TCP Punching

From BitWise DocuWiki

TCP Punching is a relatively new technique for establishing TCP connections through routers or NATs without requiring any manual configuration, such as port forwarding. Despite the scary-sounding name, TCP Punching is safe and does not represent a vulnerability in your router or computer. BitWise added TCP Punching in version, using the methodology described in Peer-to-Peer Communication Across Network Address Translators (

Adding TCP Punching to BitWise required that BitWise listen on a second port besides the standard 4137. This second port is randomly generated by default, but it can be set to a specific port or disabled altogether using the BitWise Setup. If you disable the secondary listener, you are disabling TCP Punching.

Here is a basic breakdown of how BitWise establishes a direct connection with a contact, including the steps taken for TCP Punching.

  1. A regular outgoing connection attempt is made on port 4137. If your contact accepts connections on port 4137, this connection method succeeds quickly and no more steps are required.
  2. An outgoing connection attempt is made from your secondary listening socket to the server port (4038) at your contact's IP address. This should and is expected to fail, but it opens your router to accept connections from the other user on your secondary listener socket (if your router supports TCP Punching).
  3. Your client requests a reverse connection with the help of the BitWise server. That is, your computer asks your contact's computer to connect to you. In the meantime, your client waits for an incoming connection.
  4. Your contact tries a regular connection to your computer on port 4137. If this succeeds, then no more steps are required.
  5. Your contact then tries to connect to your secondary listener port, which will succeed if your router supports TCP Punching.
  6. If your contact was unable to connect to you, they will make an outgoing connection attempt to you on the server port (4038). This should and is expected to fail, but it opens their router to accept connections on the secondary listener port (if their router supports TCP Punching).
  7. Lastly, if your client hasn't received a connection after a reasonable period of time, it will make a connection attempt to your contact's secondary listener port. If your contact's router supports TCP Punching, this should almost certainly succeed.

On subsequent connections, BitWise will skip steps that did not work so that a new connection can be established as quickly as possible. For example, if you were unable to connect to your contact but your contact could connect to you, your client won't bother with step 1.

Note for Linux users: Unfortunately, TCP Punching is not available on Linux due to Linux's lack of a way to rebind a socket that is already listening for connections. While Linux has the necessary REUSEADDR flag, it does not have the REUSEPORT flag available on BSD derivatives like Mac OS X. On Windows, REUSEPORT is implied in REUSEADDR.

See also: UDP Punching.