pwnat | punch holes through firewalls/NATs where both clients

 by   samyk C Version: v0.3.0 License: GPL-3.0

kandi X-RAY | pwnat Summary

kandi X-RAY | pwnat Summary

pwnat is a C library. pwnat has no bugs, it has no vulnerabilities, it has a Strong Copyleft License and it has medium support. You can download it from GitHub.

pwnat, by samy kamkar, is a tool that allows any client behind a nat to communicate with a server behind a separate nat with no port forwarding and no dmz setup on any routers in order to directly communicate with each other. there is no middle man, no proxy, no 3rd party, no upnp required, no spoofing, no dns tricks. the server does not need to know the client's ip address before connecting. more importantly, the client can then connect to any host or port on any remote host or to a fixed host and port decided by the server. simply
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              pwnat has a medium active ecosystem.
              It has 2732 star(s) with 441 fork(s). There are 146 watchers for this library.
              OutlinedDot
              It had no major release in the last 12 months.
              There are 17 open issues and 5 have been closed. On average issues are closed in 91 days. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of pwnat is v0.3.0

            kandi-Quality Quality

              pwnat has 0 bugs and 0 code smells.

            kandi-Security Security

              pwnat has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              pwnat code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              pwnat is licensed under the GPL-3.0 License. This license is Strong Copyleft.
              Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

            kandi-Reuse Reuse

              pwnat releases are available to install and integrate.
              Installation instructions are not available. Examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of pwnat
            Get all kandi verified functions for this library.

            pwnat Key Features

            No Key Features are available at this moment for pwnat.

            pwnat Examples and Code Snippets

            No Code Snippets are available at this moment for pwnat.

            Community Discussions

            Trending Discussions on pwnat

            QUESTION

            cannot receive time exceeded message
            Asked 2017-Feb-16 at 10:42

            I'm doing some tests based on the idea of pwnat, it introduced a method for NAT traversal without 3rd party: the server sends ICMP echo request packets to the fixed address(for example, 3.3.3.3) where no echo replies won't be returned from, the client, pretending to be a hop on the Internet, sends an ICMP Time Exceeded packet to the server, expect the NAT in the front of the server to forward the ICMP time exceeded message to the server.
            After I pinged to 3.3.3.3, then I run the code below in 192.168.1.100 to listen ICMP messages in Go:

            ...

            ANSWER

            Answered 2017-Feb-16 at 10:42

            Your code has no problem. If you run your code in the same network(I mean no NAT/router involvement), the program will receive time exceeded message as expected. The reason is the theory pwnat uses doesn't work nowadays.

            • First, you didn't get the identifier of the echo request sent by 192.168.2.100 to 3.3.3.3, the identifier will be uniquely mapped to an external query ID by NAPT(if any) so that it can route future ICMP Echo Replies with the same query ID to the sender. According to rfc 3022 ICMP error packet modifications section,

              In a NAPT setup, if the IP message embedded within ICMP happens to be a TCP, UDP or ICMP Query packet, you will also need to modify the appropriate TU port number within the TCP/UDP header or the Query Identifier field in the ICMP Query header.

            • Second, according to rfc 5508:

              If a NAT device receives an ICMP Error packet from the private realm, and the NAT does not have an active mapping for the embedded payload, the NAT SHOULD silently drop the ICMP Error packet.

            So the forged time exceeded message wouldn't get through. Here is more details about this.

            Source https://stackoverflow.com/questions/42115989

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install pwnat

            You can download it from GitHub.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/samyk/pwnat.git

          • CLI

            gh repo clone samyk/pwnat

          • sshUrl

            git@github.com:samyk/pwnat.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link