pwnat | punch holes through firewalls/NATs where both clients
kandi X-RAY | pwnat Summary
kandi X-RAY | pwnat Summary
pwnat, by samy kamkar, is a tool that allows any client behind a nat to communicate with a server behind a separate nat with no port forwarding and no dmz setup on any routers in order to directly communicate with each other. there is no middle man, no proxy, no 3rd party, no upnp required, no spoofing, no dns tricks. the server does not need to know the client's ip address before connecting. more importantly, the client can then connect to any host or port on any remote host or to a fixed host and port decided by the server. simply
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of pwnat
pwnat Key Features
pwnat Examples and Code Snippets
Community Discussions
Trending Discussions on pwnat
QUESTION
I'm doing some tests based on the idea of pwnat, it introduced a method for NAT traversal without 3rd party: the server sends ICMP echo request packets to the fixed address(for example, 3.3.3.3
) where no echo replies won't be returned from, the client, pretending to be a hop on the Internet, sends an ICMP Time Exceeded packet to the server, expect the NAT in the front of the server to forward the ICMP time exceeded message to the server.
After I pinged to 3.3.3.3
, then I run the code below in 192.168.1.100
to listen ICMP messages in Go:
ANSWER
Answered 2017-Feb-16 at 10:42Your code has no problem. If you run your code in the same network(I mean no NAT/router involvement), the program will receive time exceeded message as expected. The reason is the theory pwnat uses doesn't work nowadays.
First, you didn't get the identifier of the echo request sent by
192.168.2.100
to3.3.3.3
, the identifier will be uniquely mapped to an external query ID by NAPT(if any) so that it can route future ICMP Echo Replies with the same query ID to the sender. According to rfc 3022 ICMP error packet modifications section,In a NAPT setup, if the IP message embedded within ICMP happens to be a TCP, UDP or ICMP Query packet, you will also need to modify the appropriate TU port number within the TCP/UDP header or the Query Identifier field in the ICMP Query header.
Second, according to rfc 5508:
If a NAT device receives an ICMP Error packet from the private realm, and the NAT does not have an active mapping for the embedded payload, the NAT SHOULD silently drop the ICMP Error packet.
So the forged time exceeded message wouldn't get through. Here is more details about this.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install pwnat
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page