Remote Desktop With Windows

[NegativeSpace]

I'm pretty new to learning networking, and starting now with basic Windows stuff, namely with Remote Desktop Connection. I haven't been able to get it working on my local network, with XP SP3 machine as host and WIN7 machine as client. I've read all of the forum posts containing the words "remote desktop". It seems that most people prefer third party software over Windows remote desktop, and I probably will too whenever I start to use remote access for something other than teaching myself, but for now I just want to use the built in Windows tool so that I can learn the concept of how it works and so I will know how if I ever actually need it.

I've had a couple problems so far. First, I don't fully understand how Windows' remote desktop software knows how to 'find' the computer I want to connect to over the internet (actually just over my LAN for now). All the machines in my house have their local IP addresses and their names, but I know that their IP addresses are not unique, since I have seen the same numbers on many other computers all over the place. I also know that when I use a website to look up my own IP address from all the different machines in my house, they are all reported to me as having the same IP address, so maybe you can see how I am a little confused. Am I right in assuming that, conceptually, 'connections' come to my local networks IP address, and are then sent to the correct local machines by the router (which does so by knowing the local IP of the machine that originally sent the request)?

OK getting off topic, sorry. Anyway, when I open Remote Desktop Connection software, and it asks me to enter the name of the remote computer, and I do, what does the software do then? Can I even use remote desktop over my local network? Basically, I guess I just need help understanding the overall process of RDP and where the magic smoke comes from.

So, is anyone up to the challenge?

[G-Stress]

When you are using a website to determine your IP address, your seeing your public IP address. Your router issues your local network private IP address typically with a class C subnet 192.168.1.x/24.

As far as using RDP over your lan, it's quite simple. In XP right click my computer, goto remote and enable it there. Also goto control panel, network settings, firewall settings and add the exception port 3389 if it doesn't add it when you enable it.

On your XP host open a command prompt "Start, run, cmd /k ipconfig" see what the IP is for the XP host, then head over to your win7 client and enter that ip in the RDP connection and you should be fine.

If you have any 3rd. party firewalls, internet security also make sure port 3389 is allowed/open in them as well. Another useful tool is canyouseeme.org to test if your ports are open.

Hope that helps.

[mux]

I've had a couple problems so far. First, I don't fully understand how Windows' remote desktop software knows how to 'find' the computer I want to connect to over the internet (actually just over my LAN for now).

Right. You start off by finding the IP address of the station you are trying to remote into. In this case, I am assuming it is the XP SP3 from the way you worded things. You then need to know the port on which the terminal service (Remote Desktop) is running on. By default it is port 3389. On the more theoretical side of things...Your computer will then issue a broadcast to your network looking for the IP address with the open port you specified. If it finds the target IP address and the packet isn't filtered or dropped by the firewall or a closed port, the 3-way-handshake is initiated and your connection is established.

All the machines in my house have their local IP addresses and their names, but I know that their IP addresses are not unique, since I have seen the same numbers on many other computers all over the place. I also know that when I use a website to look up my own IP address from all the different machines in my house, they are all reported to me as having the same IP address, so maybe you can see how I am a little confused. Am I right in assuming that, conceptually, 'connections' come to my local networks IP address, and are then sent to the correct local machines by the router (which does so by knowing the local IP of the machine that originally sent the request)?

Let's slow down here for one second. Do you have a router running a DHCP service? If you don't know, I explain an easy way to check in a few sentences. If does in fact have a DHCP pool to pull from, your router should be handing out different local IP addresses within the subnet specified in router settings. Now, you mentioned that you went to a website to find your IP address on all the different workstations in your house. I am assuming you are using something like IP Chicken. If so, that is your WAN interface's IP address (The line going from your modem/router to your ISP), not that workstation's LAN IP address which is what you need to figure out first before anything else. To do this, goto Start -> Run -> Type in cmd -> In the command prompt issue an "ipconfig" command in the prompt. This will display the IP address of the LAN or WLAN interface(s) as well as some other information. If they are different between the workstations, then your router has a DHCP service running. Also do yourself a favor and try to ping different workstations on your network to make sure they are talking to each other.

OK getting off topic, sorry. Anyway, when I open Remote Desktop Connection software, and it asks me to enter the name of the remote computer, and I do, what does the software do then? Can I even use remote desktop over my local network? Basically, I guess I just need help understanding the overall process of RDP and where the magic smoke comes from.

I am just going to assume that "name of the remote computer"=hostname of the computer? If so, chances are using this to identify other workstations on your network won't work. This is because you need a DNS server to resolve those names for you. I'm going to go out on a limb and guess you don't have a DNS server implemented on your network. The safe route is to just use the local IP address instead of the hostname(s). Which leads me into my next point. Yes, you can use RDP locally and no, there is not magic smoke.

If for whatever reason you are 99% sure you have everything setup properly after reading this and it still isn't working, use the magical feature in Windows; Turn the firewall off and try. If it works after that, great. Read up on how to allow ports on the Windows firewall or get a 3rd party firewall all together.

