I associate a port like 1884 as source port and dest port is port 80.

Let's use a simple example :

        Router R :
            -> external IP : 123.45.67.89
            -> internal IP : 192.168.0.1

        Computer A :
            -> IP : 192.168.0.10

        Computer B :
            -> IP : 192.168.0.20

        Google G :
            -> IP : 209.85.135.103

Then suppose computer A sends a request to Google through the router. Then the router will receive this packet from A :

        Source IP            Source Port        Destination IP        Destination Port
        192.168.0.10      12345                209.85.135.103      80

The router will create the following entry in its table :

        Port        Real IP              Real Port
        33333     192.168.0.10    12345

and will modify the packet like this :

        Source IP            Source Port        Destination IP        Destination Port
        123.45.67.89      33333                209.85.135.103      80

and send it to Google.

Now, suppose computer B also sends a request to Google through the router. Then the router will receive this packet from B :

        Source IP            Source Port        Destination IP        Destination Port
        192.168.0.20      23456                209.85.135.103      80

The router's table will now look like this :

        Port        Real IP              Real Port
        33333     192.168.0.10    12345
        44444     192.168.0.20    23456

and will modify the packet like this :

        Source IP            Source Port        Destination IP        Destination Port
        123.45.67.89      44444                209.85.135.103      80

and send it to Google.


After a while, Google will send back the responses. Suppose this response arrives at the router :

        Source IP            Source Port        Destination IP        Destination Port
        209.85.135.103  80                      123.45.67.89          44444

The router looks the port 44444 up in its table, and finds out that this packet is for 192.168.0.20:23456, so it modifies the packet like this :

        Source IP            Source Port        Destination IP        Destination Port
        209.85.135.103  80                      192.168.0.20          23456

and forwards it to B.

Next, Google might send another response like this :

        Source IP            Source Port        Destination IP        Destination Port
        209.85.135.103  80                      123.45.67.89          33333

The router looks the port 33333 up in its table, and finds out that this packet is for 192.168.0.10:12345, so it modifies the packet like this :

        Source IP            Source Port        Destination IP        Destination Port
        209.85.135.103  80                      192.168.0.10          12345

and forwards it to A.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22777861
Thank you so much for your perfect comment, I got all, but just 1 simple problem...

Main purpose of my application is to monitor packets and modify or drop some of them, with your last comment, I'll not receive response from gateway and gateway will directly respond to requester, I want to check response from google to not have some words, if have I drop that packet...

So what do you think for this situation?
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22777890
>> So what do you think for this situation?

You have two options.

(a) you just drop the packet and do nothing else. The client will time out, and show a timeout error message to its user.

(b) drop the packet, and send back an error message ("The request contains unacceptable words") to the client which will then be shown to the user.


The first is the easiest. The second is the nicest (and also the most common in similar situations)
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22777986
No... I'm asking for method... In your explanation when I send packet to router, I don't modify sender IP so router responds directly ro IP A, but I want to receive packet myself and process it then I want to forward that packet myself, not router....

What I can do for it? If I change the source port to X and store it, I'll receive response with dest port X so I'll identify reponse packet, right?
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22778866
Oh, so you want to send it to another PC on the private network ? You'd better encapsulate the packet into another one without your IP address as the destination, and send it.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22778946
I want to act like this:

I'll be gateway

A sends request to me, I forward it to other gateway, gateway sends me response and I want to modify or check packet and if passed, send this packet to A
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22779000
Why so complicated ?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779019
I receive 100 packets from 100 pc in EXACTLY same time, I forward all of them just by modifying sender IP to my IP and I send it to gateway, but when I receive packets back, I don't know which response is for which IP
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22779317
Again : why so complicated ? Why not use your gateway for all that ? And use your own pc as a monitor ?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779332
No, I want to be gateway before gateway, for security
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779339
I want it to be languard which when you install it on any pc of network, it will work
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22779500
>> No, I want to be gateway before gateway, for security

?? How does that add security ? It'll slow the network down (let alone your PC), that's for sure heh.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779519
Anyway, assume I'm doing that :P

Please advice how to determine received packet, still you think I can do that with source and dest port?

