Feeds:
Posts
Comments

Archive for the ‘Computers and Internet’ Category

DISCLAIMER: DEAR READER, AS BY THE TIME YOU ARE READING THIS ARTICLE, THE PROVIDER MENTIONED AS “SHELLMIX” MAY NOT BE PROVIDING THE DISCLOSED SERVICE AS MENTIONED IN THE ARTICLE. NEVERTHELESS, THE ARTICLE STILL STANDS VALID FROM THE THEORETICAL POINT OF VIEW.

By default, Skype uses techniques that preserve the security of the information and internet connections, and protect the user confidential data (i.e. Text Messages, Voice, Video, Personal Profile Data) from being compromised …

If some ISP want to censor the data of Skype client, they would naturally go into troubles and find these techniques an obstacle in their way … a naïve ISP then, would simply block traffic of Skype by known blocking techniques. In this tutorial we will demonstrate how to tunnel Skype (actually, similar clients other than Skype can benefit from this tutorial the same way) through encrypted tunnels over the internet so the ISP can’t even know whether we are on Skype or not.

Introduction:

For the purpose of not making this tutorial a close-brain-and-click tutorial … I’ll try to explain some terms and concepts along the way, that gives us better realization of what we are doing here.

First, I want to explain the term “SSH”.

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. (Wikipedia).

Note: “Channel” and “tunnel” will be used interchangeably.

This protocol ensures the transmission of data in an encrypted form, thus, the ISP won’t be able to recognize the data, and thus, won’t be able to sniff our personal data or block it after recognizing it.

For some people with intermediate knowledge in internet technology or some computer network programming, the idea of a “Tunnel” won’t be very clear for them because they would be thinking of a probable implementation of the word of what they know already. If you can’t find one, don’t worry. Actually, the word is just an abstract idea, so you need not to think about it’s implementation, you just accept it in the abstract form for now.

Our strategy here is to acquire 2 things:

1- A piece of software on our computer that can encrypt the data and put it on the tunnel, and later, receive the data sent it from the other end of the tunnel and decrypt it and give it to us.

2- A piece of software that receive our encrypted data (after it has passed the ISP undetected), decrypt it, and send it to the internet ( to where it originally was destined ), later, receive the data coming from the destination to us, encrypt it and forward it to our side so we can read it.

Traffic passing throug SSH tunnel

First, we will be heading to acquire the 2nd piece. Someone may ask why we are conflicting with the order of pieces, well, the second piece is the service we want to consume so we need to get it first.

The 2nd Piece:

Actually, we won’t install a SSH server, rather, we will use a FREE service provided from Shellmix : www.Shellmix.com.

In the website of Shellmix, you can find instructions for how to create a new FREE account … nevertheless, some users may find it rather tough and technically professional set of instructions, so I decided to give shed about how to create a FREE account with Shellmix.

To make a new account with Shellmix, we first need to download a tool called “Putty”:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

(download putty.exe)

Note: in the mean time, Shellmix provide an alternative way to register a new account from their website directly. Putty still works. The interface of registration is the same whether we use Putty or the alternative method.

After the main screen of Putty show up, fill the details shown below:

Capture

Press “Open” … now you will get a black scree and be asked for a user name and password.

Username: newuser
Password: newuser

Now you read “Enter your login name => “, you enter the user name you want, and press Enter.

Now you read “Enter your password => “, you enter the password of the account.

The password again for confirmation.

The services includes a free MySQL database, which isn’t useful for the regular user. Now you read “Enter new password to MySQL database => “, you enter what ever password you want.

Now you read “Your email address => “, enter a “valid” email address, you’ll receive emails to it.

Now you read “Choose editor (Press ? to see list) => [pico]: ”, just press Enter.

Now you read “Choose language (Press ? In order to see list): ”, you enter “us” for English and press Enter. You can see other options by pressing ‘?’.

Now you read “Choose your vhost (Press ? In order to see list and help):”, you type “shell” and press Enter, or ‘?’ for other options.