[Infiltrator]

Generally speaking, you can use remote desktop from anywhere you please, from over your LAN (local area network) or even from over the internet. Configuring a standard Windows XP box to receive remote desktop connections is very easy.

By the default, any Windows XP machine will only allow one remote connection at the time. In order to enable remote desktop support to a XP machine you will need to do the following:

1) Right click on my computer, go to properties under the "remote tab" select the second option remote desktop "Allow users to connect remotely to this computer"

2) If you have more than one user account set up in your XP machine, you will need to click on the "Select Remote Users" button a dialog box will pop up, in there you will need to enter a designated user account, unless you use an Administrator account which by default is already a member of the "Remote Desktop Users" group.

3) By default Windows Remote Desktop operates on port 3389, you will also need to ensure this port is enabled/allowed in the Windows Firewall exception list, or otherwise any incoming remote desktop connection destined to this machine will be denied.

4) To access this machine remotely from within your LAN, you can go to Start->Run and then type MSTSC at the dialog box and press enter. You should receive a small remote desktop dialog box prompting you to enter the IP address or the hostname of the remote computer you are trying to access.

5) You should by now be presented with a logon screen of your remote computer, be advised that by design if your administrator account or any user account does not have a password set, it won't allow you remotely login, until you have created a password.

6) Now accessing your computer remotely from over the internet, is the same as you would do on your local LAN. But in order to successfully log into your computer, from over the internet, you will need to log into your modem/router and set up a forward port 3389 and specify the IP address of the computer you are trying to access. If you forget to do this step, you won't be able to access the computer from over the internet.

7) Now for security reasons, Windows Remote Desktop is not considered a very secure option, that's why users in other forums or on some internet websites recommends you to use a third party software like TeamViewer.

Hope this helps, let me know if you need any assistance.

Edited January 29, 2011 by Infiltrator

[NegativeSpace]

When you are using a website to determine your IP address, your seeing your public IP address. Your router issues your local network private IP address typically with a class C subnet 192.168.1.x/24.

As far as using RDP over your lan, it's quite simple. In XP right click my computer, goto remote and enable it there. Also goto control panel, network settings, firewall settings and add the exception port 3389 if it doesn't add it when you enable it.

On your XP host open a command prompt "Start, run, cmd /k ipconfig" see what the IP is for the XP host, then head over to your win7 client and enter that ip in the RDP connection and you should be fine.

If you have any 3rd. party firewalls, internet security also make sure port 3389 is allowed/open in them as well. Another useful tool is canyouseeme.org to test if your ports are open.

Hope that helps.

So if I wanted to use RDP over internet from friends house, what number would I need to use? Surely I cant use the IP that my DHCP server issues me? I assume I have to use my public IP?

I actually already tried all of those instructions that you gave, and thanks for that, but none of that worked for me. The only indication to what the problem may be is the fact that canyouseeme consistently reports connection timeout, not just on 3389, but on port 80 and any other port that I try. It does the same on 3 other machines in my house.

I'm still unable to connect with Remote Desktop, with either machine as host or as client, in addition to all of my other local machines as client or server. I've tried disabling this antivirus software that I use completely, and as far as I can tell, port 3389 is open to all traffic on both machines. When I try to use the WIN7 machine as the client, it asks for a url and wants a sub domain of https://, after which I am entering the local IP address of the xp host, but I am not sure if that is correct, and I also don't understand why WIN7 asks for sub domain as well as the host IP, but XP only asks for the hosts name (for which I enter the WIN7 machines local IP) What am I missing?

Also, what is a class C subnet? That's one of those things I have heard a hundred times but haven't learned the meaning of yet.

[mux]

So if I wanted to use RDP over internet from friends house, what number would I need to use? Surely I cant use the IP that my DHCP server issues me? I assume I have to use my public IP?

You would need to port forward the RDP port on your router. You would then connect using your WAN interface's IP address (http://www.ipchicken.com).

I actually already tried all of those instructions that you gave, and thanks for that, but none of that worked for me. The only indication to what the problem may be is the fact that canyouseeme consistently reports connection timeout, not just on 3389, but on port 80 and any other port that I try. It does the same on 3 other machines in my house.

Canyousee will not find a port open on 3389 unless you are port forwarding it on your router or your machine is in a DMZ.

I'm still unable to connect with Remote Desktop, with either machine as host or as client, in addition to all of my other local machines as client or server. I've tried disabling this antivirus software that I use completely, and as far as I can tell, port 3389 is open to all traffic on both machines. When I try to use the WIN7 machine as the client, it asks for a url and wants a sub domain of https://, after which I am entering the local IP address of the xp host, but I am not sure if that is correct, and I also don't understand why WIN7 asks for sub domain as well as the host IP, but XP only asks for the hosts name (for which I enter the WIN7 machines local IP) What am I missing?

Can you ping the XP machine from the Win7 machine and vice versa? If not, there is a networking issue.

Also, what is a class C subnet? That's one of those things I have heard a hundred times but haven't learned the meaning of yet.

