• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 328
  • Last Modified:

Packet forwarder (internet gateway) - TCP signature

Hi

I'm developing a packet forwarder application, how it works:

This application runs on IP 192.168.0.1 and all computers connected to this PC sets their internet gateway IP to 192.168.0.1. When they try to open google, my application receives their packet and sends it to real internet servers and receives response and sends response back to requester PC.

It works well if I have single IP/PC in my network, because I defined requesterIP as a global variable in my code and when I receive response I forward it back to requesterIP

Now when I have a lot of PCs in my network, I receive packets, I send them to google, google responds but I don't know to what IP I should forward it...

Please advice... How internet gateways work?

I have coded app using WinPcap, as I said it works, when I have single pc in my net...

Could I put a signature in sent packet, so google will response with same signature, so I can understand I should forward it back to which IP?

Please advice...

Thanks from now!
0
CSecurity
Asked:
CSecurity
  • 29
  • 25
1 Solution
 
Infinity08Commented:
Take a look at Network Address Translation (NAT) :

        http://en.wikipedia.org/wiki/Network_address_translation
0
 
CSecurityAuthor Commented:
I checked that link before, but to be honest and frank, I don't know what to do with that? Which part of my code should be changed in order to work like NAT...

Can you explain NAT in easy words to me and what I can do to solve my problem?

Thank you so much
0
 
Infinity08Commented:
Sure, NAT is used to hide an internal network behind a single router (your gateway). All traffic between the internal network and the external network (usually the internet) will pass through the router.

Now, NAT translates the IP addresses in all packets like this :

  (a) for outgoing packets, it replaces the source address (the IP of the private network PC that sent the packet) with its own public address

  (b) for incoming packets, it replaces the destination address (which is its own public address) with the actual destination address (the IP of the private network PC that the packet has to be sent to)

(Note that it usually will also change the ports in the packet to avoid conflicts)

The router keeps a table that lists all current connections (source and destination IP addresses and ports). When an outgoing connection is set up, it stores the following information in that table :

        (a) router port
        (b) originating IP and port

When a response is subsequently received on a router port, it looks up the corresponding private PC IP and port in the table, and forwards the packet there.




So, I guess the simple answer to your original question

>> Could I put a signature in sent packet, so google will response with same signature, so I can understand I should forward it back to which IP?

That 'signature' would be the source port (which is set to the router port assigned to that connection).
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
CSecurityAuthor Commented:
Look what I do is this:

When I receive packet like GET / HTTP/1.1 to be sent for google.com from IP 192.168.0.10, I receive it, then

1) I change source IP (sender IP) from 192.168.0.10 to 192.168.0.1 (my ip)
2) I change dest IP to (internet gateway ip)

It's ok till now... I can do that for 1000 computer on my network, that's normal...

But in receiving....!!!!

When I receive the packet..

I don't know this packet is for computer X or Y...

How can I understand and solve this?

any ideas?

Thank you so much!
0
 
CSecurityAuthor Commented:
So you mean I should define a global variable like this:

typedef Test
{
char SourcePort[6];
char SenderIP[20];
}

So I should modify source port and put a random number which doesn't exists in my list and associate a packet to that port, then when I receive response, I'll have destport the port I have set, right? so I can forward that to SenderIP which have same port num?
0
 
CSecurityAuthor Commented:
Another question is this:

Computer A sends me a packet, I receive that, I put my IP as source IP instead of IP address of B, I associate a port like 1884 as source port and dest port is port 80.

Port 1884 is not open in my pc, nothing is listening on that port, so again I'll be able to receive packets using winpcap and compare to see if I have sourceport = 1884 in my array to detect real sender IP?

Thank you so much, I learned a lot from you!
0
 
Infinity08Commented:
>> 1) I change source IP (sender IP) from 192.168.0.10 to 192.168.0.1 (my ip)

No, you change it to the EXTERNAL IP (the public internet IP) of the router. 192.168.0.1 is its internal (private) IP, which is only visible on the private network.


>> 2) I change dest IP to (internet gateway ip)

You don't change the destination IP for outgoing packets - only for incoming packets (from the internet).


>> I don't know this packet is for computer X or Y...

That's what the table I mentioned is for.



>> So you mean I should define a global variable like this:

You'll need a whole table - not just one entry. And you'll also need the port of the private network PC, not just its IP address.
Also, A port is a 16bit unsigned int, and an IP (IPv4) is a 32bit unsigned int in the packet. They're not strings.