If I set source port to X, I should listen on that port or?

Please advice...

Thanks
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22779544
Since your PC is in the same private network, you don't need NAT, and can simply analyze and forward. Just configure your default gateways correctly.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779566
So I can detect which received packet is for which PC with source and dest port, right?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779574
And it's not needed to listen on that port with winsock or any app?
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22779581
Of course. Just like packets are normally routed.
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22779593
>> And it's not needed to listen on that port with winsock or any app?

On what port ?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779600
Need to listen or no?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779619
Port that I'll set for each packet randomly...

I receive packet from computer A, I forward it to Gateway with this modification:

1) Making sender IP my IP (to receive data back to me)

2) Setting source port to a number

3) Saving that port number with IP address of requester

Then when I receive packet, I'll receive it in same port, right? So I'll look up in my table and send it to relevant IP address
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22779633
>> Port that I'll set for each packet randomly...

As I said, you don't need NAT, so you don't need to modify the port (or anything else in the packet). You just need to configure the default gateways correctly.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 17

Author Comment

by:CSecurity
ID: 22779655
No no .... I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22779672
Default gateway of ALL computers will be mine manually by users and my software will act as forwarder and analyzer...

Scenario is correct just I want to know method to determine I should forward response back to which IP
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22780380
>> just I want to know method to determine I should forward response back to which IP

As I said, you don't need to, you just send it out of the interface where all PC's are connected. If the default gateways are set properly, then the network will take care of the rest.


>> I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...

You're either confused yourself, or you're confusing me. Can you make a drawing of your network, and indicate the different machines and their roles, as well as the connections between them ?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22780553
There is an internet access server, windows shared connection...

I'll set internet gateway of all pcs in my network to my IP, computers will send me internet packets, I have a lot of rules for internet access, I'll check them and decide to send or not to send.


There is nothing confusing, assume I'lm developing internet sharing application, all will set gateway server IP to my IP.

As I said my app works properly if there is only 1 computer on my network, I receive packets from 1 PC, check them forward them to server and receive response and send it back to sender IP.

But when it reached more than 1 computer, I forward all packets properly to server, but I can't send them back properly, because when I receive answer I don't know which packet is for what IP.

Please advice only about this, how can I put a signature on packets and store them, so when I receive reply I send it back to proper IP.

Thanks
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22780898
>> There is nothing confusing,

There is. This was a confusing statement, especially in response to my post :

>> No no .... I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...



>> But when it reached more than 1 computer, I forward all packets properly to server, but I can't send them back properly, because when I receive answer I don't know which packet is for what IP.

I can only assume that you're doing this on a too high level. You need to capture the packets on a low level (not application level), and analyze/forward them from there.


>> Please advice only about this, how can I put a signature on packets and store them, so when I receive reply I send it back to proper IP.

If you don't modify the packets, but simply route them (as you should), then you don't have to put in a signature, as the information is already there, namely the destination IP address and port. (as I've said a few times already ;) )
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22780944
No no no....

I'm doing it in low level, I use winpcap... I want to modify them because I want to receive back response from internet, analysis that, if passed my rules, I'll forward... That's why I modify sender IP to my own IP, I'm doing it all in too low level... I directly modify IP headers....

As I said, my app works for 1 PC, I want a signature so it will work for all pcs in my net
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781087
>> I want to modify them

But you don't need to. You're acting as a router. You should just forward the unmodified packet on the right interface based on the routing table (which will be very simple in your case - one interface for outgoing traffic towards the gateway, and one interface for incoming traffic towards the private network).
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22781103
Please assume I want to do so, I had to do that... Just please tell me how can I define a signature... How Windows Internet Sharing service do that so I can develop same... Please advice
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781158
You can't. That's not how things work. The proper way to forward packets is as I described. You really don't need to modify the packet, unless you are using NAT (which you don't need in this case).

