tcp – Searching for strings in a live packet capture text file using Python

I am doing the live packet capture through Tcpdump and saving the result in a simple text file. What I'm trying to achieve is to look for two or more strings in the packet capture text file. Because the output of the packet capture would never end (until we stop), I can not think of the control flow of the program I want to write using Python.
A solution to this problem may be to add a certain unique keyword after searching for a specific number of lines and then continue with that keyword the next time
Next equal to the next set of lines again. This will continue until we stop the packet capture data in a flat file.

What I want –

If string1 is found:
Print "string1 found"
If string2 is found:
Print "string2 found"
:
:
:

tls – TCP Traffic, SSL or additional Tunnel

I have a situation where we (as a SaaS provider) are migrating one of our customers from their local location to our public SaaS.

However, as a matter of security, they want to route all their TCP traffic through an IPSEC Tunnel to our application.
Now I'm not very familiar with doing that (I've done it once) and I do not believe in doing things like that quickly.

But I wonder, is it really necessary if we already use strong TLS1.2 encryption in the web server? I constantly check to make sure I keep an A + score on ssllabs.com/ssltest and I wonder if that is not safe enough.

Obviously I can understand that adding an additional layer of encryption will always be safer. But I want to see if there is an argument for the pros and cons of this.

Is there anyone who has any idea of ​​this?

TCP / IP, HTTP, UDP connection and peer discovery in the bitcoin kernel, cgminer, bfgminer source code

What files, libraries, classes, code blocks used for the tcp / ip connection, peer discovery, http connection, udp connection in the bitcoin kernel (0.1.5 and the latest versions, including the latest 0.18.0), other portfolios based on c / c ++, cgminer (first 0.1 and latest versions 4.11.1), bfgminer (first 0.1 and latest versions 5.5.0)? How is network programming performed in bitcoin software? How do I program server, client, colleagues? And in what programming and software standards, specifications (RFC, ISO, others) are communications and programming of this network based? Please, be more specific and concrete, better with examples of source code.

Files, libraries, classes, code blocks used for the TCP / IP connection and peer discovery in the Bitcoin kernel, cgminer, bfgminer

What files, libraries, classes, code blocks used for the tcp / ip connection, peer discovery, http connection, udp connection in the bitcoin kernel (0.1.5 and the latest versions, including the latest 0.18.0), other portfolios based on c / c ++, cgminer (first 0.1 and latest versions 4.11.1), bfgminer (first 0.1 and latest versions 5.5.0)? How is network programming performed in bitcoin software? How do I program server, client, colleagues? And in what programming and software standards, specifications (RFC, ISO, others) are communications and programming of this network based? Please, be more specific and concrete, better with examples of source code.

client server: Why does an application ask another application to initiate the closing of a TCP connection?

I am going to share an example where I noticed this and I would like to know if there is a known pattern of why one would do this.

I have two instances of rsyslog running on different machines One acts as a receiving server, the other as the sending client.

While there is a connection, the following is seen on the server:

reception server $ netstat -plant4 | grep 192.168.101
tcp 0 0 192.168.101.180:80 192.168.101.14:50070 ESTABLISHED 4925 / rsyslogd

After a customer service stop is triggered:

send-client $ systemctl stop rsyslog
reception server $ netstat -plant4 | grep 192.168.101
tcp 0 0 192.168.101.180:80 192.168.101.14:50070 TIME_WAIT -              

the WAIT TIME is a state that occurs on the side that initiated the termination of the connection ref.

WAITING TIME - represents waiting for enough time to pass to be sure
The remote TCP received the acknowledgment of its connection.
request for termination.

This means that the client is telling the server to start closing the connections because that same client is stopping. Why does not the client close the connections?

macos: the Docker process opens the TCP port, but the connection is rejected

How can I run a simple server listening on a port, inside a Docker container?

(In case it matters, this is a MacOS X 10.13.6 host).

When I run a simple HTTP server:

python3 -m http.server 8001

the process starts correctly and listens correctly on that port (confirmed with telnet localhost 8001).

When I run a Docker container, it also executes the process correctly, but now the connection is rejected.

web-api / Dockerfile:

FROM python: 3.7
CMD python3 -m http.server 8001

docker-compose.yaml:

version: & # 39; 3 & # 39;
services:
web-api:
hostname: web-api
build:
context: ./web-api/
dockerfile: Dockerfile
expose:
- "8001"
ports:
- "8001: 8001"
networks:
- api_network
networks:
api network
driver: bridge

When I start the container (s), it is running the HTTP server:

$ docker-compose up --detach --build
Building web-api
[…]

$ docker ps
CONTAINER ID IMAGE COMMAND STATE CREATED NAMES OF THE PORTS
1db4cd1daaa4 ipsum_web-api "/ bin / sh -c & # 39; python3 ..." 8 minutes ago Up to 8 minutes 0.0.0.0:8001->8001/tcp ipsum_web-api_1

$ docker-machine ssh lorem

docker @ lorem: ~ $ ps -ef | grep http.server
Root 12883 12829 0 04:40? 00:00:00 python3 -m http.server 8001

docker @ lorem: ~ $ telnet localhost 8001
[connects successfully]
^ D

docker @ lorem: ~ $ exit

$ telnet localhost 8001
Trying: 1 ...
telnet: connect to address :: 1: connection rejected
Trying 127.0.0.1 ...
telnet: connect to address 127.0.0.1: connection rejected
telnet: can not connect to the remote host

What is configured incorrectly here, such that the server works inside the Docker container; but I have connection rejected on port 8001 when I connect outside The container in its port exposed?

