AL
Uploaded byAnry Lu
PDF, PPTX825 views

Things you should know for network programming

This document discusses various topics related to network programming including TCP and UDP protocols, TCP connection lifecycle states, TCP options, debugging tools like Wireshark, and methods for disconnecting connections. It provides an overview of reliable and ordered data delivery with TCP, the three-way handshake process, flow control, and TCP states like ESTABLISHED and CLOSE_WAIT. Debugging techniques like packet sniffing, ARP spoofing, and SSL interception are also covered.

Embed presentation

Download as PDF, PPTX
Things You Should Know for Network Programming Anry Lu 2014/10/22
TCP & UDP
UDP (just IP + Port Number)
TCP is far more complicated!
TCP Quick Review TCP provides reliable, ordered and error-checked delivery of data.
3-Way Handshaking
Ack, Retransmission & Sliding Window
Flow Control (AIMD) ● check the available flow control on your system ○ sysctl -a | grep tcp_allowed_congestion_control
TCP Options ● Maximum Segment Size ● Select Ack ● Explicit Congestion Notification ● Window Scaling ● Timestamp ● Keepalive ● ...
The life-cycle of a TCP connection. (use netstat or lsof to see the state)
What the state means? ● SYN_SENT ○ packets are dropped iptables -t filter -t filter -A OUTPUT -p tcp --dst 192.168.68.8 -j DROP nc 192.168.68.8 80 ○ solution ■ check your network ● ESTABLISHED ○ usually means the connections is valid ○ if the connection is dead, it takes 7,200 seconds to know ■ net.ipv4.tcp_keepavlid_time
● CLOSE_WAIT ○ your code doesn’t handle connection well (note: all data sent in this state are just dropped) ○ server import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_address = ('127.0.0.1', 10000) sock.bind(server_address) sock.listen(1) connection, client_address = sock.accept() connection.close() ○ client import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_address = ('127.0.0.1', 10000) sock.connect(server_address) ○ solution ■ check your source code
● TIME_WAIT ○ it’s a normal state to avoid sending RST and interfering with new connections ○ lasts for 2*MSL after close ○ may cause port starvation on server ○ solution ■ linger option (use this carefully) ■ net.ipv4.tcp_tw_resuse ■ SO_REUSEADDR or SO_REUSEPORT
How to Debug - Sniffer Tools ● wireshark or tcpdump ○ for normal socket sudo tcpdump -i eth5 ● socat ○ for unix socket cd /share/CACHEDEV1_DATA/.qpkg/CloudLink/tmp/ mv tunnel_agent_monitor.sock tunnel_agent_monitor.sock.orig socat -t 100 -x -v UNIX-LISTEN:./tunnel_agent_monitor.sock, mode=777,reuseaddr,fork UNIX-CONNECT:./tunnel_agent_monitor. sock.orig
What if no sniffer available? ● Sniffer Machine ○ sysctl -w net.ipv4.ip_forward=1 ○ tcpdump -i eth0 host 192.168.68.8 ● Target Machine ○ polite way sudo sysctl -w net.ipv4.conf.all.accept_redirects=0 sudo sysctl -w net.ipv4.conf.eth5.accept_redirects=0 sudo route add -host 192.168.68.8 gw 192.168.68.80 ○ hacker way (execute on the sniffer machine) arpspoof -t 192.168.68.51 192.168.68.254
What if SSL is enabled? ● Man in the middle proxy ○ http://mitmproxy.org/ ○ only works if certificate is not checked mitmproxy -T --host iptables -t nat -A PREROUTING -s 192.168.68.51 -d 192.168.68.8 -p tcp --dport 8080 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -s 192.168.68.51 -d 192.168.68.8 -p tcp --dport 443 -j REDIRECT --to-port 8080
How to disconnect a connection? ● ARP Spoofing + iptables ● Faking TCP packets ○ use tcpdump to observer connection tcpdump -S -n host 192.168.68.63 and tcp ○ use the libnet sample code to fake packets sudo ./tcp2 -s 192.168.68.63.8080 -d 192.168.68.51.52351 -n $SEQ_NO -a $ACK_NO -f "TH_FIN|TH_ACK" sudo ./tcp2 -s 192.168.68.63.8080 -d 192.168.68.51.52351 -n $SEQ_NO -f "TH_RST"
Reference ● dsniff ○ http://www.monkey.org/~dugsong/dsniff/ ● ettercap ○ http://ettercap.github.io/ettercap/