And if you are still using NAT (or a NAT-like behavior), then I've already handled in great detail how to correctly forward data, haven't I ?

So, I'm not sure why you keep asking this ...
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22781206
How NAT's do that? I asked for multiple times, with source port, right??? So I'll set a source port and I'll store it and when received response will check with source port to get IP....

If you say this will work, just as last question, I need to open and listen on that source port or no...

Just THAT
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781325
>> How NAT's do that? I asked for multiple times

And I answered that :

http:#22777092
http:#22777736

If anything is still unclear after reading those, then explain what is unclear and I'll clarify it.


>> I need to open and listen on that source port or no...

You said you were doing this on a low level (not on application level), so why would you need to open a port ? You're analyzing all packets.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22781343
>> You said you were doing this on a low level (not on application level), so why would you need to open a port ? You're analyzing all packets.

Yes, I'm doing that in low level, but if there is no port is open, I'll receive packet again, right?
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781401
What do you mean ? You're not currently receiving the packets through a listening port, are you ? You're just catching all packets on the interface, and processing them ... Or at least I hope that's what you're doing :)

What's the part you have a problem with ?
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22781437
Ok, so as I'm doing that in too low level, I'll receive packets even that port is not open, so when I receive packet from computer A, I'll make source IP -> My IP and I'll choose a port num like 1886 and I'll send it to internet, then when I recive packets, I'll look for packet have source port 1886, then I'll forward that packet to computer A after needed mods.

All is ok?
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781481
>> I'll make source IP -> My IP and I'll choose a port num like 1886 and I'll send it to internet, then when I recive packets, I'll look for packet have source port 1886, then I'll forward that packet to computer A after needed mods.

No. You don't need to modify anything in the packet. You just leave it as it is and simply forward it over the right interface. That's all. There's nothing more to it.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22781578
If I don't modify anything... WHEN I SEND GET REQUEST (HTTP PACKET) TO SERVER, WHO'LL RECEIVE RESPONSE?
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781587
No need to shout.

The response will be received by whoever sent it, since that's where the web server sends the response to.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22781605
But that's wrong Infinity, that's wrong...

I analyzed packets, when I see packet it's like this:

Src IP: Computer A
Dest IP: My IP

If I send this packet to server, nothing will happen.

I modify packet and make it like this:

Src IP: My IP
Dest IP: Internet Gateway IP


It works well without problem for single PC... When I receive response back, I get a lot of packets, I only check for packet have my IP as dest IP and my port as dest port, then I send it with again modification to Computer A. And you know rest, it not works for multiple computers...



0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781671
>> Dest IP: My IP

???? Then Computer A sent the wrong request :) It was destined for the Google web server, wasn't it ? So, the destination IP has to be the Google web server's IP.


>> it not works for multiple computers...

Of course it doesn't, since your approach is wrong - That's what I've been trying to make you understand all this time.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22781690
Yes, maybe... But I receive packet... So I thought DEST IP is my PC.

Anyway, so for detection of response, port is the method.... Right?
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781713
>> But I receive packet... So I thought DEST IP is my PC.

No, you should receive the packet because it's routed through your PC. It's routed through your PC, because Computer A's default gateway is set to your PC.
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22781722
>> Anyway, so for detection of response, port is the method.... Right?

No. You simply forward it to the destination address that is already in the packet.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22781734
If I forward GET Request, sender will receive packet without my permission or knowledge!!!!!!
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22782024
>> If I forward GET Request, sender will receive packet without my permission or knowledge!!!!!!

You only forward it when you give your permission. If you don't give the permission, then you don't forward it.
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22783942
Permission and rules apply on response of Google not on send request
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 22784494
>> Permission and rules apply on response of Google not on send request

Then you don't forward the response from Google :)
0
 
LVL 17

Author Comment

by:CSecurity
ID: 22785322
Thanks my code now works, I used dest and source port and now it works like a charm! Thanks for your time
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now