>> Computer A sends me a packet, I receive that, I put my IP as source IP instead of IP address of B, I associate a port like 1884 as source port and dest port is port 80.

Let's use a simple example :

        Router R :
            -> external IP : 123.45.67.89
            -> internal IP : 192.168.0.1

        Computer A :
            -> IP : 192.168.0.10

        Computer B :
            -> IP : 192.168.0.20

        Google G :
            -> IP : 209.85.135.103

Then suppose computer A sends a request to Google through the router. Then the router will receive this packet from A :

        Source IP            Source Port        Destination IP        Destination Port
        192.168.0.10      12345                209.85.135.103      80

The router will create the following entry in its table :

        Port        Real IP              Real Port
        33333     192.168.0.10    12345

and will modify the packet like this :

        Source IP            Source Port        Destination IP        Destination Port
        123.45.67.89      33333                209.85.135.103      80

and send it to Google.

Now, suppose computer B also sends a request to Google through the router. Then the router will receive this packet from B :

        Source IP            Source Port        Destination IP        Destination Port
        192.168.0.20      23456                209.85.135.103      80

The router's table will now look like this :

        Port        Real IP              Real Port
        33333     192.168.0.10    12345
        44444     192.168.0.20    23456

and will modify the packet like this :

        Source IP            Source Port        Destination IP        Destination Port
        123.45.67.89      44444                209.85.135.103      80

and send it to Google.


After a while, Google will send back the responses. Suppose this response arrives at the router :

        Source IP            Source Port        Destination IP        Destination Port
        209.85.135.103  80                      123.45.67.89          44444

The router looks the port 44444 up in its table, and finds out that this packet is for 192.168.0.20:23456, so it modifies the packet like this :

        Source IP            Source Port        Destination IP        Destination Port
        209.85.135.103  80                      192.168.0.20          23456

and forwards it to B.

Next, Google might send another response like this :

        Source IP            Source Port        Destination IP        Destination Port
        209.85.135.103  80                      123.45.67.89          33333

The router looks the port 33333 up in its table, and finds out that this packet is for 192.168.0.10:12345, so it modifies the packet like this :

        Source IP            Source Port        Destination IP        Destination Port
        209.85.135.103  80                      192.168.0.10          12345

and forwards it to A.
0
 
CSecurityAuthor Commented:
Thank you so much for your perfect comment, I got all, but just 1 simple problem...

Main purpose of my application is to monitor packets and modify or drop some of them, with your last comment, I'll not receive response from gateway and gateway will directly respond to requester, I want to check response from google to not have some words, if have I drop that packet...

So what do you think for this situation?
0
 
Infinity08Commented:
>> So what do you think for this situation?

You have two options.

(a) you just drop the packet and do nothing else. The client will time out, and show a timeout error message to its user.

(b) drop the packet, and send back an error message ("The request contains unacceptable words") to the client which will then be shown to the user.


The first is the easiest. The second is the nicest (and also the most common in similar situations)
0
 
CSecurityAuthor Commented:
No... I'm asking for method... In your explanation when I send packet to router, I don't modify sender IP so router responds directly ro IP A, but I want to receive packet myself and process it then I want to forward that packet myself, not router....

What I can do for it? If I change the source port to X and store it, I'll receive response with dest port X so I'll identify reponse packet, right?
0
 
Infinity08Commented:
Oh, so you want to send it to another PC on the private network ? You'd better encapsulate the packet into another one without your IP address as the destination, and send it.
0
 
CSecurityAuthor Commented:
I want to act like this:

I'll be gateway

A sends request to me, I forward it to other gateway, gateway sends me response and I want to modify or check packet and if passed, send this packet to A
0
 
Infinity08Commented:
Why so complicated ?
0
 
CSecurityAuthor Commented:
I receive 100 packets from 100 pc in EXACTLY same time, I forward all of them just by modifying sender IP to my IP and I send it to gateway, but when I receive packets back, I don't know which response is for which IP
0
 
Infinity08Commented:
Again : why so complicated ? Why not use your gateway for all that ? And use your own pc as a monitor ?
0
 
CSecurityAuthor Commented:
No, I want to be gateway before gateway, for security
0
 
CSecurityAuthor Commented:
I want it to be languard which when you install it on any pc of network, it will work
0
 
Infinity08Commented:
>> No, I want to be gateway before gateway, for security

?? How does that add security ? It'll slow the network down (let alone your PC), that's for sure heh.
0
 
CSecurityAuthor Commented:
Anyway, assume I'm doing that :P

Please advice how to determine received packet, still you think I can do that with source and dest port?

