How exactly does a remote program like Team Viewer work?

34

21

If you make use of Windows RDP or Remmina, you normally use the IP (public) or attached hostname of the server to log on. I was wondering how a remote program like Team Viewer works? And also, how does the program know how to route that traffic over the internet?

Rudolph

Posted 2013-10-18T12:04:29.777

Reputation: 2 552

i'm also curious about this. :D – gumuruh – 2017-12-22T06:28:49.220

Answers

25

TeamViewer, LogMeIn and any other program that allows a zero config remote desktop session uses a third-party server.

For example, LogMeIn is a program similar to TeamViewer where you are able to remotely login to a computer outside of the network that you're currently on. You will notice that there are no external configurations required for this type of remote session. This is due to the fact that the software that you installed on the remote machine (the LogMeIn client) initiates an outgoing request to the LogMeIn servers. Since this client initiated the request, no port forwarding on the Firewall is required.

On your computer, outside of the network of the LogMeIn computer, can access this computer remotely through LogMeIn's website. This website accepts the initiated request from the remote computer and keeps the connection alive to listen for a remote session request.

When you run TeamViewer, you are assigned an ID on their broker server. You make a connection to a Teamviewer ID, and TeamViewer passes the connection down through the TeamViewer client's established tunnel to the destination and you then you are prompted for password and then the connection establishes afterwards.

kobaltz

Posted 2013-10-18T12:04:29.777

Reputation: 14 361

3Extended question: Is there any possibility to run such a third-party server yourself and make VNC (or any other client) work the same way? – TheStoryCoder – 2016-03-30T08:50:31.357

2Good question. In this way you'll on the path for create a new TeamViewer company... – giuseppe – 2016-05-27T05:45:12.747

@TheStoryCoder any luck? I think we need to create the communication protocol first between server and client, then build the tcp server. RDP is the default protocol by windows, but i guess it is not designed to support this. I know that TeamViewer use their own protocol. I really hope that someone out there already create an opensource project for it :) – Altiano Gerung – 2018-07-27T12:38:21.953

@TheStoryCoder A simple way but with less security: you can have a server installed OpenVpn(server A) and your PC(PC A) is connected to internet through that server. And you have another PC(PC B) only accepts incoming connections or remote desktop (if windows) from your VPN server. That way you can connect to that PC B from your PC A which establishes connection through server A. – Janaka R Rajapaksha – 2019-05-16T04:41:02.430

8

Teamviewer uses port 80 to make a connection to a central server. If the connection is made, you get a unique ID, and the server knows you're online. All communication can happen over port 80 if other ports are blocked.

Teamviewer does allow you to connect directly to an IP-address. You have to set this in the options, to allow incoming LAN connections. This works for local networks, and probably for WAN networks as well, but then you have to get portforwarding working, to get port 80 to connect to the right computer behind the router/firewall. That makes things difficult for most people, and unmanageble for most of the rest, so then we use the Teamviewer ID method.

I don't know if this means that all traffic goes via the teamviewer servers, but it might. (And as it registers all clicks and keypresses, that probably means that they could - in theory - and since we know about PRISM etc probably in reality as well - know about all your logins and secret keys.)

SPRBRN

Posted 2013-10-18T12:04:29.777

Reputation: 5 185

3

This is what the company says in their Security Statement:

When establishing a session, TeamViewer determines the optimal type of connection. After the handshake through our master servers, a direct connection via UDP or TCP is established in 70% of all cases (even behind standard gateways, NATs and firewalls). The rest of the connections are routed through our highly redundant router network via TCP or https-tunnelling. You do not have to open any ports in order to work with TeamViewer!

As later described in the paragraph "Encryption and Authentication," not even we, as the operators of the routing servers, can read the encrypted data traffic

So:

  • 1) as others have suggested, the initial connection from both clients is client-initiated and goes through port 80 so it has no problems with NAT or firewalls, can go through a web proxy, etc. After this, everything is set up and both clients need to be connected to each other, then:
  • 2.1) probably uses UPnP or NAT hole punching to be able to do an actual connection between the two clients, or
  • 2.2) if not possible it will route the traffic through their servers, which will be slower and could be spied on (however they state that the data is encrypted end to end, in that case that would not be a problem)

golimar

Posted 2013-10-18T12:04:29.777

Reputation: 846

any opensource solution that you might aware? – Altiano Gerung – 2018-07-27T12:48:07.727

@AltianoGerung I don't know any opensource ones that work without opening ports like Teamviewer – golimar – 2018-07-27T14:14:53.580

0

Most applications like TeamViewer route things through their servers if there's no direct path available, therefore bypassing the need to use public IPs and open ports.

deepy

Posted 2013-10-18T12:04:29.777

Reputation: 121

Asked: 2013-10-18T12:04:29.777

Viewed: 96 338 times

Active: 2018-06-01T10:57:58.443