Application Security Testing: An Integral Part of DevOps
A Multicast-Based Group Conference Application
Development Environment: Visual C++ 6.0 in Windows98/XP
This is multicasting-based groupchat application in which any number of users can join the group and communicate together. It works on any network that will support multicasting. Multicasting is supported by the wired LAN as well as wireless network. However, multicasting is not supported by the Internet.
What is Multicasting?
Before getting into details of GroupTalk, we have to be familiar with the term multicasting. Let us start with unicasting and broadcasting. Unicasting is sending data to a single host. Broadcasting is sending data to all hosts on the network. Multicasting lies in between these two. It is sending data to a group of hosts. This group is identified by the multicast address.
Class A >> 0.0.0.0 - 188.8.131.52 Class B >> 184.108.40.206 - 220.127.116.11 Class C >> 192.0.0.0 - 18.104.22.168 Class D >> 22.214.171.124 - 126.96.36.199 Class E >> 240.0.0.0 - 255.255.255.255
Class D address is called a multicast address. Each group on the network has a unique multicast address associated with it. To create the group, you can choose any address in Class D. It's safer to use any address starting from 188.8.131.52 to 184.108.40.206 because 224.*.*.* are generally used for the router and group management.
Multicasting is quite different from unicasting/broadcasting. However, it internally uses a datagram socket for communication. Whenever one of the members sends any message to the group, it will be automatically forwarded to all the members of that group. The important point to be noted here is that you can send a message to any group without joining the group. But, in order to receive messages from the group, you have to join that group.
CAsyncSocket send; SOCKADDR_IN hgroup; ip_mreq mreq; int groupport=4000; char strgroup[ ]="220.127.116.11"; // Group Address // Create datagram socket for receiving group messages Create(groupport,SOCK_DGRAM, FD_READ); // Set up the multicast group structure... memset(&mreq,0,sizeof(ip_mreq)); mreq.imr_multiaddr.s_addr = inet_addr(strgroup); /* group addr */ mreq.imr_interface.s_addr = htons(INADDR_ANY); /* use default */ // Join the group..!!! etsockopt(m_hSocket, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char far *)&mreq,sizeof(mreq)); // Create datagram socket...for sending message to group // Set up structure.... memset(&hgroup, 0, sizeof(hgroup)); hgroup.sin_family = AF_INET; hgroup.sin_addr.s_addr = inet_addr(strgroup); // Group Address hgroup.sin_port = htons((USHORT)groupport); // Group Port // Create datagram socket send.Create(0, SOCK_DGRAM, 0); // Send the message to group ... SendTo(mesg,length,(SOCKADDR*)&hgroup,sizeof(SOCKADDR),0); // Receive message from the group... ReceiveFrom (buffer, 2000, senderip, senderport); // Finally, to leave the group.... setsockopt(m_hSocket, IPPROTO_IP, IP_DROP_MEMBERSHIP, (char far *)&mreq , sizeof(mreq) ) ;
Because each multicast address represents a group, all hosts who want to communicate together must use the same group address. In the same way, you can use a different multicast address to create a different group.
To implement a group conference, you can use any simple (your own!) protocol and suitable message format. I am using a simple message format.
Type: 5 bytes (JOIN, LEAVE, and so forth terminated with :)
Username: Rest of the bytes
- General Message
Type: 5 bytes (MESG:)
Username: 15 bytes (username terminated with 0)
Length: 5 bytes
Data: Rest of bytes....
As soon as a member joins or leaves the group, a JOIN or LEVE packet is sent to the group so that all the members can keep track of active members.
Running the Application
To test a multicasting-based application, you must be on the multicast enabled network. Conventional LAN and wireless networks support multicasting. You cannot test this application on the single host. To test this application, just run the grouptalk.exe file.
In addition to a group conference application, GroupTalk also demonstrates several useful concepts, such as displaying an icon in the system tray (similar to Yahoo! Messenger), building a customized edit control for trapping an ENTER key event, and running the application at Startup through Registry functions.
For any queries and suggestions, just drop me an e-mail at email@example.com.