Now you read “Choose your HARD DISK (Press ? In order to see list):”, you type “hdd1” and press Enter, or ‘?’ for other options.

By now, you have completed your data entry, and now the server need to create your account. The screen shows a summery of your data, and waits for your Enter key, press it.

After some processing the server completes your registration and the account is ready to be used.

The 1st Piece:

Now that we have the 2nd piece covered, we aim to the 1st piece that we will use for connecting to the SSH service.

What I didn’t mention till now is that “Putty” IS the 1st piece of software. What I didn’t mentioned also is that we already CONNCTED to the SSH Server once. But the purpose back then wasn’t to access the internet, rather, to register our new account.

This time we will use “Putty” with shellmix in a similar way … but for accessing the internet, and because of this, we need to find out how we can hook programs that need to access the internet to putty, so the traffic generated and received by these programs goes in and out through Putty which is connected to the SSH service.

We will do that by using a very nice feature in Putty, which is SOCKS5 Proxy.

Untitled

Most of us are familiar with proxies. usually we use HTTP/HTTPS proxies. But this time we will use a SOCKS5 (SOCKS v5) proxy which is almost the same for the normal user as HTTP/HTTPS proxy but with some different considerations and technical details. As long as Skype supports SOCKS5 proxies, we don’t need to discuss it so much here, we can just go on.

Connecting Skype to the Internet using Shellmix and Putty:

After we have completed the registration on Shellmix, we will use those credentials to login to the server again but this time with different port, and some additional configuration in Putty.

First, we open Putty and enter the details shown below:

Capture1

Now, in the “Category” tree on the left, we go to ( Connection –> SSH –> Tunnels). Here we will enter the information for the SOCKS proxy:

Capture2

Note here that we configured the “port” on which the SOCKS5 proxy will listen on, to (9090) … This isn’t mandatory, and you can put any port depending on your preference. Note also, that some ports could be already opened by other programs on the same computer, so be sure to choose a free port. 9090 works well for me since none of my programs uses it.

After entering the shown data, and pressing “Add” … a new record in the “Forwarded ports:” list will appear as “D 9090”.

(OPTIONAL)
You can save these settings you have just made so you don’t have to enter them every time you want to connect to Shellmix. To do that, go to the main screen in Putty, type a name for the configuration (e.g. Shellmix) and press “Save”.
Capture4
Now, when you want to connect to Shellmix, you only have to double-click on the name “Shellmix”. Alternatively, you can choose “Shellmix” from the list, and press “Load”, then click “Open”.

Connecting to shell mix:

Now we are ready to go “SECURED” …

First we will initiate the connection to Shellmix. Considering you still have “Putty” opened with the data setup, click “Open” to start the connection.

After the connection is initiated with the Shellmix server, the server asks for the user name and password:

image

Note that password will not show on screen as you are typing it for security reasons.

After entering the required data, a notification will appear to us from Shellmix indicating a good successful login.

image

Press the Enter key and you get some info on Putty black console, and we are just ready to go and open Skype.

Configuring and running Skype:

This is the Skype interface due to the date of publishing of this post. We need to go to the “Connection options …”.

image

I don’t remember that the “Connection options …” interface has ever changed since the day I “discovered” Skype. Now we need to connect the Skype with Putty by entering the following information:

Capture6

Press “Save” … restart Skype … log in Skype … and we are DONE!!

Note: that the console window of Putty should remain open as long as you are using Skype.

Note: the SOCKS5 proxy we setup with Putty isn’t dedicated to Skype alone. That means, any program that can connect to the internet using a SOCKS5 proxy can take advantage of Putty proxy, side by side with Skype. IE and Firefox supports SOCKS5 proxy and can work well with Putty’s proxy.

Note: we didn’t even used 25% of the services that Shellmix provide. Tunneling our traffic to Shellmix is only one of 10s of features that there is no room for them here to be presented, and which may probably not be interesting for the normal internet user.

Thanks for reading and I hope you enjoyed the tutorial.

