My story - what got me into networking?
It all started with reading two books.
UNIX network programming by Robert Stevens
OSI 7 layer model by Andrew Tanenbaum
Alongside these I also read plenty of RFC documents on the text terminal in my engineering school computer center, mostly 3 digit RFC documents.
I got started on Linux , DEC UNIX and knew some basic terminal commands. There was one pager by name pg those days.
One of the first programs using Berkeley sockets was a simple emai sending software that used SMTP commands.
My professor found out what I was doing and said cryptically.
You know secrets of life.
Before closing the exploit I was using for the program.
Why networking?
Linux is one of the most interesting platforms to acquire a strong background knowledge of TCP/IP protocols and networking in general.
The other sort of networking that is important for biz in which you meet people of your industry at events is also critical but for this tech newsletter we are keen on acquiring how packets flow across the wire and radio. Also light pipes.
This is all very interesting since without an ability to travel long distances the Internet with content delivery networks and what not could not deliver such a rich end user experience be it media or even instant messaging.
In today’s scheme of things we consider the Internet to be as essential as water or air. Internet stands for network of networks. What better way to learn this than through Linux tools?
What are the tools we are going to look at?
We are going to examine these 3 tools in detail for this newsletter.
netcat
socat
tcpdump
There are plenty of useful and still more powerful tools, I can think of at least 40 more. But for now let us learn the best ways to get the journey started.
Once we get a strong understanding of the basics then your own curiosity shall help you explore more.
First let us understand netcat.
netcat - best networking tool for starters
You don’t need any tool beyond netcat in short nc to understand the most basic client/server model employed in all protocols to this day.
In every interaction between machines even in an IoT environment we always have a notion of a listening server and a connecting client that interacts and then closes the connection.
Using netcat you can simply setup a make shift client or server for TCP, UDP or the non networking option UNIX/LOCAL sockets that work only with a single node.
socat - three way relay
socat is a big step ahead of netcat in terms of what all it can do but it is also significantly harder to use and it has several options, much longer man page and things do not work in a quick and easy fashion.
The resources whenever I searched on the web for socat were always lacking leaving you to yourself, the man pages and your own guess work.
That said, socat can tunnel your traffic over OpenSSL , it can print certificates of any website, it can serve as SOCKS proxy, it can be used to invoke any shell command and pipe the output across the network socket.
I would suggest that you stick to netcat when you are learning TCP/IP and client/server model of protocols. Once you are feeling that it is time to graduate you can explore socat.
tcpdump - a command line network sniffer
tcpdump is remarkably useful since it is a network sniffer. It is looking glass into the bits , bytes and packets that traverse the wire or radio waves.
You can easily sniff out the TCP or SSL handshake or figure out how an IPsec tunnel works.
tcpdump is widely used in graphics world as wireshark where all protocols are decoded with the packet headers, payload contents and various control packets.
Once long ago I did a project to decode a VP8 encoded video and I found wireshark very critical for the project. But we are on Linux for heaven’s sake and command line with various filters are the way to go, just like we filter with pipes on the command line using grep.
Think of tcpdump as the grep for networking protocols.
How to use them?
Obviously if I am a good friend I will ask you to binge the man pages and look no further. But I will do better of course.
I had already covered these topics in detail in many twitter threads(@girish1729) and you might have read them. Here we shall explore some of the popular command line uses. Obviously the limits are set in your own mind alone.
These tools are insanely powerful. How you use them in concert with one another is left to your own use case.
A simple TCP server - nc
$ nc -l 1234
A simple TCP server - socat
$ socat TCP4-LISTEN:1234 STDIO
TCP client - nc
$ socat localhost 1234
TCP client - socat
$ socat STDIO TCP4:localhost:1234
A date server with socat
$ socat STDIN EXEC:/bin/date
Sniff for ping packets
# tcpdump icmp
Then go to a different terminal or use tmux and type
$ ping 8.8.8.8
Sniff for TCP on port 1234
# tcpdump tcp and port 1234
Sniff for DNS requests
# tcpdump port 853
Sniff for IPsec
# tcpdump ah or esp
Look for TCP handshake flags
# tcpdump -x tcp port 443
Question of the issue
How is pcap and tcpdump related?
Feedback/comments
In every issue I solicit review commands, feedback and topics you want me to cover in future editions. Kindly hit the reply button and let me know and I will oblige.
Come on, don’t be shy!
Please refer this newsletter to friends and forward to get more people into the list. Your efforts are appreciated!