If I set source port to X, I should listen on that port or?

Please advice...

Thanks
0
 
Infinity08Commented:
Since your PC is in the same private network, you don't need NAT, and can simply analyze and forward. Just configure your default gateways correctly.
0
 
CSecurityAuthor Commented:
So I can detect which received packet is for which PC with source and dest port, right?
0
 
CSecurityAuthor Commented:
And it's not needed to listen on that port with winsock or any app?
0
 
Infinity08Commented:
Of course. Just like packets are normally routed.
0
 
Infinity08Commented:
>> And it's not needed to listen on that port with winsock or any app?

On what port ?
0
 
CSecurityAuthor Commented:
Need to listen or no?
0
 
CSecurityAuthor Commented:
Port that I'll set for each packet randomly...

I receive packet from computer A, I forward it to Gateway with this modification:

1) Making sender IP my IP (to receive data back to me)

2) Setting source port to a number

3) Saving that port number with IP address of requester

Then when I receive packet, I'll receive it in same port, right? So I'll look up in my table and send it to relevant IP address
0
 
Infinity08Commented:
>> Port that I'll set for each packet randomly...

As I said, you don't need NAT, so you don't need to modify the port (or anything else in the packet). You just need to configure the default gateways correctly.
0
 
CSecurityAuthor Commented:
No no .... I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...
0
 
CSecurityAuthor Commented:
Default gateway of ALL computers will be mine manually by users and my software will act as forwarder and analyzer...

Scenario is correct just I want to know method to determine I should forward response back to which IP
0
 
Infinity08Commented:
>> just I want to know method to determine I should forward response back to which IP

As I said, you don't need to, you just send it out of the interface where all PC's are connected. If the default gateways are set properly, then the network will take care of the rest.


>> I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...

You're either confused yourself, or you're confusing me. Can you make a drawing of your network, and indicate the different machines and their roles, as well as the connections between them ?
0
 
CSecurityAuthor Commented:
There is an internet access server, windows shared connection...

I'll set internet gateway of all pcs in my network to my IP, computers will send me internet packets, I have a lot of rules for internet access, I'll check them and decide to send or not to send.


There is nothing confusing, assume I'lm developing internet sharing application, all will set gateway server IP to my IP.

As I said my app works properly if there is only 1 computer on my network, I receive packets from 1 PC, check them forward them to server and receive response and send it back to sender IP.

But when it reached more than 1 computer, I forward all packets properly to server, but I can't send them back properly, because when I receive answer I don't know which packet is for what IP.

Please advice only about this, how can I put a signature on packets and store them, so when I receive reply I send it back to proper IP.

Thanks
0
 
Infinity08Commented:
>> There is nothing confusing,

There is. This was a confusing statement, especially in response to my post :

>> No no .... I'll be gateway with my program and my program will act as gateway and packet forwarder and analyzer...



>> But when it reached more than 1 computer, I forward all packets properly to server, but I can't send them back properly, because when I receive answer I don't know which packet is for what IP.

I can only assume that you're doing this on a too high level. You need to capture the packets on a low level (not application level), and analyze/forward them from there.


>> Please advice only about this, how can I put a signature on packets and store them, so when I receive reply I send it back to proper IP.

If you don't modify the packets, but simply route them (as you should), then you don't have to put in a signature, as the information is already there, namely the destination IP address and port. (as I've said a few times already ;) )
0
 
CSecurityAuthor Commented:
No no no....

I'm doing it in low level, I use winpcap... I want to modify them because I want to receive back response from internet, analysis that, if passed my rules, I'll forward... That's why I modify sender IP to my own IP, I'm doing it all in too low level... I directly modify IP headers....

As I said, my app works for 1 PC, I want a signature so it will work for all pcs in my net
0
 
Infinity08Commented:
>> I want to modify them

But you don't need to. You're acting as a router. You should just forward the unmodified packet on the right interface based on the routing table (which will be very simple in your case - one interface for outgoing traffic towards the gateway, and one interface for incoming traffic towards the private network).
0
 
CSecurityAuthor Commented:
Please assume I want to do so, I had to do that... Just please tell me how can I define a signature... How Windows Internet Sharing service do that so I can develop same... Please advice
0
 
Infinity08Commented:
You can't. That's not how things work. The proper way to forward packets is as I described. You really don't need to modify the packet, unless you are using NAT (which you don't need in this case).