Feel free to contact on email : hassoon3@msn.com.

Update 20/Aug/2011:

You can now watch a video tutorial on YouTube:

Update 12/Apr/2012:

After some researching, I found out that Skype naturally will try to connect directly without a proxy even when provided with one, then in case it fails to establish the connection directly it will try using the provided proxy address. To prevent such behavior, it’s recommended to set rules in the Firewall of the system to prevent Skype from establishing any connection to any destination other than the computer address of our proxy. In the following lines, I provide a script that sets 2 rules in Windows Firewall in a Windows 7 platform that will prevent the executable of Skype (called Skype.exe) from generating outbound traffic ( that includes establishing connections )  of type TCP to any destination other than 127.0.0.1 which is the address that my proxy binds its self to:

netsh advfirewall firewall add rule name=”SkypeBlockTCP” dir=out action=block program=%skype% enable=yes protocol=tcp profile=any
netsh advfirewall firewall add rule name=”SkypeAllowToProxy” dir=out action=allow program=%skype% enable=yes remoteip=127.0.0.1


To use the script, create a new text file, then copy and paste the 2 lines to it, then you’d need to replace the [ %skype% ] in both lines with the path of the Skype Phone executable on your file system enclosed with double quotes (e.g. “C:\Skype.exe”). Save the file, and change the extension from (.txt) to (.bat) and then run the file “As Administrator”. No you have Skype able to connect only using a proxy.

The following 2 lines script undoes the actions of the first:

netsh advfirewall firewall delete rule name=”SkypeBlockTCP”
netsh advfirewall firewall delete rule name=”SkypeAllowToProxy”

Follow the instructions for the first script to use this one as well.

Read Full Post »

Internet and VMware

Activating the Internet accessibility in a virtualized guest OS, using VMware:

Note: this is not a "Click-n-Play" tutorial, which means that it contains technical explanations and a lot of information for reading before achieving the goal of the tutorial, so consider this before proceeding.

Overview: Thanks for engaging this document. Here I am trying to show; how we can get an internet connection in the guest operating system hosted using VMware 7, using the internet connection of the host system.

Note: In this tutorial, I am not considering any difficulty with installing the VMware Workstation, or even a guest OS on it. We are going to discuss only the Networking in VMware Workstation, in order to get internet connection inside the guest OS across the host OS.

Note: A virtual machine that was created and managed using VMware Workstation 6.xx can be effortlessly lunched using VMware Workstation 7.xx, so if you like to switch from older version to VMware Workstation 7.xx, just save the files of the virtual machine in a safe place, and uninstall the older version, and then install the newer one. Any way, if you’re not having any intention to switch versions, so it’s enough to understand the mechanism to do networking configuration in the VMware, then you’ll find it easy to make configuration with any version.

Terminology:

            Before we start working we need to agree on some terms in order to understand the terms used in this tutorial:

Guest OS: is the operating system that runs inside the VMware environment, e.g. If you install VMware on a Windows 7 machine and then you install Windows XP inside the VMware, then Windows XP is called a guest OS.
Host
OS is the operating system in which the VMware is installed (In the previous example, it’s the Windows 7).
Virtual
Machine: is a software version of a real physical computer, and it’s called "virtual" because it has the features of the real PC, still being a piece of software created by VMware Workstation. The guest OS needs a virtual machine to be installed on.
Virtual
Cable: is a term that I invented to explain an imaginary cable connecting between "Two Networking Interfaces" (An example of network interface is the Wi-Fi card that you put in your desktop).

Step 1:

In this tutorial, we will consider the VMware Workstation 7.0.0 build-203739, however, if we get able to configure this version properly then the previous versions may be easier to configure than this one. So we need to install the VMware Workstation 7 on a compatible edition of Microsoft Windows (The host OS) and then we can start working. In this tutorial, the Host OS will be a MS Windows 7 x64 Ultimate Edition, but usually, the edition of the Host Windows OS won’t make difference in our task.

