Tag: tcp

tls – Record header as part of the link protocol messages in the TCP / IP stack

I knew that the format of the TLS handshake message is as follows.

"Record header + link protocol layer header + link protocol message"

Now I have confusion when analyzing the TLS link protocol messages in TCP.
What the server structure would look like in response to the client's greeting.

Note: Since TCP can handle segmentation, I believe that the hello server, the CRT server, the server key exchange, the hello server made can be handled in segments and provided to tls.

Therefore, what does the raw date look like at the end of all frames received up to TCP?

Will it be like then?

Record header + Link protocol layer header +server greeting + Record header + Link protocol layer header +CRT server+ Registration header + Link protocol layer header + Server key exchange + Registration header + Link protocol layer header + Hello server done 

  or will it be omitting the record header ??

Record header + Link protocol layer header +server greeting + Handshake layer header +CRT server+ Header of the link protocol layer + Exchange of server keys + Header of the link protocol layer + Hello server

tls – Bruteforce https publication using a single tcp connection

So I tried to apply brute force to my server using thc-hydra https-post-form, but it floods the server very quickly and the requests begin to expire.

However, if I go through the browser where the server uses and accepts the HTTP Connection: Keep Alive header, I can make many requests in quick succession without flooding the server.

Is there a tool like Hydra that can be used to send many https publication requests using a single TCP connection?

source code – reassembled flow Meerkat TCP / UDP

I want to get a reassembled flow payload for TCP and UDP in Meerkat. How can I get flow data by manipulating the source code? What methods / classes at the source can give me the flow data?

I installed a binary in my machine and, for the moment, I am trying to find a function or a class where I can dump the reassembled payloads of the sequence (both Tcp and Udp) in source code C in order to save the payload of the sequence in a memory block instead of parsing EVE JSON or any other log file.

In short, I want to extract all the transmission data by writing a small function in Meerkat and using the TCP / UDP payloads (or packets / datagrams) extracted, while Suricata continues to sniff the network.

wireshark – Why doesn't TCP send a packet until ACK is received when the window size is sufficient?

The application (server) considered has several clients connected. Process each client message and send two outgoing messages. The output messages are generated sequentially and written to the socket. I note that occasionally the second output message is delayed a lot for a customer. I am trying to understand the reason for this.

Below is the filtered TCP flow between the application and the client captured from the client side.

enter the description of the image here

  1. 14908 is the client's input message. 14910 and 15337 are the two output messages.
  2. 14910 is not delayed. But 15337 is delayed about 40 ms.
  3. As I can see, package 15337 is not sent until ack 15336 is received.

The application has already sent the message in packet 15336 just after 14910 to the TCP layer. So can you help me understand what causes this delay?

Metasploit multi handler tcp reverse connection

Can we listen to 10 connections at once using any option present in Metasploit?

wireshark: DNS and sometimes TCP packets are sent when disconnecting and connecting the Wi-Fi connection

I am monitoring my network interface and I noticed that I can reproduce a behavior in which sometimes some cryptic DNS packets are sent, as well as TCP, without me opening any browser or application.

All I have to do is turn off WIFI and then turn it on again. Then, several DNS packets are sent automatically.

Here is the cap file:

enter the description of the image here

This does not seem like normal behavior, why are DNS packets sent? … When following the TCP packets, I noticed that they are sent to an EC2 instance on AWS.

protocols – Script to intercept the Modbus TCP payload

I am trying to create a Scapy script to modify the payload of the Modbus TCP packets (function code 3 and 2), but I could not succeed. The script is not intercepting traffic and modifying the payload.

Is there anyone out there who succeeds in intercepting Modbus TCP packets? Is there a sample script available with someone? I am trying to modify ModbusPDU03ReadHoldingRegistersResponse and ModbusPDU02ReadDiscreteInputsResponse in the payload.

What is running on these strange TCP ports on a Samsung smart TV?

What are these strange ports open on this TV?

Nmap registration

How to allow a layer 7 TCP / IP protocol in proxy squid

Can anyone help me know how to allow the layer 7 TCP / IP protocol using the squid proxy?
I have to connect my SMPP provider using this proxy but I cannot pass the traffic, SMPP communication uses the TCP / IP layer 7 protocol.

please help.

18.10 – Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server: TCP Provider: Error code 0x2746

I am running an Ubuntu 18.10 machine and I have been following this tutorial: https://docs.microsoft.com/en-us/sql/linux/quickstart-install-connect-ubuntu?view=sql-server-2017 I have succeeded until I came to the Connect locally section.

Every time I try this command sqlcmd -S localhost -U SA -P password I get a title error along with: Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Client unable to establish connection. (It doesn't matter if I enter the correct or incorrect password, it is always the same error).

I discovered that the problem is with the -S localhost part (I also tried to enter "(local)", 127.0.0.1 and. And I got the same error every time), but I can't make it work. I've been looking for a solution since yesterday and everything I found didn't work for me, so I put all my hopes on this question. Thanks in advance!

EDIT: I tried to enter the previous command without -S localhost and still throws the same mistake …