For the sake of saving myself and you a lot of typing and reading, I will provide a simple list:

Class A: 10.0.0.0 netmask 255.0.0.0

Class B: 172.16.0.0 netmask 255.255.0.0

Class C: 192.168.0.0 netmask 255.255.255.0

Now, you're probably asking what the difference between a Class B and Class C is besides the first two numbers are, or octets as they are more commonly called. Subnets are a range of IP addresses defined by a subnet mask or netmask for short. If you want to learn more about subnets and networking in general, I highly recommend you take the time to read and study up a little bit more. Understanding subnetting is pretty much the big learning curve you need to get over as a beginner to networking. If you understand how to subnet properly, everything else falls into place when learning a lot of other networking theory and practices.

Edited January 29, 2011 by mux

[Infiltrator]

So if I wanted to use RDP over internet from friends house, what number would I need to use? Surely I cant use the IP that my DHCP server issues me? I assume I have to use my public IP?

I actually already tried all of those instructions that you gave, and thanks for that, but none of that worked for me. The only indication to what the problem may be is the fact that canyouseeme consistently reports connection timeout, not just on 3389, but on port 80 and any other port that I try. It does the same on 3 other machines in my house.

I'm still unable to connect with Remote Desktop, with either machine as host or as client, in addition to all of my other local machines as client or server. I've tried disabling this antivirus software that I use completely, and as far as I can tell, port 3389 is open to all traffic on both machines. When I try to use the WIN7 machine as the client, it asks for a url and wants a sub domain of https://, after which I am entering the local IP address of the xp host, but I am not sure if that is correct, and I also don't understand why WIN7 asks for sub domain as well as the host IP, but XP only asks for the hosts name (for which I enter the WIN7 machines local IP) What am I missing?

Also, what is a class C subnet? That's one of those things I have heard a hundred times but haven't learned the meaning of yet.

A few things you need to get right, the port you need to forward on your router which is 3389 and the ip address of the machine you are trying to access, NOT the public IP address but the private IP address, which should be one of the following.

Class A: 10.0.0.0 netmask 255.0.0.0

Class B: 172.16.0.0 netmask 255.255.0.0

Class C: 192.168.0.0 netmask 255.255.255.0

If you are not sure, go to Start->Run and type CMD, at the DOS prompt type IPCONFIG, that should return a private ip address.

Once you have done the above, head over to ipchicken.com and write down your public ip address, with this IP address you will be able to connect your target machine.

[G-Stress]

@ NegativeSpace,

What's the make and model of your router and modem and who is your ISP? That will help out alot. Another thing you could try is on the XP host open a command prompt and type netstat -an > netstat.txt

Whatever directory your prompt is set to open from e.g. "C:\Users\USERNAME>" where USERNAME is the user account your currently logged in as, there will be a txt document created with all current and listening connections. If you can't find the newly created netstat.txt document do a windows search, it should turn up quick.

Open the document and browse for ports in the "Listening" state and look for 3389. Make sure it's Listening. If your comfortable working with the cli you should definitely check out nmap. It's a port scanner and there is also a version with a gui avail I believe. Namp along with canyouseeme.org has helped me many times to make sure I can reach a host from outside in.

I'm not sure why your being asked for a subdomain, if you can post a screen shot of that. Also on your XP host if you have multiple user accounts log off and leave the host at the welcome screen/login screen and then try to establish an rdp session.

Based off what your saying though it sounds to me like you have a 3rd. party security suite installed that's dropping the connection. Mcaffee and Norton both if I remember right will do this unless allowed manually.

[NegativeSpace]

Right. You start off by finding the IP address of the station you are trying to remote into. In this case, I am assuming it is the XP SP3 from the way you worded things. You then need to know the port on which the terminal service (Remote Desktop) is running on. By default it is port 3389. On the more theoretical side of things...Your computer will then issue a broadcast to your network looking for the IP address with the open port you specified. If it finds the target IP address and the packet isn't filtered or dropped by the firewall or a closed port, the 3-way-handshake is initiated and your connection is established.

Let's slow down here for one second. Do you have a router running a DHCP service? If you don't know, I explain an easy way to check in a few sentences. If does in fact have a DHCP pool to pull from, your router should be handing out different local IP addresses within the subnet specified in router settings. Now, you mentioned that you went to a website to find your IP address on all the different workstations in your house. I am assuming you are using something like IP Chicken. If so, that is your WAN interface's IP address (The line going from your modem/router to your ISP), not that workstation's LAN IP address which is what you need to figure out first before anything else. To do this, goto Start -> Run -> Type in cmd -> In the command prompt issue an "ipconfig" command in the prompt. This will display the IP address of the LAN or WLAN interface(s) as well as some other information. If they are different between the workstations, then your router has a DHCP service running. Also do yourself a favor and try to ping different workstations on your network to make sure they are talking to each other.

