ptunnel
I've been meaning to post this for a while: ptunnel is an application that allows you to tunnel internet traffic over ICMP pings. Allow me to explain why this is cool.
Pings are the simplest way of testing connectivity over the internet. They're part of a protocol called ICMP that's used for diagnostic purposes and little else. Ptunnel reimplements TCP/IP b— the internet's main protocol — by tacking your messages' content onto the end of pings. You run a server on another machine that receives the tunnelled packets, converts them to normal internet traffic, sends them out, gets a response, and sends it back to you over the ICMP tunnel.
Why is this useful? Mostly, it's not. But ICMP is frequently the only thing that can get through airport/coffee shop-style wifi hotspots prior to purchasing time with a credit card. ICMP traffic is allowed through because doing so makes service technicians' lives easier. Now that fun fact can make your life slightly cheaper.
I haven't tested it myself, though. The problem is that you need to run ptunnel on a server that can receive ICMP — and most consumer routers aren't designed to let you forward ICMP traffic from the internet to machines on your LAN. I suppose I could make my linux server the network's DMZ host, but that would result in all incoming TCP traffic getting through, as well. Given the lousy passwords I have on my mp3 shared directories, that's not a great idea. Besides, even with a DMZ set I'm not sure that the router wouldn't just answer the incoming pings itself.
Maybe I'll try to get ptunnel running on the router itself — it is a Linux machine in its own right, after all. It would be pretty fun to see if Starbucks can be beaten this way.
Comments
Stringent security would block all ICMP packets at a firewall. Thus said, a firewall can be set up so that only predetermined ICMP packets are allowed through. One such implementation is to accept ICMP packets and strip them of all information (control bits and extraneous info) except the source IP and it's request (typically ECHO). Although this is valid, most security people block the ICMP requests from external sources to prevent DoS attacks onto their network as well as exploratory pinging.
I think you're referring to incoming pings, which are indeed usually blocked. But with ptunnel the connection is initiated from inside the LAN; presumably the NAT implementation allows the response to go through (otherwise the ping command wouldn't work at all, for anybody).
also: icmp ping is an echo request by definition.
Anyway, the author has confirmed that it works in at least some airports.
I really don't want to start a long thread of this...
You can do just about anything within your network, but once something goes out across a router, all bets are off. NAT does nothing except switch internal addresses to external ones, and ICMP packets would be transparent in the whole process. NAT only occurs at a router implying that a packet has moved in/out of a network.
Ping is a application/user command. Some implementations use ICMP , while "cleverer" ones can use ICMP, TCP, and other methods to verify a machine is up/available. It is not proper to call it ICMP PING like it's part of the protocol. It's ICMP ECHO like I stated before and to which you seem to think i was unclear about.
Tunneling schemes are nothing new and most won't work end-to-end if one side is configured (firewalled) correctly. Plus, ICMP packets do not have any order and will arrive randomly (over a fixed network) and most likely rejected across a wireless network (depends on the security strength). Because of this, performance sucks... although you're free to try it out and prove me wrong.
If your true issue is getting free wi-fi access, there's an easier way... nudge, nudge, wink, wink, say no more.
Plus, ICMP packets do not have any order and will arrive randomly (over a fixed network) and most likely rejected across a wireless network (depends on the security strength). Because of this, performance sucks...
but that's what makes this so cool! The guy reimplemented TCP/IP over ICMP. It's not fantastic performance, but he says he can hit 150k/s downstream.
Oh my god, I can't stop typing... Tom, what r u doing to me? :)
"but that's what makes this so cool! The guy reimplemented TCP/IP over ICMP. It's not fantastic performance, but he says he can hit 150k/s downstream."
Yes, most tunneling protocols involve TCP to help reorder the packets at their destination. Now is that 150KB/s or 150kb/s 'cause there's a big difference? I suspect the latter, which is kind of weak.
Damn, now this question is going to make you want to reply. Ugh. I promised myselt not to reply anymore. I swear... unless you say C# and .NET are the future! Then my friend, we'll have to rumble. Them's fightin' wurds!
ptunnel has been ported to openwrt.
You can find it here:
http://perso.ecp.fr/~beauxir5/peercast/ptunnel_0.61-1_mipsel.ipk
Post A Comment