Encryption: Can I use HTTPS to pass a symmetric key used to encrypt TCP packets?

I'm doing a multiplayer game for fun and I want to keep it safe. The client is written in C # and the server in node.js with a working connection through TCP at this time. I am new to this topic, and the implementation of something with RSA or Diffie-Hellman or TLS seems confusing and is something that could easily spoil. I have researched the use of TLS, but I have no idea how to do it without using a client certificate. Google is not helpful because it does not do well with negative searches if that makes sense; It seems that I only get results for using client certificates in TLS. And so I came up with the idea of ​​using HTTPS as a substitute for Diffie-Hellman, connecting to the server with a self-signed certificate (to clarify, the server is the one that uses the certificate, English is strange), validating the login information of the user. and return a key to use for symmetric encryption for TCP packet transfers.

The general process would be like this:
1. The client initializes the TCP connection to the server and sends the server a temporary identification.
2. The server marks the socket to which the user connects with the temporary ID.
3. The client sends the HTTPS publication to the server with the login information and the temporary ID.
4. The password of the hash / sales server and is compared with the database. In successful validation, grant authorization to the socket with the temporary ID to which the validated user has access. If authentication validation fails or no socket matching the temporary ID is found, return an error to the client (400). In case of success, generate a key to use for the symmetric encryption and return it to the client (200).
5. The client receives the symmetric key, and both the client and the server use it to speak in future communications.

The temporary identification serves to allow the server to indicate which TCP socket connection it should authorize when the HTTPS validates the login information. I think this would be fine against man in the middle attacks because the man would only get the temporary ID that is not used for anything else, and if it was changed, the server would not find a socket with a matching ID during the HTTPS phase, and it would only return an error.

I think this would be less than TLS because there will be no packet signature in step 5 and future TCP communications, but it could be fine.

From what I understand about encryption, symmetric keys only act as a kind of encryption, so it's probably not too great a burden to deal with the server.

Is this system viable?

c # – Can I use HTTPS to pass a symmetric key used to encrypt TCP packets?

I'm doing a multiplayer game for fun and I want to keep it safe. The client is written in C # and the server in node.js with a working connection through TCP at this time. I am new to this topic, and the implementation of something with RSA or Diffie-Hellman or TLS seems confusing and is something that could easily spoil. I have researched the use of TLS, but I have no idea how to do it without using a client certificate. Google is not helpful because it does not do well with negative searches if that makes sense; It seems that I only get results for using client certificates in TLS. And so I came up with the idea of ​​using HTTPS as a substitute for Diffie-Hellman, connecting to the server with a self-signed certificate, validating user login information and returning a key to use for symmetric encryption of TCP packet transfers. .

The general process would be like this:
1. The client initializes the TCP connection to the server and sends the server a temporary identification.
2. The server marks the socket to which the user connects with the temporary ID.
3. The client sends the HTTPS publication to the server with the login information and the temporary ID.
4. The password of the hash / sales server and is compared with the database. In successful validation, grant authorization to the socket with the temporary ID to which the validated user has access. If authentication validation fails or no socket matching the temporary ID is found, return an error to the client (400). In case of success, generate a key to use for the symmetric encryption and return it to the client (200).
5. The client receives the symmetric key, and both the client and the server use it to speak in future communications.

The temporary identification serves to allow the server to indicate which TCP socket connection it should authorize when the HTTPS validates the login information. I think this would be fine against man in the middle attacks because the man would only get the temporary ID that is not used for anything else, and if it was changed, the server would not find a socket with a matching ID during the HTTPS phase, and it would only return an error.

I think this would be less than TLS because there will be no packet signature in step 5 and future TCP communications, but it could be fine.

From what I understand about encryption, symmetric keys only act as a kind of encryption, so it's probably not too great a burden to deal with the server.

Is this system viable?

network – Sniffing TCP packets using Wireshark

I'm trying to reverse engineer a decoder. To do this, I need to trace the packages that the decoder of an Android application installed on my phone receives, this application is the one that controls the decoder.

I tried using Wireshark at the beginning, but it turned out that the packets were sent over SSL, so they are all encrypted. Then I tried to trace my TCP packets using MITMproxy, which did not work since it does not track TCP packets, it only registers the packets sent over HTTP.

After reading the answers to the next question.

How can I capture the entire traffic network by mitmproxy? I decided to give Wireshark a second try.

To do this, I need to know the location of the private key that I have no idea about. I know what a private key is, but I do not know where I can find it. or what private key are we talking about?

I would appreciate some help with this, this is the first time I work with the tracking packages.

How does TCP handle multiple requests to a port?

As a server can get many client requests at the same time to a particular port, for example, port 80 for HTTP objects, how does the server handle concurrent requests?