Just because of curiosity, I'd like to get to know better, how the Internet works.
I have already read quite some articles in Wikipedia, but these are very theoretical. I know, which protocols are used where, and what they are good for (IP, TCP, HTTP). But I have no idea how these are actually implemented in Linux or any other OS.
So, for me to understand these things better, I'd like to write a simple implementation of the Echo-Protocol in C, preferrably for Linux, and from ground up. My client-application should be able to send a message to a given port on any other computer, and my server-application should be able to receive this message, and send it back to the client.
Where do I start best? What should I read to get more information on these topics? Has anyone of you already done something like this, and if so, what did you learn?
In addition, it would be great if someone could tell me a bout a program that shows me the raw Internet-traffic that runs trough my PC. I think this would also help me understanding things a bit better.
Thanks in advance for your advice.
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=berkley+socket+tutorial
http://beej.us/guide/bgnet/
http://www.tenouk.com/cnlinuxsockettutorials.html
http://www.paulgriffiths.net/program/c/sockets.php
In addition, it would be great if someone could tell me a bout a program that shows me the raw Internet-traffic that runs trough my PC.
Ethereal is pretty great for this.
Related
Firstly, this may be a stupid question or one that has been asked before but I am not quite sure how to google it.
I try to learn a bit about using modbus to communicate over serial interfaces and I have trouble understanding the mechanic of getting your signal on the wire/connection. I do unterstand how protocols (e.g. Modbus) encode and decode their Data. I'm interested in the process of getting your bitcode through the interface (preferably rs232) to the other machine.
In other words: How can I write a piece of code myself (no libraries etc. I want to learn how to do it) where I can input a couple of binary numbers and maybe the baudrate so that another device with a working modbus driver can receive it via direct cable connection.
If the matter is too complicated for an answer here, I'd be happy to get a link to some resources to teach myself as well. Or even some help for the right search terms.
I have used a lot of parent control software but none of them is perfect. I am thinking to write my own. I want to use either C++ or java or combination of two. My main issue is how to capture all traffic originating from browser.
I want to do it in a way hack proof way.
I appreciate greatly any help on this.
Thanks in advance.
You can't intercept data transfers from your http/https connections
You will have to build a Packet sniffer and find a way to filter out the packages you are looking for, To my suprise im not getting any solid results when i try to google C++ packet sniffer tutorials, but thats defeneteley the way to go.
For windows you need create filter driver for network adapter. Under linux you can use raw sockets for this purpose. Unfortunately, windows not support full row socket functionality.
I manage to send all my servers logs to a central syslog server. Now What? How do i make sense of this avalanche of data? does anybody know any good opensource syslog reader tool or any paid ones such as sawmill?
You might want to check out Sagan (http://sagan.io). Basically, it takes your logs as they come in and "detect" when bad things are happening. Sagan works a lot like the Snort IDS engine, but with logs instead of packets. Things that are detected can then be forwarded to a GUI like Snorby, Sguil, etc.
It's an open source project (GNU/GPLv2) and runs on *nix platforms. More information can be found at:
http://sagan.io
I know baretail, A free real-time log file monitoring tool
http://www.baremetalsoft.com/baretail/
Never tried it, but heard good things about it:
http://www.ossec.net/
It's perhaps more than what you asked for, but your question doesn't make exactly clear what you are looking for in the logs.
For displaying of the logs on a GUI you could check LogAnalyzer (http://loganalyzer.adiscon.com/)
Logstash, elasticsearch, and kibana is a nice modern stack for analyzing logs.
im looking for a way to detect, and capture data being sent TO and FROM a specific program, ive attempted to use something like wireshark but it all seems to be a bunch of nonsense to me, so i was wondering if anybody could help me get the data, translate it into text, to allow for editing, and then to resend the new edited information on its way.
Look for Capture TCP stream feature/menu item in Wireshark.
Edit: It's actually Follow TCP Stream.
Wireshark is definitely the way to go. It'll capture the data going to a specific port (which you can probably correlate to a the program fairly easily). I hope this isn't happening over SSL though (wireshark isn't going to help you much if it is).
But if you have to reverse engineer the server's communication protocol, capturing the network packets is the least of your problems. Reverse engineering is difficult and can be fairly error prone as it's often based on guess work. My suggestion is to do this as a last resort: if the server is intended to communicate with the outside world, there's probably some protocol documentation floating around somewhere that will be much more reliable than a wireshark trace.
This is more a thought experiment than anything.
I'm wondering what it would take to detect everything I legally can about the laptops in a hotspot. My first thought was to grab every MAC address I can and extract the maker from the first 24bit.
The question is would this be illegal and what else could I legally scavenge, preferably passively?
P.S. This constitutes a pattern-recognition problem so it IS programming... I think.
nmap can do a reasonable job of guessing the operating system by the way the target system responds to various probes
For the brain dead answer: Quit typing and look around for a few minutes :-D
I guess the obvious one would be to sniff the user-agent out of their HTTP requests.
IIRC there are ways to detect what TCP/IP stack is being used by sniffing choices in port usage and sequence numbers.
Why does it matter, 90% of them will be apples ;-)
The people wearing black turtle necks will be using Macs, the rest will be using PC's and Windows (except for that one guy with long pony tail who is using Linux).
Packet sniffing is illegal without the network owners consent. At least that's the generally followed precedent. There has been very few tests of this in court. But your idea of how to do it, using the mac addresses, would work well. Wireshark is a good packet sniffer if you're looking.
GFI Languard gives a lot of info like this. Check it out.