I am just going to assume that "name of the remote computer"=hostname of the computer? If so, chances are using this to identify other workstations on your network won't work. This is because you need a DNS server to resolve those names for you. I'm going to go out on a limb and guess you don't have a DNS server implemented on your network. The safe route is to just use the local IP address instead of the hostname(s). Which leads me into my next point. Yes, you can use RDP locally and no, there is not magic smoke.

If for whatever reason you are 99% sure you have everything setup properly after reading this and it still isn't working, use the magical feature in Windows; Turn the firewall off and try. If it works after that, great. Read up on how to allow ports on the Windows firewall or get a 3rd party firewall all together.

The XP machine is the host in this case. I am not sure weather or not the terminal service is running on 3389, but I don't remember having changed it from 3389, so no reason to believe it's on another port. It seems that the Windows RDP software gets as far as to issue a broadcast, but does not go farther than that. I am getting consistent 100% packet reception over my LAN according to tests I've done, and very high percentage over internet from a server 250 miles away (don't know if those are relevant here). I haven't tried completely disabling the firewalls yet, but I'll do that in a few minutes. As far as the port being closed... I have done what I can think of to make sure 3389 is open on both machines, going as far as to delete the rule from firewall policy and recreating it. I used canyouseeme but I think we have figured out that it wouldn't work unless port forwarding is turned on (which I don't understand or know how to do yet).

I do in fact have DHCP running and never had any problems with the configuration I have on there. Hadn't thought of pinging to confirm communication, though I already know they play together from sharing files and such between them most days. To be sure I pinged each machine from each machine, all normal.

I have to specify here, that when I try to use the XP machine as the client, (I tried this after I couldn't get the WIN7 machine to work as the client) Windows Remote Desktop Connection software literally says "Enter the name of the remote computer" with no other explanation of what it wants me to tell it. Just to be clear, I want to use the WIN7 machine as the client, and in it's case, the Windows RDP client software asks for "Connection URL" when I try to establish an RDP session. I do of course know the name that I gave the XP computer, but what the hell good is that, considering it could very well be named HP or Dell or whatever, just as a hundred million other computers connected to the internet are named, in which case how could Windows possibly know where to connect to?

Edited January 29, 2011 by NegativeSpace

[mux]

The XP machine is the host in this case. I am not sure weather or not the terminal service is running on 3389, but I don't remember having changed it from 3389, so no reason to believe it's on another port. It seems that the Windows RDP software gets as far as to issue a broadcast, but does not go farther than that. I am getting consistent 100% packet reception over my LAN according to tests I've done, and very high percentage over internet from a server 250 miles away (don't know if those are relevant here). I haven't tried completely disabling the firewalls yet, but I'll do that in a few minutes. As far as the port being closed... I have done what I can think of to make sure 3389 is open on both machines, going as far as to delete the rule from firewall policy and recreating it. I used canyouseeme but I think we have figured out that it wouldn't work unless port forwarding is turned on (which I don't understand or know how to do yet).

I do in fact have DHCP running and never had any problems with the configuration I have on there. Hadn't thought of pinging to confirm communication, though I already know they play together from sharing files and such between them most days. To be sure I pinged each machine from each machine, all normal.

I have to specify here, that when I try to use the XP machine as the client, (I tried this after I couldn't get the WIN7 machine to work as the client) Windows Remote Desktop Connection software literally says "Enter the name of the remote computer" with no other explanation of what it wants me to tell it. Just to be clear, I want to use the WIN7 machine as the client, and in it's case, the Windows RDP client software asks for "Connection URL" when I try to establish an RDP session. I do of course know the name that I gave the XP computer, but what the hell good is that, considering it could very well be named HP or Dell or whatever, just as a hundred million other computers connected to the internet are named, in which case how could Windows possibly know where to connect to?

Ok, let's backup for a minute. When you goto Start -> Right click "My Computer" -> Properties -> Remote tab. Is the following check box checked?:

If it is, have you tried restarting the XP machine yet? If so, does your Microsoft Terminal Service Client (MSTSC) look like this?:

(You can get all these extra options by clicking the "Options >>" button)

Obviously, replace the IP address with the IP address of the Windows XP client you are trying to remote into. You don't necessarily need to enter the username and password at this point as Windows remote service will generally ask you for your login credentials the minute you remote in. You shouldn't have to worry about the domain name unless you have a domain controller (DC) setup on your network somewhere. Just leave it blank. If this is your home network and you don't know whether you have a DC or not, I would say you probably don't have one. You honestly should not have to be entering a domain name or host name anywhere.

If you're still having issues after this and the machines can ping each other via their LAN IP addresses, then it sounds like a possible firewall issue.

Edited January 29, 2011 by mux

[NegativeSpace]

You would need to port forward the RDP port on your router. You would then connect using your WAN interface's IP address (http://www.ipchicken.com).

Canyousee will not find a port open on 3389 unless you are port forwarding it on your router or your machine is in a DMZ.

Can you ping the XP machine from the Win7 machine and vice versa? If not, there is a networking issue.