More Related Content

ODP
Trash Robotic Router Platform - David Melendez - Codemotion Rome 2015
byCodemotion
 
PDF
BKK16-503 Undefined Behavior and Compiler Optimizations – Why Your Program St...
byLinaro
 
PDF
Q4.11: NEON Intrinsics
byLinaro
 
PPTX
Nmap
byMegha Sahu
 
PPTX
Netcat
bypenetration Tester
 
PDF
Presentation
byAthanasios Gkantsidis
 
PPTX
Linux rt in financial markets
byAdrien Mahieux
 
PDF
한컴MDS_Virtual Target Debugging with TRACE32
byHANCOM MDS
 
Trash Robotic Router Platform - David Melendez - Codemotion Rome 2015
byCodemotion
 
BKK16-503 Undefined Behavior and Compiler Optimizations – Why Your Program St...
byLinaro
 
Q4.11: NEON Intrinsics
byLinaro
 
Nmap
byMegha Sahu
 
Netcat
bypenetration Tester
 
Presentation
byAthanasios Gkantsidis
 
Linux rt in financial markets
byAdrien Mahieux
 
한컴MDS_Virtual Target Debugging with TRACE32
byHANCOM MDS
 

What's hot

PDF
Using Timers in PIC18F Microcontrollers
byCorrado Santoro
 
PDF
LAS16-101: Efficient kernel backporting
byLinaro
 
PPTX
Embedded TCP/IP stack for FreeRTOS
by艾思程式教育
 
PDF
Memory management
byAdrien Mahieux
 
PDF
Lecture 2 timers, pwm, state machine IN PIC
byأشرف أمجد الشريف
 
PPTX
Introduction to FPGAs
byScott Thibault
 
PPTX
Tcpdump
bySourav Roy
 
PDF
Dpdk accelerated Ostinato
bypstavirs
 
PDF
Using ARM Dev.Board in physical experimental instruments
bya_n0v
 
PDF
Introduction to tcpdump
byLev Walkin
 
PDF
TinyML - 4 speech recognition
by艾思程式教育
 
PPTX
ONNC - 0.9.1 release
byLuba Tang
 
KEY
Fosscon 2012 firewall workshop
byjvehent
 
PDF
Kernel Recipes 2016 - entry_*.S: A carefree stroll through kernel entry code
byAnne Nicolas
 
PPTX
Onnc intro
byLuba Tang
 
PDF
Exercises with timers and UART
byCorrado Santoro
 
PDF
BUD17-309: IRQ prediction
byLinaro
 
PDF
Tcpdump
byMohamed Gamel
 
PDF
Q4.11: Using GCC Auto-Vectorizer
byLinaro
 
PDF
Code GPU with CUDA - Device code optimization principle
byMarina Kolpakova
 
Using Timers in PIC18F Microcontrollers
byCorrado Santoro
 
LAS16-101: Efficient kernel backporting
byLinaro
 
Embedded TCP/IP stack for FreeRTOS
by艾思程式教育
 
Memory management
byAdrien Mahieux
 
Lecture 2 timers, pwm, state machine IN PIC
byأشرف أمجد الشريف
 
Introduction to FPGAs
byScott Thibault
 
Tcpdump
bySourav Roy
 
Dpdk accelerated Ostinato
bypstavirs
 
Using ARM Dev.Board in physical experimental instruments
bya_n0v
 
Introduction to tcpdump
byLev Walkin
 
TinyML - 4 speech recognition
by艾思程式教育
 
ONNC - 0.9.1 release
byLuba Tang
 
Fosscon 2012 firewall workshop
byjvehent
 
Kernel Recipes 2016 - entry_*.S: A carefree stroll through kernel entry code
byAnne Nicolas
 
