VNC - Connect to you home/office PC from anywhere

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome to asgen tech forum in today's video we are going to talk about one very simple protocol but as holiday seasons are approaching we all have plan to travel and all of a sudden you realize that there is something in your pc at home you want to access because not everything is in cloud personally right so how you can do that so today we are going to talk about a simple solution called remote access for your desktop pcs and other things right so what is our problem statement problem statement is you realize that you require to access a pc on your vacation or travel you want to access your office pc so if you are a small business owner and you are at home you want to access your office pc in vrs right even if it is unattended then what is the solution available for your disposal right and we will talk about uh not just the commercial aspect the free and paid solution but as what we do in sdn tech forum in our demo we will also also do the packet capture and try to understand the protocol underneath right so the protocol is called vnc virtual network computing virtual network computing is not a protocol actually the underlying protocol is remote frame buffer protocol rfb is the actual protocol and vnc is the solution which done on top of that straight from wikipedia in computing vnc is a graphical desktop sharing system that uses rfpp to remotely control another computer it transmits the keyboard and mouse input from one computer to another relaying the graphical screen updates over the network right so uh you have one pc in remote location probably unattended you want to log into that pc do all the operations as you are present in front of that pc right so that's where the vnc protocol our feature comes handy what are the flavors of vmc or how it works vnc is strictly a server client model from its inception so on my left side you can see there is a vnc server in the remote location and on right side you have a vnc client that mean on remote next remote server you are going to install vnc server application on your local desktop or local laptop you are going to do install a vnc client mind it it's not one to one a lot of commercial available solutions which allow a vnc server to be accessed by multiple vnc client at the same time but these are enhanced feature and probably available in paid version of the software that's why it's multiple client may connect to the vnc server at the same time available option cards like commercially of the self applications flavor by pricing we have free because it's open source licensing available as well and then there are companies which do the niche job uh like providing contact support and adding a layer of security which where you have to pay the price for in those solutions then flavor by operating system uh to name a few real vncs teamviewer tied vnc so different companies they provide you different binaries for your windows macs or linux right so choose or download whatever is applicable to you if at all you decide to go for a paid application what do you need to look for right what extra features you are getting obviously because you are paying a price for it make sure you get an unattended access that means you can unlock the pc remotely uh pn's vnc natively is not encrypted right so the session is not really not encrypted but a lot of companies now they give you end-to-end uh secure or encrypted uh communication so make sure if you are paying you get the encryption remote file transfer that means you uh can do a file transfer between the remote server and local client because that's probably that's why you want to access your pc right also vnc protocol is very chatty so make sure that this vnc what you are paying for is capable of working in high computing environment like you want to operation uh perform some cpu or resource intensive operation vnc should support that then again multi-user single user is just like one user can log into the server or multiple users can log in make sure you have multiple user if that is the case and also the contact support okay so these are in the paid application now let's go to the demo so for demo what i'm going to do i have a remote server windows machine and we will pick any one of the card solution right since i don't encourage anyone to pay or for a software or it's not a promotion so ad hoc i chose one market leader here real vnc and what i have done i have installed the vnc server in uh application in one of the machine and make it as a vng server and on my local laptop i have vnc client running so let's first look at the server configuration as you can see this is a windows machine so you have to go to realvnc website and download the vnc connect server application once you do that you will have this application and it will by default show you all the ip addresses available on this pc right and then you have couple of other options like technical support about what is this about let's check this is the vnc server real vnc server and what i am interested in is the option okay it does give you the file transfer option also so that's good um let's go to option yes and here you can provide all the connectivity informations right so your connections by default uh it runs on port number 5900 it's a good idea to change this port because a lot of people when do the malicious actor on internet they always do the port scanning of well-known port and by default vnc all of our vnc application run on 5900 so i encourage you to change this uh to enhance your security okay so this is my vnc server actually listening now the next thing what i'm going to do we are