Open ports over Verizon's 3G?

[lilmul123]

I want to write a simple app that creates a TCP connection between a computer and my Incredible over Verizon's 3G network. I've done some research, and it looks like Verizon blocks many (all?) incoming ports, so I'm not sure if I'll be able to make a connection. Furthermore, I've tested almost all ports on my phone itself, and it seems to be reflected by this. So my question is, would it be possible to create any kind of TCP connection over Verizon's 3G network?

[LtKen]

I'm sure it's possible, but I'm betting it's a ToS violation, considering Verizon blocks most of them.

Find an open port, and write your app. Seems easy enough.

[lilmul123]

I've been using this website to check ports: Open Port Check Tool

I've tried many different ports (higher ports) on my phone, and every single port "times out" which I assume means it cannot be opened.

Do you recommend I should just give it a shot regardless and see what happens?

Edit: Even if I cannot directly connect to the phone over Verizon's network, it should be possible to have a proxy server where the computer and phone connect to it and route the packets that way, correct?

[LtKen]

You could use NMap and scan all of the ports (or at least the lower ports)? It'll take awhile, and some providers consider nmap scans a form of network attack. Just beware.

I'm not surprised any of the higher ports are closed. Likely to prevent exactly what you're trying.

I'm betting that there are only a few ports open on the thing, and they're likely common ports like 80.

[skourg3]

I thought I had heard awhile back about someone running a VNC server from their phone, but I don't know for sure and I don't know if it was done over 3G or just local Wi-Fi. Does the computer need to specifically connect to the phone, or is this something where you could run the server on the PC with the ports open and then connect with a phone client?Because that is certainly possible.

[jkhouw1]

The issue you will face is not a port issue but rather a addressing problem. The cell phones when on Verizon dont have public ip address but rather have NAT'd addresses. It is a simple thing to establish a tcp connection initiated from the phone to a remote pc/server but if you want to go the other way an initiate form the pc to the phone its not going to happen.


i ran into this when building my multiplayer games where I wanted people to be able to play eachother head to head. I ended up having to create a relay server that both parties connect to and it bounces messages back and forth.

[Se7enLC]

The issue you will face is not a port issue but rather a addressing problem. The cell phones when on Verizon dont have public ip address but rather have NAT'd addresses. It is a simple thing to establish a tcp connection initiated from the phone to a remote pc/server but if you want to go the other way an initiate form the pc to the phone its not going to happen.

Not quite. The addresses ARE routable public addresses - not NAT. Verizon just blocks (filters?) all incoming requests. The symptom is similar, though - an address behind a NAT router has the problem of not being able to be addressed directly as well.

The only way to establish a connection is to make the connection from the phone to an external address. Problem comes in when you try to do phone-to-phone, since neither phone will be able to be the one to establish the connection. You would need an intermediary server to route all the traffic, unfortunately.

I discovered these limitations when trying to use an IRC client and SSH server. Neither one will work over 3G, both work fine on wifi.

[gavron]

The issue you will face is not a port issue but rather a addressing problem. The cell phones when on Verizon dont have public ip address but rather have NAT'd addresses. It is a simple thing to establish a tcp connection initiated from the phone to a remote pc/server but if you want to go the other way an initiate form the pc to the phone its not going to happen.

Not quite. The addresses ARE routable public addresses - not NAT. Verizon just blocks (filters?) all incoming requests. The symptom is similar, though - an address behind a NAT router has the problem of not being able to be addressed directly as well.

The only way to establish a connection is to make the connection from the phone to an external address. Problem comes in when you try to do phone-to-phone, since neither phone will be able to be the one to establish the connection. You would need an intermediary server to route all the traffic, unfortunately.

I discovered these limitations when trying to use an IRC client and SSH server. Neither one will work over 3G, both work fine on wifi.

Indeed:

Code:

~# nmap -v -A -PN 97.182.230.95

Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-06 22:37 MST
NSE: Loaded 30 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 22:37
Completed Parallel DNS resolution of 1 host. at 22:37, 0.20s elapsed
Initiating SYN Stealth Scan at 22:37
Scanning 95.sub-97-182-230.myvzw.com (97.182.230.95) [1000 ports]
SYN Stealth Scan Timing: About 15.25% done; ETC: 22:40 (0:02:52 remaining)
SYN Stealth Scan Timing: About 30.20% done; ETC: 22:40 (0:02:21 remaining)
SYN Stealth Scan Timing: About 45.20% done; ETC: 22:40 (0:01:50 remaining)
SYN Stealth Scan Timing: About 60.10% done; ETC: 22:40 (0:01:20 remaining)
SYN Stealth Scan Timing: About 75.05% done; ETC: 22:40 (0:00:50 remaining)
Completed SYN Stealth Scan at 22:40, 201.30s elapsed (1000 total ports)
Initiating Service scan at 22:40
Initiating OS detection (try #1) against 95.sub-97-182-230.myvzw.com (97.182.230.95)
Retrying OS detection (try #2) against 95.sub-97-182-230.myvzw.com (97.182.230.95)
NSE: Script scanning 97.182.230.95.
NSE: Script Scanning completed.
Host 95.sub-97-182-230.myvzw.com (97.182.230.95) is up.
All 1000 scanned ports on 95.sub-97-182-230.myvzw.com (97.182.230.95) are filtered
Too many fingerprints match this host to give specific OS details

Ehud

[brando56894]

Interesting info in this thread, I noticed this problem with the websharing app (allows you to connect to your phone from your pc) while trying it over 3G.

You could use NMap and scan all of the ports (or at least the lower ports)? It'll take awhile, and some providers consider nmap scans a form of network attack. Just beware.

thats why you set the time between scans to very low, send out decoy scans from fake ip addresses and use more scanning techniques (ex. not TCP Connect() )