-1

I am trying to fully understand the TCP/UDP protocol before starting a network project.

Let's say I have a TCP Server. I understand that if I want someone to communicate with via Internet I need to open my listening port: the router/firewall let it pass and redirect it to me.

A TCP client is connecting to me, there is now a bound socket between the two systems. But how the server can send data to the client if this one have his port blocked:

The port is chosen dynamically, how the firewall/router know that it need to allow the data from my server, is it because I already send something to it and now knows that there is some kind of connection?

If yes, does it mean that for UDP both machines needs to unlock the port?

Mike Pennington
  • 41,899
  • 19
  • 136
  • 174
Shinao
  • 137
  • 4
  • 13
  • Well, the server never knows where the client is before the client TELLS him where he is. The client knows where the server is at (IP address) and thus he should communicate his location to the server. So, the only way a server can send data to a client is for him to know where the client is, either because the client told him or because he already knows his location. The client might use a different protocol/port combination to communicate his location to the server. (this is mostly a hunch/idea..) – Radu Gheorghiu Jun 01 '13 at 20:43
  • I completely agree. But what about the firewall/router ? Why a listening server is blocked but not a client ? – Shinao Jun 01 '13 at 20:47
  • 1
    Probably because the port is blocked for incomming connections. – Radu Gheorghiu Jun 01 '13 at 20:48
  • possible duplicate of [TCP Hole Punching](http://stackoverflow.com/questions/8819118/tcp-hole-punching) – Mike Pennington Jun 02 '13 at 04:16
  • That's the answer of my question, not the question itself. But thanks, it's interesting. – Shinao Jun 02 '13 at 10:55

1 Answers1

1

I don't completely understand how it works but this is what I got so far :

  1. Server is listening on port X
  2. Client try to connect to Server on port X (random port Y generated)
  3. Server can now repond to Client on port Y

Port Y is maintened open thanks to TCP with keep-alive packet. The firewall/router let it 'open' for some.. seconds ? because there was out-coming packet from his network (waiting for in-coming ?)

And that's how two UDP client can for example communicate : http://en.wikipedia.org/wiki/UDP_hole_punching

Example with Skype : http://www.h-online.com/security/features/How-Skype-Co-get-round-firewalls-747197.html

Please correct me if I'm wrong or something seems you not quite well.

Thanks

Edit

A NAT router therefore keeps tables of which internal computer has communicated with which external computer and which ports the two have used.

That's the trick that let the firewall "unlock" our port.

Shinao
  • 137
  • 4
  • 13