going to connect to the vnc uh from the vnc client so let me cancel it out but before we cancel uh let's go back again and look at the see this is uh always on providing me authentic unattended access as well let's cancel it out look at the ip address this is the locally connected ip address and if you are looking at that you should know that this is a private ip address that mean if my server is running a private ip address i can connect to that only locally right if in the lan segment but most of the time that is not the use case and that's what we will discuss next in our section but let's first close this vnc connection uh close this remote desktop connection and let me bring our vnc application so right now i'm into this 192 168 subnet this is my vnc client so my client and server both are in the same subnet and i'm trying to connect to it okay you if you want to see the properties i'm going to connect to 136 where we have the vnc server installed right i'm going to say ok connect it is asking me for the password justify the password and you it's telling you that this is the ip address this is the port udp port it's going to use and that's hash as i say yes voila i'm connected to that server and i can do whatever i want on this application remotely okay let's cancel it out because that's not not our use case uh if you want to connect it over the internet then obviously the ip addresses between server and client doesn't match right so you need to use the public ip address so what is the public ip address of this remote server i can find that so to find your public ip address you need to probably go to any browser and say what is my ip and that you can simply say if config so if config so this is the ip address of your environment like of your lan environment public ipad to support your lan environment right this is the ip address behind that you have your pc uh sitting and that has a private private ip address right that pc with that private ip address is listening on port number 5900 so if you want to connect to that pc over the internet ideally you should connect to from your vnc client you should connect to this ip address including that port number right and that's what we are going to do next okay so i have this thing open here let's see this is my public ip address and the port number let's try to connect this okay connection refuse connection refuse because that port is not open right so depend how your router is configured in your home 5900 is not open by default right only most of the router only allow port 80 or 443 just to secure your home or a secure different application but if you know that yes i have a legitimate server sitting behind my network and listening on this port and you have a legit use case to connect to that over the internet you can obviously go and change the router configuration i have this linksys home router and different router have different capabilities but underlying is same it is basically part of port forwarding single port forwarding or port range forwarding right here you can see i have created a new forwarding range rule and that says it's a the application name is arbitrary if you actually use yourself whatever you want to do i have said vnc i know the port it is using the incoming port it is using is 5900 so start and end with that protocol tcp udp both because vnc can use either of that and then the device ip address like where it should redirect it so that's my 136 is my server local address and that's where we are going to redirect it so let me cancel out of this rule but i'm going to edit this enable this and apply okay let's go back to our vnc server and see if that can connect now it is actually getting a response and i'm saying give access so i'm connected uh you may have to allow few things on your local desktop so for right now i'm not going to do that but you may say that i'm still in the same network right though i connected using public ip address but i'm still in the same network so what i can do i can pause the video connect it to a vpn network so that i'm really on different network on my vnc client which is just one additional layer of check to make sure to prove that it works right but i'm going to do that next before that let's see what happened when vnc connects and obviously let's come to the packet walk and packets don't lie right so here you can see i was in a different network initially look at the tcp source port is random but destination port is 5900 right and i was in a different network say 173 and this is my home network where this server is sitting so i send a syn then that will got acknowledged and now you can see the vnc data transfer started happening okay so typical tcp handshake and wireshark is kind enough to show us the higher level protocol uh vnc it's telling us that okay these exchanges are vnc exchange your keyboard mouse and all the other exchanges are there so that get recognized as vnc so i hope now vnc is a little bit clear to you and if in this festive season you have a requirement make sure you explore the free options before going for a paid option paid option is definitely peace of mind because it provides you security and other things depends uh how critical it is if it's a you're a business owner definitely go with the paid option but if you are a home user maybe you can do very well with the free options so do let me know if you use vnc and if you have any questions in comment section and i'll talk to you soon thank you

Info

Channel: SDN TechForum

Views: 64

Rating: undefined out of 5

Keywords: Networking, sdntechforum, monitoring, cisco

Id: lIlFpI1dvvg

Channel Id: undefined

Length: 15min 13sec (913 seconds)

Published: Fri Oct 15 2021