Onnc intro
byLuba Tang
 
Exercises with timers and UART
byCorrado Santoro
 
BUD17-309: IRQ prediction
byLinaro
 
Tcpdump
byMohamed Gamel
 
Q4.11: Using GCC Auto-Vectorizer
byLinaro
 
Code GPU with CUDA - Device code optimization principle
byMarina Kolpakova
 

Similar to Things you should know for network programming

PPTX
Network protocols and vulnerabilities
byPrachi Gulihar
 
PPT
network-security_for cybersecurity_experts
byabacusgtuc
 
PDF
packet traveling (pre cloud)
byiman darabi
 
PDF
vulnerabilities in IP.pdf
byMuhammadSufyanAbbasi1
 
PDF
Of the variedtypes of IPC, sockets arout and awaythe foremostcommon..pdf
byanuradhasilks
 
PDF
Layer one 2011-gh0stwood-d-dos-attacks
byfangjiafu
 
PPT
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
bymasoodnt10
 
PDF
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
bySam Bowne
 
PPTX
CompTIASecPLUS-Part1 Unlimited Edition- Edited.pptx
bymohedkhadar60
 
PDF
Where can buy Special Edition Using TCP IP Niit (Usa) Inc. ebook with cheap p...
byattietorreda
 
PDF
4. Communication and Network Security
bySam Bowne
 
PPT
null Pune meet - Understanding TCP/IP and Network Intrusion
byn|u - The Open Security Community
 
PDF
Complete Download Special Edition Using TCP IP Niit (Usa) Inc. PDF All Chapters
byosietzon
 
PDF
Chapter 1_Overview_Network Security Protocol.pdf
byNourH9
 
PPT
TCP/IP basics
bySecurityTube.Net
 
PPT
Ch02 TCP/IP Concepts Review
byphanleson
 
PDF
TCP_IP for Programmers ------ slides.pdf
bySouhailsouhail5
 
PPT
Tcp
bygiaolvq
 
PDF
networking.pdf
byfdsfds12
 
ODP
There and back again
byJon Spriggs
 
Network protocols and vulnerabilities
byPrachi Gulihar
 
network-security_for cybersecurity_experts
byabacusgtuc
 
packet traveling (pre cloud)
byiman darabi
 
vulnerabilities in IP.pdf
byMuhammadSufyanAbbasi1
 
Of the variedtypes of IPC, sockets arout and awaythe foremostcommon..pdf
byanuradhasilks
 
Layer one 2011-gh0stwood-d-dos-attacks
byfangjiafu
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
bymasoodnt10
 
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
bySam Bowne
 
CompTIASecPLUS-Part1 Unlimited Edition- Edited.pptx
bymohedkhadar60
 
Where can buy Special Edition Using TCP IP Niit (Usa) Inc. ebook with cheap p...
byattietorreda
 
4. Communication and Network Security
bySam Bowne
 
null Pune meet - Understanding TCP/IP and Network Intrusion
byn|u - The Open Security Community
 
Complete Download Special Edition Using TCP IP Niit (Usa) Inc. PDF All Chapters
byosietzon
 
Chapter 1_Overview_Network Security Protocol.pdf
byNourH9
 
TCP/IP basics
bySecurityTube.Net
 
Ch02 TCP/IP Concepts Review
byphanleson
 
TCP_IP for Programmers ------ slides.pdf
bySouhailsouhail5
 
Tcp
bygiaolvq
 
networking.pdf
byfdsfds12
 
There and back again
byJon Spriggs
 

Recently uploaded

PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Workflow and decision Automation with Flowable
bychakib ch
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 