For the sake of saving myself and you a lot of typing and reading, I will provide a simple list:

Class A: 10.0.0.0 netmask 255.0.0.0

Class B: 172.16.0.0 netmask 255.255.0.0

Class C: 192.168.0.0 netmask 255.255.255.0

Now, you're probably asking what the difference between a Class B and Class C is besides the first two numbers are, or octets as they are more commonly called. Subnets are a range of IP addresses defined by a subnet mask or netmask for short. If you want to learn more about subnets and networking in general, I highly recommend you take the time to read and study up a little bit more. Understanding subnetting is pretty much the big learning curve you need to get over as a beginner to networking. If you understand how to subnet properly, everything else falls into place when learning a lot of other networking theory and practices.

port forwarding is something I've heard a lot about over the years and on the HAK5 episodes, and that's one of the things I want to learn about soon. For now, I am curious of it's basic concept. When I want to forward a port, what interface/software would I use? Where am I forwarding the port to? What are the most common things port forwarding is used to accomplish?

Well, that explains why canyouseeme didn't find my port open, since I don't have port forwarding, um, running, and I don't use DMZ for any of my own machines.

Ping is successful on every combination of machines in my house.

I do quite a bit of reading about networking, but the problem with that lies in using the internet to do so. There aren't a whole lot of resources out there that I've been able to find called "Read this if you want to learn networking, and if you are not an 82 year old illiterate non human primate", if you get my meaning. I am a conceptual learner, and so I have to understand how and why to really get it, but that affords me a more adaptable and powerful kind of understanding of the things I learn, so it seems like learning about subnet is a good thing to spend learning about.

[mux]

port forwarding is something I've heard a lot about over the years and on the HAK5 episodes, and that's one of the things I want to learn about soon. For now, I am curious of it's basic concept. When I want to forward a port, what interface/software would I use? Where am I forwarding the port to? What are the most common things port forwarding is used to accomplish?

Well, that explains why canyouseeme didn't find my port open, since I don't have port forwarding, um, running, and I don't use DMZ for any of my own machines.

In order to understand port forwarding a little better, let's approach the local and external levels of it. Essentially the basics generally work like this. Mind you, this is a really slimmed down, physically exhausted explanation of how it actually works: When you are running a service (Let's use Remote Desktop Protocol - RDP - since we're already on the topic) you generally have a local port attached to that service. Our computer running this service will differentiate packets inbound to our service instead of other services that may be running (Web server, FTP, POP3, etc) via the destination port. In this case the default for RDP is port 3389. Let's give our computer a local IP address of 192.168.0.5 so we can differentiate later on. So far we have determined that any packets inbound to our local IP address 192.168.0.5 with a destination port of 3389 is going to communicate with the RDP service it is running. Let's give this setup two practical examples now.

You wish to connect to our XP workstation remotely using the remote service we setup using our Windows 7 machine that has an IP address of 192.168.0.3. We know that the XP machine is at the IP address of 192.168.0.5 and is using the default port of 3389. Using this information, we can now use the MSTSC to remotely connect to our Windows XP machine from our Windows 7 machine. Once we input the destination IP address (XP machine in this case), we click "connect". At this point what happens behind the scenes is your Windows 7 machine sends out a broadcast asking where 192.168.0.5 is and since this is our local network (and the demotext gods are nicer peoples than our demofail gods), our router knows the exact location and MAC address of our Win7 machine's packet. Once our packet is routed from the Win7 box to the XP box, the XP box now determines what the destination port is, whether that port is open or closed, and what to do with it (Think firewall and determining whether to accept, reject, or drop the packet). Since this is an unlikely perfect scenario, our XP box decides to accept the box and forward it to our remote service at our open port 3389. The XP box now sends an established packet back to our Win7.

Please note that this is a really rough outline of how it actually works. This is just an overview of the basic concepts.

Let's look at it from an internet/remote network view now. Since these are civilized times and technology is cheaper, lets assume we 100% for sure have a home router in our topology now. Our connection to the internet goes something like this:

Win7 Box (Local IP address: 192.168.1.10) - Router (Public IP address: 77.77.77.77 - Internet - Inbound Firewall - Router (Public IP address: 66.66.66.66) - Outbound Firewall - XP Box (Local IP address: 192.168.0.5)

Now, in this example you can see we have two firewalls. Both of these firewalls are actually 2 seperate rulesets in a single router, but let's imagine them being separate for now (Realistically, they are to packets).

Same scenario as before except this time our Win7 box is using our public IP address (66.66.66.66 in this example) and our public port for our remote service is going to be 55555 to establish a remote desktop with our XP box. The public port can literally be anything outside of 1-1024 (or is it 1023?). This time the Win7 sends a broadcast request to it's router requesting where to find the IP address of 66.66.66.66 . This time, the local home router has no idea where the IP address of 66.66.66.66 is since it is not on our Win7's 192.168.1.0 subnet. However, it does know to send any unknown destination packets out to it's ISP's routers. Real magic happens accross the internet and the packet to establish a remote desktop with 66.66.66.66 is finally routed to our XP box's home router. Since we are good network administrators and expected traffic to be coming to our router from external sources (inbound), our inbound firewall accepts traffic on port 55555. Since we are really good administrators we remembered to port forward any traffic destined for port 55555 locally to port 3389 at our XP box's IP address 192.168.0.5 (We're awesome, aren't we?). The remainder is pretty much the same idea as above.

