Thursday, November 26, 2015

NAT Traversal or how to make P2P on Android

Many of us used BitTorrent(or uTorrent) to download files on internet in a short time. Their download speed is high due to Peer-to-peer technology. That means, rather than downloading file from server, we are getting the file from another computer.
But how two computers that have a local IP and are behind NAT, how they can connect each other?
For that, NAT Traversal methodologies come for help.
Note that there are mainly 2 types of NAT:
Symmetrical(complex NATs:carrier-grade NAT) and Full (home network or small enterprises).
let us consider Full NATs first.

Methodologies of NAT traversal are:
UPnP - old and hardware oriented method
NAT-PMP (later succeeded by PCP)- introduced by Apple, also hardware oriented(i.e: not all routers have it, and even if it had, it is turned off by default)
UDP Punching  - this is done by STUN which uses public server to discover NAT public IP & port
TCP Punching -  similar to UDP punching but more complicated

Symmetrical NATs are a big issue. They are hard to be punched as they changed router ports randomly. So there is a tiny chance to establish connection.
There are some approaches which can help, but practically difficult to implement:
"Large Scale Symmetric NAT Traversal with Two Stage Hole Punching":
Fortunately, Symmetrical NATs are being used only in security restricted areas, and are getting less popular because people are understanding how P2P is important.

So, how we can practically make P2P connection on Android.
I found 2 ways, one to use libraries (harder) and another WebRTC(easier).

As you know, webRTC uses p2p and internally it has ICE(that combines STUN and TURN) protocol to establish p2p connection.
This option is easier to use because webrtc library takes care of future updates and it is a new cool standard.

Tutorial on ice4j:

Monday, November 23, 2015

How to sniff Http port with Python

Recently, I have been interested in sniffing Http requests/responses which are passing through 80/8080 port.
This is helpful when you want to trace if there are some data outgoing from your PC without your knowledge.
Sniffing(or monitoring) is a popular way to observe http requests.
Anyways, I decided to choose Python for programming, because it is easier, portable, and extensible.
There are tons of libraries for Python.
The next library that i want to introduce is called "scapy"
You install it like this:
>pip install scapy

Then, here is the simple HTTP sniffer:

from scapy.all import *

def http_header(packet):
        if http_packet.find('GET'):
                return GET_print(packet)

def GET_print(packet1):
    ret = "***************************************GET PACKET****************************************************\n"
    ret += "\n".join(packet1.sprintf("{Raw:%Raw.load%}\n").split(r"\r\n"))
    ret += "*****************************************************************************************************\n"
    return ret

sniff(iface='eth0', prn=http_header, filter="tcp port 80")

If you run this script, it will show all GET HTTP request going through port 80.
you can modify this to sniff POST requests and etc.
Also, there is "scapy-http" library which helps you to parse http requests more easily.
Have fun!