Things you should know for network programming

  • 1.
    Things You ShouldKnow for Network Programming Anry Lu 2014/10/22
  • 2.
  • 3.
    UDP (just IP+ Port Number)
  • 4.
    TCP is farmore complicated!
  • 5.
    TCP Quick Review TCP provides reliable, ordered and error-checked delivery of data.
  • 6.
  • 7.
    Ack, Retransmission &Sliding Window
  • 8.
    Flow Control (AIMD) ● check the available flow control on your system ○ sysctl -a | grep tcp_allowed_congestion_control
  • 9.
    TCP Options ●Maximum Segment Size ● Select Ack ● Explicit Congestion Notification ● Window Scaling ● Timestamp ● Keepalive ● ...
  • 10.
    The life-cycle ofa TCP connection. (use netstat or lsof to see the state)
  • 11.
    What the statemeans? ● SYN_SENT ○ packets are dropped iptables -t filter -t filter -A OUTPUT -p tcp --dst 192.168.68.8 -j DROP nc 192.168.68.8 80 ○ solution ■ check your network ● ESTABLISHED ○ usually means the connections is valid ○ if the connection is dead, it takes 7,200 seconds to know ■ net.ipv4.tcp_keepavlid_time
  • 12.
    ● CLOSE_WAIT ○your code doesn’t handle connection well (note: all data sent in this state are just dropped) ○ server import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_address = ('127.0.0.1', 10000) sock.bind(server_address) sock.listen(1) connection, client_address = sock.accept() connection.close() ○ client import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_address = ('127.0.0.1', 10000) sock.connect(server_address) ○ solution ■ check your source code
  • 13.
    ● TIME_WAIT ○it’s a normal state to avoid sending RST and interfering with new connections ○ lasts for 2*MSL after close ○ may cause port starvation on server ○ solution ■ linger option (use this carefully) ■ net.ipv4.tcp_tw_resuse ■ SO_REUSEADDR or SO_REUSEPORT
  • 14.
    How to Debug- Sniffer Tools ● wireshark or tcpdump ○ for normal socket sudo tcpdump -i eth5 ● socat ○ for unix socket cd /share/CACHEDEV1_DATA/.qpkg/CloudLink/tmp/ mv tunnel_agent_monitor.sock tunnel_agent_monitor.sock.orig socat -t 100 -x -v UNIX-LISTEN:./tunnel_agent_monitor.sock, mode=777,reuseaddr,fork UNIX-CONNECT:./tunnel_agent_monitor. sock.orig
  • 15.
    What if nosniffer available? ● Sniffer Machine ○ sysctl -w net.ipv4.ip_forward=1 ○ tcpdump -i eth0 host 192.168.68.8 ● Target Machine ○ polite way sudo sysctl -w net.ipv4.conf.all.accept_redirects=0 sudo sysctl -w net.ipv4.conf.eth5.accept_redirects=0 sudo route add -host 192.168.68.8 gw 192.168.68.80 ○ hacker way (execute on the sniffer machine) arpspoof -t 192.168.68.51 192.168.68.254
  • 16.
    What if SSLis enabled? ● Man in the middle proxy ○ http://mitmproxy.org/ ○ only works if certificate is not checked mitmproxy -T --host iptables -t nat -A PREROUTING -s 192.168.68.51 -d 192.168.68.8 -p tcp --dport 8080 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -s 192.168.68.51 -d 192.168.68.8 -p tcp --dport 443 -j REDIRECT --to-port 8080
  • 17.
    How to disconnecta connection? ● ARP Spoofing + iptables ● Faking TCP packets ○ use tcpdump to observer connection tcpdump -S -n host 192.168.68.63 and tcp ○ use the libnet sample code to fake packets sudo ./tcp2 -s 192.168.68.63.8080 -d 192.168.68.51.52351 -n $SEQ_NO -a $ACK_NO -f "TH_FIN|TH_ACK" sudo ./tcp2 -s 192.168.68.63.8080 -d 192.168.68.51.52351 -n $SEQ_NO -f "TH_RST"
  • 18.
    Reference ● dsniff ○ http://www.monkey.org/~dugsong/dsniff/ ● ettercap ○ http://ettercap.github.io/ettercap/