Step 2:

after installing the VMware successfully and installing a guest OS on it (in this Tutorial, the OS will be a MS Windows XP SP2) …

Open the VMware Workstation:

image
 

Get sure that the OS is "Powered Off", not sleeping, not any state but "Powered off", this is essential, since we need to make some configuration on the virtual machine, and I don’t think that you agree that it’s a professional practice for anyone to try to repair or modify a real PC without shutting it down first. So if the guest OS is not shutdown, go in and shut it down, and get sure that the virtual machine is Powered off. In the above snapshot, the virtual machine is "Suspended", and this won’t work, I need to power the virtual machine before proceeding. The Virtual Network Editor doesn’t require any guest OS to shutdown, but we need it for the latter steps.

Now, from "Edit" menu, choose "Virtual
Network
Editor", go in and you get:

image
 

Before you get frightened from the next long paragraph, I want to tell you that it contains 99% conceptual ideas, and it’s only for you to understand what you are doing in depth, so just read and don’t skip it, please.

I call this the Virtual Network Editor "The networking control panel". The main idea here is that VMware workstation is providing you with the ability to establish up to 10 networks between the Host OS and the Guest OS, you may ask "why 10 networks, I only need one?", now VMware Workstation targets a wide spectrum of PC users with different skill-levels, and at the top of the spectrum, there are people, who use VMware Workstation for "network" designing. Therefore, they provide it with up to 10 networks between the Host OS and the Guest OS; in our case we are going to use only Network number 0, called "VMnet0". The image shows a "Virtual Network Editor" that’s being lunched for the first time, so it tries to assign IPs for VMnetworks that are configured to the type "NAT" or "Host-only" or set to "Custom". In the next words you are going to try understating the idea behind the three types available for each network I choose to activate, which are: Bridged, NAT, Host-only.

Networking Paradigms in VMware workstation:
    Any network from the 10 networks in here will be enrolled in duty with one of three types, we will use "Bridging Method" so we are not going to explain too much about how to apply the other 2 methods:

Host-only: This is the easiest one for understanding, because it’s just like connecting the guest machine and the host machine with a "virtual cable", so you established a connection between the two computers, and then they can share resources with each other, but this alone, doesn’t give me any internet access even if the host system have got internet access, and the reason is that "Internet Access" is a "Resource" and there is a special mechanism in our Windows 7 and in MS Windows in general to share this resource which is the internet access, and I haven’t applied this mechanism yet. So I can’t get internet directly to the guest OS by making a "Host-only Network" with the Host OS.

NAT (Network Address Translation): is a mechanism for building networks and making them private, and by private we mean isolated from the public domain which is usually the internet, never the less I want to give them the ability to the see the internet, with other words, all the "computers" in my network will see the internet but no one on the internet can see my computer. So, when applying the NAT scheme, I build a LAN, with no ability to see the rest of the world (internet), and I provide the network with one computer (it’s then called a Gateway) which will be the only way for the LAN computers to access the internet, now I connect all of my computers to the Gateway computer, and connect the Gateway computer to the Internet, and now I have control over the accessibility of the other computers to the internet. If I stand at some point in the Internet, and I look toward the LAN I built, I won’t be able to see the LAN computers, because the only way from the internet to my LAN is through the Gateway, all of what I am going to see is the Gateway computer, requesting all the WebPages, music, videos, files to download … but in reality, it’s not the gateway that’s is really requesting all of these, they are the computers behind it, but I can’t see them, so I only see the gateway requesting all the data. This is not all about the NAT, but we aren’t going to discuss this further because it’s not the right context for this, for further info about this (very important aspect) visit Wikipedia, and read about NAT. Regarding our internet access, if we only make a NAT in here, we won’t get direct internet access, because a situation very similar to the resource sharing in the host-only will occur, the situation will be like, we make a "Host-only" network, between the Host machine and the Gateway, and then each virtual machine will connect to the Gateway with a "virtual cable". The difference this time is that the Gateway isn’t actually a virtual machine like the other computers on the LAN, rather a built in piece of software in the VMware Workstation.

