Do you want to create custom network clients & servers in Ruby? Or just understand how that works?
Then you will have to deal with sockets.
Join me on this tour of ruby network programming to learn the basics, and start talking to other servers and clients using Ruby!
So what are sockets?
Sockets are the end points of the communication channel, both clients and servers use sockets to communicate.
The way they work is very simple:
Once a connection is established you can put data into your socket and it will make its way to the other end, where the receiver will read from the socket to process incoming data.
There are a few types of sockets available to you, the most common — the TCP Socket — will allow you to make connections to TCP-based services like HTTP or FTP.
If you have to use an UDP based protocol then you can use the UDP Socket.
The other types of sockets are a bit more esoterical, Unix sockets allow IPC (Inter-process communication) in Unix systems without the overhead of a full TCP connection.
Now that we know what sockets can do for us it is time to start using them.
First, require the sockets library into your program:
require 'socket'
To create a TCP socket you can use the TCPSocket class, as parameters you will need the destination IP address and port.
This will attempt to establish a connection, if it can’t be established then you will get a Errno::ECONNREFUSED error.
socket = TCPSocket.new('google.com', 80)
You should now be able to send messages through your socket, you will have to follow the protocol you are communicating with for the other end to be able to understand you.
socket.write "GET / HTTP/1.1" socket.write "\r\n\r\n"
Many of the methods you will be using come from the parent classes of TCPSocket
.
To read the response from the server you can use the recv method.
You need to pass the number of bytes that you want to read from the socket as a parameter:
puts socket.recv(100)
There is a small problem, you might not get any data back and your app will appear to be doing nothing.
The reason is that if there isn’t enough data to read, your program will ‘block’.
This means it will wait until there is some data available or the server closes the connection.
You may want to increase or decrease the amount of data you are reading depending on what protocol you are working with.
If blocking is an issue for you, check out the readpartial and read_nonblock methods from the IO class.
Let’s build a server! The process is similar to writing the client, but we will need to tell the socket to bind to an interface, then listen on it, and finally to accept incoming connections.
The TCPServer class already does the first two for us.
Here is an example:
require 'socket' socket = TCPServer.new('0.0.0.0', 8080) client = socket.accept puts "New client! #{client}" client.write("Hello from server") client.close
Our example server will be listening on port 8080 and greet a connecting client with a message.
Notice how we can only accept one client and the program will end.
To be able to accept and respond to multiple clients, we will need a loop and some threads.
Example:
require 'socket' PORT = 8081 socket = TCPServer.new('0.0.0.0', PORT) def handle_connection(client) puts "New client! #{client}" client.write("Hello from server") client.close end puts "Listening on #{PORT}. Press CTRL+C to cancel." loop do client = socket.accept Thread.new { handle_connection(client) } end
That should start a new server that keeps listening until you stop it.
If you want to learn how to take this to the next level & write a web server in Ruby read this blog post.
You learned what TCP sockets are, how they work & how you can use some Ruby classes like TCPServer
& TCPSocket
to create Ruby applications that can interact with other machines on the internet.
Playing with ruby network programming is fun!
Now go create something cool and share it with everyone in the comments section 🙂
Also don’t forget to join my newsletter if you want to keep improving your Ruby skills!
Let’s say we have a packet capture file (.pcap) and we want to get as much information out of it as possible. One option could be wireshark and its command line version tshark. Using the latter we will be able to manipulate and format the output using tools like sed, grep, awk…
Since we are dealing with mostly http traffic we may be interested in the sites that have been visited. To obtain this information we can use the http.host field and then a bit of sorting and this will show us the top 10 sites.
tshark -T fields -e http.host -r tor.pcap > dns.txt cat dns.txt | sort | uniq -c | sort -nr | head
If you ever wondered if there is a quick way to find all the Windows host in your network with exact version information, you are in the right place! We are going to see a few tools that will aid us in this task by quering the CIFS service (also known as SMB / NetBIOS) which is run by all Windows host.
To get us started let’s see the nbtscan tool, we can give it network range in the form of a CIDR or just with two values separated with a dash. This will give us a nice list of all the Windows host on our network with their netbios names.
Continue reading
Welcome to this socat tutorial. Socat is a network utility similar to netcat. Socat supports ipv6 and ssl and is available for both windows and linux. The first thing you will notice with this tool is that it has a different syntax on what you are used to with netcat or other standard unix tools.
socat [options] <address> <address>
You have to provide both addresses in order for it to work, now these addresses look like this:
protocol:ip:port
Let’s get started with some examples. First I want to show you how you can get the same functionality as with netcat.
nc localhost 80 socat - TCP4:localhost:80 OR socat STDIN TCP4:localhost:80
nc -lp localhost 700 socat TCP4-LISTEN:700 STDOUT
nc -lp localhost 700 -e /bin/bash socat TCP4-LISTEN:700 EXEC:/bin/bash
Now we can go beyond netcat with some ssl examples, but first we need to generate a ssl cert for the server.
openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key
socat OPENSSL-LISTEN:443,cert=/cert.pem -
socat - OPENSSL:localhost:443
Both addresses don’t have to use the same protocol, so you can do “ssl server -> non-ssl server”. You should also check out the options that you can apply, for example you can use fork to tell socat to listen and handle multiple clients.
socat TCP4-LISTEN:5000,fork OPENSSL:localhost:443
Finally if you are tunneling a connection between servers using socat you can use the -v option to print all the traffic to stdout.
I hope you enjoyed this quick socat tutorial. If you want to learn more, check out the socat man page, section “ADDRESS TYPES” or the online documentation.
It’s time to extract files from pcaps. If you ever played with packet captures you probably thought it would be cool that you could actually get downloaded files so let’s see not only one way to do this, but four!
You can find this at File > Export > Objects > Http, you will be presented with a list of files found in all the http requests. The bad thing about this feature is that even with the latest version (1.6.5 at the time of this writing) you still can’t sort by column or apply any filters which makes finding something specific hard.
To find this you will have to drill down in the packet you want, depending on the protocol.
Right click > Export selected bytes
The advantage of doing it this way is that you can actually extract files from other protocols other than http (like ftp or smb) and you can use display filters.
Network miner is a tool for network analysis but with a focus on forensic analysis. It can load a pcap and extract files and other data, there is both a free and a commercial version available.
This tool will analyze and extract session information and files and create an html report you can open in any browser
chaosreader http-data.pcap
It will create a lot of files so you may want to launch it inside an empty dir or make a new one and use the -D option, then you can open index.html
If the data crossed the network it has to be there somewhere. In this post we have seen a few tools you can use to uncover these files and extract them for your own benefit.