As I said before, that is a really brief outline of what is actually happening behind the scenes. it should give you a decent idea if you understand our internet/remote network topology. Make sure you read it starting from left (XP Box) to right (Win7 box) or vice versa. Also be creative and imagine the hyphen's as 2 way streets for inbound and outbound network traffic. :)

Ping is successful on every combination of machines in my house.

Out of curiosity, what is the exact command you are putting in command prompt? ie; ping x.x.x.x Where x's represent the IP address octets

I do quite a bit of reading about networking, but the problem with that lies in using the internet to do so. There aren't a whole lot of resources out there that I've been able to find called "Read this if you want to learn networking, and if you are not an 82 year old illiterate non human primate", if you get my meaning. I am a conceptual learner, and so I have to understand how and why to really get it, but that affords me a more adaptable and powerful kind of understanding of the things I learn, so it seems like learning about subnet is a good thing to spend learning about.

Honestly, I don't think most normal people look at subnetting their first time and only time and think to themselves, "Oh. Yeah, that makes complete since." Subnetting was pretty much like learning about something I hated. Then it literally just clicked and THEN I was like, "Oh. Yeah, that makes complete since. Man was I being dumb." Truly understanding how to subnet is a major building block on understanding networking in general. It's not the key to everything, but it's definitely a nice shim to have in your lockpicking set. Alright, that was a terrible analogy. I'll just go in my corner and hypothetically subnet an IP range for 10,000,000 clients.

Edited January 29, 2011 by mux

[digip]

Assuming the services are started that need to be running(under default installs should be fine unless you turn something off).

On the XP Machine:

Right click my computer> properties > go to the remote settings. Make sure allow remote connections is checked, don't need to add any users at this point.

Open a cmd prompt and type ipconfig, get the IP Address.

In the machine you want to connect from, be it XP, Vista, 7, etc, open the run prompt and type mstsc and it will bring up the RDP/Terminal Service client. Enter the IP address and hit enter. If the other machine is online and not blocking access via firewall or RDP settings, you should get prompted to enter the user name and password. Enter your details and you should be logged in.

If you are doing this from the internet, 1, you need your WAN address, or internet facing IP which you get get from ipchicken.com. Then 2, you need to port forward port 3389 on your router, to the internal LAN IP of the machine hosting the RDP session. Then do the same mstsc process on the client end, only this time use the WAN IP address to connect to the RDP machine. (Some ISP's block income port 3389, so RDP doesn't always work over the internet to home users, but should work when connecting to servers online that have Terminal Services running outside the ISP's network)

For LAN connections RDP is perfect for most needs. For over the internet, personally I would not suggest RDP or even Terminal Services. Use something more secure, and also, something that won't need port forwarding on a router or ports opened on the firewall. TeamViewer is both free and secure, and won't require you to configure your router or firewall to work. They also have a portable ZIP file version that doesn't need to be installed and can be carried on a thumb drive for both end users using the same program (all in one client and server).

Edited January 29, 2011 by digip

[Infiltrator]

Assuming the services are started that need to be running(under default installs should be fine unless you turn something off).

On the XP Machine:

Right click my computer> properties > go to the remote settings. Make sure allow remote connections is checked, don't need to add any users at this point.

Open a cmd prompt and type ipconfig, get the IP Address.

In the machine you want to connect from, be it XP, Vista, 7, etc, open the run prompt and type mstsc and it will bring up the RDP/Terminal Service client. Enter the IP address and hit enter. If the other machine is online and not blocking access via firewall or RDP settings, you should get prompted to enter the user name and password. Enter your details and you should be logged in.

If you are doing this from the internet, 1, you need your WAN address, or internet facing IP which you get get from ipchicken.com. Then 2, you need to port forward port 3389 on your router, to the internal LAN IP of the machine hosting the RDP session. Then do the same mstsc process on the client end, only this time use the WAN IP address to connect to the RDP machine. (Some ISP's block income port 3389, so RDP doesn't always work over the internet to home users, but should work when connecting to servers online that have Terminal Services running outside the ISP's network)

For LAN connections RDP is perfect for most needs. For over the internet, personally I would not suggest RDP or even Terminal Services. Use something more secure, and also, something that won't need port forwarding on a router or ports opened on the firewall. TeamViewer is both free and secure, and won't require you to configure your router or firewall to work. They also have a portable ZIP file version that doesn't need to be installed and can be carried on a thumb drive for both end users using the same program (all in one client and server).

I think I already went over that, but it didn't make much difference.

Edited January 30, 2011 by Infiltrator

[digip]

I think I already went over that, but it didn't make much difference.