And if you are still using NAT (or a NAT-like behavior), then I've already handled in great detail how to correctly forward data, haven't I ?

So, I'm not sure why you keep asking this ...
0
 
CSecurityAuthor Commented:
How NAT's do that? I asked for multiple times, with source port, right??? So I'll set a source port and I'll store it and when received response will check with source port to get IP....

If you say this will work, just as last question, I need to open and listen on that source port or no...

Just THAT
0
 
Infinity08Commented:
>> How NAT's do that? I asked for multiple times

And I answered that :

http:#22777092
http:#22777736

If anything is still unclear after reading those, then explain what is unclear and I'll clarify it.


>> I need to open and listen on that source port or no...

You said you were doing this on a low level (not on application level), so why would you need to open a port ? You're analyzing all packets.
0
 
CSecurityAuthor Commented:
>> You said you were doing this on a low level (not on application level), so why would you need to open a port ? You're analyzing all packets.

Yes, I'm doing that in low level, but if there is no port is open, I'll receive packet again, right?
0
 
Infinity08Commented:
What do you mean ? You're not currently receiving the packets through a listening port, are you ? You're just catching all packets on the interface, and processing them ... Or at least I hope that's what you're doing :)

What's the part you have a problem with ?
0
 
CSecurityAuthor Commented:
Ok, so as I'm doing that in too low level, I'll receive packets even that port is not open, so when I receive packet from computer A, I'll make source IP -> My IP and I'll choose a port num like 1886 and I'll send it to internet, then when I recive packets, I'll look for packet have source port 1886, then I'll forward that packet to computer A after needed mods.

All is ok?
0
 
Infinity08Commented:
>> I'll make source IP -> My IP and I'll choose a port num like 1886 and I'll send it to internet, then when I recive packets, I'll look for packet have source port 1886, then I'll forward that packet to computer A after needed mods.

No. You don't need to modify anything in the packet. You just leave it as it is and simply forward it over the right interface. That's all. There's nothing more to it.
0
 
CSecurityAuthor Commented:
If I don't modify anything... WHEN I SEND GET REQUEST (HTTP PACKET) TO SERVER, WHO'LL RECEIVE RESPONSE?
0
 
Infinity08Commented:
No need to shout.

The response will be received by whoever sent it, since that's where the web server sends the response to.
0
 
CSecurityAuthor Commented:
But that's wrong Infinity, that's wrong...

I analyzed packets, when I see packet it's like this:

Src IP: Computer A
Dest IP: My IP

If I send this packet to server, nothing will happen.

I modify packet and make it like this:

Src IP: My IP
Dest IP: Internet Gateway IP


It works well without problem for single PC... When I receive response back, I get a lot of packets, I only check for packet have my IP as dest IP and my port as dest port, then I send it with again modification to Computer A. And you know rest, it not works for multiple computers...



0
 
Infinity08Commented:
>> Dest IP: My IP

???? Then Computer A sent the wrong request :) It was destined for the Google web server, wasn't it ? So, the destination IP has to be the Google web server's IP.


>> it not works for multiple computers...

Of course it doesn't, since your approach is wrong - That's what I've been trying to make you understand all this time.
0
 
CSecurityAuthor Commented:
Yes, maybe... But I receive packet... So I thought DEST IP is my PC.

Anyway, so for detection of response, port is the method.... Right?
0
 
Infinity08Commented:
>> But I receive packet... So I thought DEST IP is my PC.

No, you should receive the packet because it's routed through your PC. It's routed through your PC, because Computer A's default gateway is set to your PC.
0
 
Infinity08Commented:
>> Anyway, so for detection of response, port is the method.... Right?

No. You simply forward it to the destination address that is already in the packet.
0
 
CSecurityAuthor Commented:
If I forward GET Request, sender will receive packet without my permission or knowledge!!!!!!
0
 
Infinity08Commented:
>> If I forward GET Request, sender will receive packet without my permission or knowledge!!!!!!

You only forward it when you give your permission. If you don't give the permission, then you don't forward it.
0
 
CSecurityAuthor Commented:
Permission and rules apply on response of Google not on send request
0
 
Infinity08Commented:
>> Permission and rules apply on response of Google not on send request

Then you don't forward the response from Google :)
0
 
CSecurityAuthor Commented:
Thanks my code now works, I used dest and source port and now it works like a charm! Thanks for your time
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 29
  • 25
Tackle projects and never again get stuck behind a technical roadblock.
Join Now