Bridged Network: this is the easiest for achieving our goal, which is connecting the Guest OS to the internet. The concept of bridging is very simple, and the word "Bridge" have the same meaning of the real bridge that we construct in our traffic systems. Imagine that I have computer A, that want to access internet, and I have Computer B (could be a router) that provides internet access, now, supposing that both computers have networking interfaces that can connect to each other with cables, all I need to do to get Computer A to have internet access, is to connect Computer A with a cable with computer B. Now bridging comes, if I want to connect Computer C to Computer B through the same cable, and what I do is to connect computer C, to computer A and then tell Computer A to build a "Bridge" between the cable from C to A and the cable from A to B, and now we established a connection from C to B (through A) and we can have internet access on C, and that is exactly what we are going to do. I quoted this useful information from the VMware Workstation Help Documents; I hope it comes in hand:

Bridged Networking

Bridged networking connects a virtual machine to a network by using the host computer’s network adapter. If your host computer is on a network, this is often the easiest way to give your virtual machine access to that network. The virtual network adapter in the virtual machine connects to the physical network adapter in your host computer, allowing it to connect to the LAN the host computer uses.

Bridged networking configures your virtual machine as a unique identity on the network, separate from and unrelated to its host. It makes the virtual machine visible to other computers on the network, and they can communicate directly with the virtual machine. Bridged networking works with both wired and wireless physical host network cards.

Figure 14-1. Bridged Networking Setup


image
 

Now, after this brief objective explanation about the networking methods in VMware, I think we are ready to establish a connection between our host OS and the guest OS so the latter can get internet access from the host. Before we start, you should go and connect to the internet by one of your "high-speed LAN" interface, e.g. Wi-Fi card, Ethernet card … and after you get sure that the host can access the internet you can proceed, but note that if you need to configure your Host OS manually when are connecting it to the internet, you’ll need to configure the guest manually also. In the following steps we are going to make a bridge from the Network Interface in the virtual machine to the Network interface in the host machine, in my case I connect to an ADSL Router using a Wi-Fi card to get internet access. I am going to make a bridge from the virtual machine through the Wi-Fi card to the Router, so it seems like I am connecting the virtual machine to the router.

image

Now, by default, VMnet0 is set for use during bridging. In the image, the "Bridged to" option is set to "Automatic", which means that VMware will automatically choose which NIC(Network Interface Controller) as shown in the figure, according to the connectivity status of the NIC, but I prefer to choose it manually to "Atheros AR5007 802.11b/g WiFi Adapter", before I started making bridging, I connected the "Atheros" Wi-Fi Adapter to the router that is connected to the internet. After clicking "Okay", I assume that we finished the Global
Settings
Part of the operation, and now we need to make configuration to the very guest OS that needs to connect to the internet.

image

Now, first you need to open the settings of the virtual machine, and the first tab that appear is the "Hardware" settings tab, if you can’t see a network
adapter like mine, try to add one by clicking "Add…". Now all you have to do is to set the Network connection to the "Bridged" mode. Actually, we are finished configuring things, and all what we need to do now, is to lunch the Guest OS (Windows XP in our case). I lunched the XP, and I had nothing to do more, XP saw the Router and the Router saw the XP, and then I was able to connect to the internet as easy as possible.

clip_image002 clip_image004

The speed in my case is 1.0 Gbps as show, but actually this isn’t the speed between the XP and the Router, rather, it’s the speed of the "bridge", meaning that it’s the speed of the link between the NIC in XP and the NIC in Windows 7. The Router also gave me an IP
address like if I am connected to the Router by a cable or with Wi-Fi inside the virtual machine.

image

That was all about how to connect to the internet in a guest OS through the host OS, as you could have noticed that it’s more about science than about technology, and that convention always is preserved if technologies refer to the same science, I didn’t read the Help Document before I know how to make the connection, but I know about NATing, and Bridging, so it was enough. I hope you enjoyed the article. Thanx for your care.

Read Full Post »