I skimmed the posts, looked more like people were talking about networking, dhcp and class addresses. I totally missed your post, it was pretty much just what I said though. Great minds think alike I guess.

[Infiltrator]

I skimmed the posts, looked more like people were talking about networking, dhcp and class addresses. I totally missed your post, it was pretty much just what I said though. Great minds think alike I guess.

Yes in deed, they do think alike.

[NegativeSpace]

I finally got an RDP session to work, with WIN7 machine as client and XP as host. It sort of bothers me though, because I don't know what changed and allowed it to work. I also learned something useful, or not useful, about the Home version WIN7, and that is that it can not be an RDP host, at least not using Windows software. In my own defense, when I looked in the control panel to enable that machine to host RDP, it said nothing about needing Professional or Ultimate WIN7 to use the machine as host. So anyway, now I'm able to use RDP on my home network, and the next thing is to learn how to use it over internet. I guess I need to learn what port forwarding is, what its used for, and it's specific application in this case, and how to do it. Anyone have any good resources or instructions for me?

[Infiltrator]

I finally got an RDP session to work, with WIN7 machine as client and XP as host. It sort of bothers me though, because I don't know what changed and allowed it to work. I also learned something useful, or not useful, about the Home version WIN7, and that is that it can not be an RDP host, at least not using Windows software. In my own defense, when I looked in the control panel to enable that machine to host RDP, it said nothing about needing Professional or Ultimate WIN7 to use the machine as host. So anyway, now I'm able to use RDP on my home network, and the next thing is to learn how to use it over internet. I guess I need to learn what port forwarding is, what its used for, and it's specific application in this case, and how to do it. Anyone have any good resources or instructions for me?

What make/model is your router? If you can tell me that, I can walk you through the process.

[NegativeSpace]

What make/model is your router? If you can tell me that, I can walk you through the process.

It's a WRT54G, latest firmware, everything standard.

[G-Stress]

Ahhh, the WRT54G series... my favorite model:)

Assuming everything is set default on the router.

1. Open your web browser and point it to http://192.168.1.1

2. Enter credentials to login should be username=blank password=admin

3. Once logged in navigate to Applications and Gaming

4. Make sure your on the port range forward tab

5. Enter a name for the port forward in the application box e.g. (RDP)

6. Enter 3389 in the Start and End.

7. Change protocol to TCP

8. Enter the host IP in the specified box.

9. Put a check in the box to enable to forward.

10. Save your settings.

11. Before you even try I would check on the host with canyouseeme.org and see if it shows open.

12. Goto ipchicken.com and record your public IP address.

Now you can leave home and attempt to connect back. Basically what happens is you attempt to establish a RDP session via your public IP address. Your wrt54g is nicely routing your packets where they need to be routed. It see's the incoming connection request for an RDP session and being you enabled a rule that if anyone try's to connect to your public IP using RDP go ahead and send that request over to the XP host, he'll gladly except your invite ;) Make sense?

I posted all that and I should have just posted this link: http://portforward.com/english/routers/port_forwarding/Linksys/WRT54G/

Also guys being that I'm running dd-wrt on both my wrt54g series I had to lookup the stock linksys gui to see where he needed to go to forward the port. Been awhile, but doing so I found this:

https://secure.portforward.com/store/pfconfig.cgi

http://portforward.com/help/portcheck.htm

[NegativeSpace]

Ahhh, the WRT54G series... my favorite model:)

Assuming everything is set default on the router.

1. Open your web browser and point it to http://192.168.1.1

2. Enter credentials to login should be username=blank password=admin

3. Once logged in navigate to Applications and Gaming

4. Make sure your on the port range forward tab

5. Enter a name for the port forward in the application box e.g. (RDP)

6. Enter 3389 in the Start and End.

7. Change protocol to TCP

8. Enter the host IP in the specified box.

9. Put a check in the box to enable to forward.

10. Save your settings.

11. Before you even try I would check on the host with canyouseeme.org and see if it shows open.

12. Goto ipchicken.com and record your public IP address.

Now you can leave home and attempt to connect back. Basically what happens is you attempt to establish a RDP session via your public IP address. Your wrt54g is nicely routing your packets where they need to be routed. It see's the incoming connection request for an RDP session and being you enabled a rule that if anyone try's to connect to your public IP using RDP go ahead and send that request over to the XP host, he'll gladly except your invite ;) Make sense?

