File: README.udp

package info (click to toggle)
natlog 3.01.00-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,912 kB
  • sloc: cpp: 3,691; fortran: 201; sh: 133; ansic: 123; makefile: 110
file content (80 lines) | stat: -rw-r--r-- 2,665 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
Setting up a demo udp connection:

    On the server run (make sure the firewall accepts incoming connections for
    the used port:

iptables -A INPUT -p udp --dport <port>       -j ACCEPT

    Start nc to listen on the port:

nc -l -u -p <portnr>

    Start nc on the client:

nc -u server <portnr>


    Run tcpdump -ni <interface> udp and port <portnr> to inspect the flow.

Example:

Server (e.g., www.rug.nl):

    nc -l -u -p 12345

Client:

    nc -u www.rug.nl 12345

Tcpdump (e.g. at the client)

    tcpdump -ni eth0 udp and port 12345


When sending UDP packets, the ID's at the client and nat computer are
identical:

Client (1.2) to destination (2.51):

15:43:54.437608 IP (tos 0x0, ttl 64, id 36222, offset 0, flags [DF], proto UDP (17), length 34)
    192.168.1.2.51757 > 129.125.2.51.12345: UDP, length 6
    src:sport   -> dst:dport,   id = a

15:44:13.541867 IP (tos 0x0, ttl 52, id 18749, offset 0, flags [DF], proto UDP (17), length 38)
    129.125.2.51.12345 > 192.168.1.2.51757: UDP, length 10
    dst:dport   -> src:sport,   id = b

15:45:49.393355 IP (tos 0x0, ttl 64, id 63059, offset 0, flags [DF], proto UDP (17), length 37)
    192.168.1.2.51757 > 129.125.2.51.12345: UDP, length 9
    src:sport   -> dst:dport,   id = c

15:46:17.583739 IP (tos 0x0, ttl 52, id 24262, offset 0, flags [DF], proto UDP (17), length 40)
    129.125.2.51.12345 > 192.168.1.2.51757: UDP, length 12
    dst:dport   -> src:sport    id = d

Nathost (17.6) to destination (2.51):

15:43:54.437689 IP (tos 0x0, ttl 63, id 36222, offset 0, flags [DF], proto UDP (17), length 34)
    192.168.17.6.51757 > 129.125.2.51.12345: UDP, length 6
    nat:nport   ->  dst:dport,  id = a

15:44:13.541818 IP (tos 0x0, ttl 53, id 18749, offset 0, flags [DF], proto UDP (17), length 38)
    129.125.2.51.12345 > 192.168.17.6.51757: UDP, length 10
    dst:dport   -> nat:nport,   id = b

15:45:49.393444 IP (tos 0x0, ttl 63, id 63059, offset 0, flags [DF], proto UDP (17), length 37)
    192.168.17.6.51757 > 129.125.2.51.12345: UDP, length 9
    nat:nport   -> dst:dport,   id = c

15:46:17.583695 IP (tos 0x0, ttl 53, id 24262, offset 0, flags [DF], proto UDP (17), length 40)
    129.125.2.51.12345 > 192.168.17.6.51757: UDP, length 12
    dst:dport   -> nat:nport    id = d


Multiple udp packets may be sent by identical processes, in which case the
client and nathost computers may use different  ports.

The IN connections store the source, dest, IP-addresses and ports, and uses
d_id (like the tcp's sequence nr) to allow association with the matching OUT
packet. Once the association is made, the via IP-address and port can be set,
and the d_id entry can be removed.