I posted all that and I should have just posted this link: http://portforward.com/english/routers/port_forwarding/Linksys/WRT54G/

Also guys being that I'm running dd-wrt on both my wrt54g series I had to lookup the stock linksys gui to see where he needed to go to forward the port. Been awhile, but doing so I found this:

https://secure.portforward.com/store/pfconfig.cgi

http://portforward.com/help/portcheck.htm

Well that makes perfect sense. I'm pretty sure I understand what port forwarding is and what it does now. I'm about to set it up on my router, but it will be a couple days before I can get somewhere to test internet RDP. Now I find myself wondering how this can possibly be secure, unless I can tell Windows to only allow port 3389 to pass through RDP requests (which is basically useless for security, considering the nature of RDP), or unless I can tell Windows to allow my local user account to connect. Even though my Windows user account password is over 15 characters, it still seems very reasonable to think that certain software and/or techniques would make it fairly simple for someone to open an RDP session with my XP host, then all bets are pretty much off in that case. After I'm confident that I fully understand Windows RDP, I think I should find some more versatile and more secure RDP software, something that I don't have to upgrade my OS to use (since such is the case with Windows 7 Home Premium). Any suggestions on that front? I don't think I have any interest in paying for RDP software since the only machine I will probably ever want to host with already has Windows RDP host software.

[Infiltrator]

Well that makes perfect sense. I'm pretty sure I understand what port forwarding is and what it does now. I'm about to set it up on my router, but it will be a couple days before I can get somewhere to test internet RDP. Now I find myself wondering how this can possibly be secure, unless I can tell Windows to only allow port 3389 to pass through RDP requests (which is basically useless for security, considering the nature of RDP), or unless I can tell Windows to allow my local user account to connect. Even though my Windows user account password is over 15 characters, it still seems very reasonable to think that certain software and/or techniques would make it fairly simple for someone to open an RDP session with my XP host, then all bets are pretty much off in that case. After I'm confident that I fully understand Windows RDP, I think I should find some more versatile and more secure RDP software, something that I don't have to upgrade my OS to use (since such is the case with Windows 7 Home Premium). Any suggestions on that front? I don't think I have any interest in paying for RDP software since the only machine I will probably ever want to host with already has Windows RDP host software.

The only way to make your machine secure, is to update it regularly when new patches become available.

Secondly, we all know that Windows Remote desktop is a great administrative utility for managing computers or servers remotely, however its not secure enough.

If you plan on connecting to your XP box remotely from over the internet on a regular basis, you might want to consider upgrading to TeamViewer or change the RDP default port to something unique, like 1000 or 5000.

[G-Stress]

Well that makes perfect sense. I'm pretty sure I understand what port forwarding is and what it does now. I'm about to set it up on my router, but it will be a couple days before I can get somewhere to test internet RDP. Now I find myself wondering how this can possibly be secure, unless I can tell Windows to only allow port 3389 to pass through RDP requests (which is basically useless for security, considering the nature of RDP), or unless I can tell Windows to allow my local user account to connect. Even though my Windows user account password is over 15 characters, it still seems very reasonable to think that certain software and/or techniques would make it fairly simple for someone to open an RDP session with my XP host, then all bets are pretty much off in that case. After I'm confident that I fully understand Windows RDP, I think I should find some more versatile and more secure RDP software, something that I don't have to upgrade my OS to use (since such is the case with Windows 7 Home Premium). Any suggestions on that front? I don't think I have any interest in paying for RDP software since the only machine I will probably ever want to host with already has Windows RDP host software.

RDP by default isn't the most secure way to administer a server/workstation. It can be bruted with tools such as TSGrinder. Get a good understanding of networking, check out I believe VTC.com and trainsignal.com they offer virtual training courses in all areas of IT.

What I do is VPN back home using OpenVPN then I'm able to login locally to any box via RDP over the VPN tunnel. This way I only need to have 1 port open to the outside world to allow my vpn connection, then I can have 3389 open on all boxes or whatever port I choose locally only.

[NegativeSpace]

The only way to make your machine secure, is to update it regularly when new patches become available.

Secondly, we all know that Windows Remote desktop is a great administrative utility for managing computers or servers remotely, however its not secure enough.

If you plan on connecting to your XP box remotely from over the internet on a regular basis, you might want to consider upgrading to TeamViewer or change the RDP default port to something unique, like 1000 or 5000.

What is it about TeamViewer that makes it more secure than Windows RDP?

[digip]

What is it about TeamViewer that makes it more secure than Windows RDP?

TeamViewer uses stronger encryption from end to end. RDP uses 128 bit RC4 encryption, as where TeamViewer uses AES 256 bit with RSA public/private keys. Under older versions of RDP, it was possible to sniff traffic via MITM. Under newer versions its not as easy, but I hear it can still be done.

The encryption isn't really the plus side though. For starters, there are versions of TeamViewer that work on Windows, Mac, and Linux. Also,you don't need to make changes to your router or firewall in order for it to work, a problem that plagues many people using RDP remotely. On some ISps RDP ports are blocked, so even if you open it on yoru end, the ISP might filter for it coming into their network. Usually they allow it going out, say to a workplace connection, but for home users, they sometimes filter this out and it doesn't work remotely.

For LAN, I use RDP just for its ease of use and I know whats on my network, but for remote needs, I would suggest TeamViewer. Then there is the fact that its portable, fitting on a thumb drive. You could put on a version of each for Windows, MAC and Linux, and carry it with you on a thumb drive. If you ever needed to connect home while using someone else's machine, no matter what OS they had, you could still remote home.

Edited January 31, 2011 by digip