Shulou(Shulou.com)06/01 Report--

This article is about how to use Python to analyze TCP server and client, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Preface of 0x00

The "network" has always been the favorite arena for hackers. Data spreads wantonly in the network: host scanning, code injection, network sniffing, data tampering and replay, denial of service attacks. The deeper the hacker's skills, the more he can do.

As an interpretive scripting language, Python has been favored by hackers for its concise, clear and readable syntax since it came out in 1991. Especially in the compilation of network tools, it avoids the tedious underlying syntax and has no efficient requirements for running speed, which makes Python a necessary killer for security workers.

The editor first introduces the core protocol of the Internet-TCP protocol, and then takes the socket module of Python as an example to introduce the network socket. Finally, it gives the Python script between the TCP server and the client, and demonstrates the communication process between them.

0x01 TCP protocol

TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented, reliable, byte-stream based transport layer communication protocol.

The operation of TCP protocol is divided into three stages: connection creation (Connection Establishment), data transfer (Data Transfer) and connection termination (Connection Termination). Among them, the "connection creation" phase is the familiar TCP protocol three-way handshake (TCP Three-way Handshake), and it is also the stage to understand the communication process between the TCP server and the client in this paper.

Connection creation (Connection Establishment)

The so-called "three-way handshake" is the three steps necessary for the TCP server to successfully establish a communication connection with the client, which needs to be completed through three messages.

Handshake Step 1

The client sends a SYN message (SYN = 1) to the server to request a connection. At this point, the initial sequence number of the message is seq = x, and the confirmation number is ack = 0.

Handshake Step 2

After receiving the SYN message from the client, the server sends the ACK + SYN message (ACK = 1SYN = 1) to confirm the connection request of the client, and also initiates the connection request to it. At this time, the serial number of the message is seq = y, and the confirmation number is ack = x + 1.

Handshake Step 3

After receiving the SYN message of the server, the client sends the ACK message (ACK = 1) to confirm the connection request of the server. At this time, the serial number of the message is seq = x + 1, and the confirmation number is ack = y + 1.

For the understanding of the above process, we need to pay attention to the following points:

The function of the message is defined in the Flags section of the TCP protocol header, which is located in bit 104-111 and occupies a total of 8 bits. Each bit corresponds to a function, with 1 for on and 0 for off. For example, the SYN message has a marker of 00000010 and the marker of the SYN + SYN message is 00010010.

The sequence number of the message is defined in the sequence number (Sequence Number) section of the TCP protocol header, which is located in bit 32-63 and occupies a total of 32 bits. During the three-way handshake, the initial sequence number seq is randomly generated by the data sender.

The acknowledgement number of the message is defined in the acknowledgement number (Acknowledgement Number) section of the TCP protocol header, which is located in bit 64 / 95 and occupies a total of 32 bits. In the process of "three-way handshake", the confirmation number ack is the sequence number of the pre-received message plus 1.

To make it easier to understand, the following is a schematic diagram of the three-way handshake of the TCP protocol:

0x02 Network Socket

Network Socket (Network socket) is the data flow endpoint of inter-process communication in computer network. In a broad sense, it also represents a mechanism of inter-process communication provided by the operating system.

The fundamental premise of interprocess communication (Inter-Process Communication,IPC) is the ability to uniquely identify each process. In the interprocess communication of the local host, PID (process ID) can be used to uniquely identify each process, but the PID is only unique locally, and the PID of different hosts in the network may conflict, so the way of "IP address + transport layer protocol + port number" is used to uniquely mark a process in the network.

Tip: the IP address of the network layer can uniquely identify the host, and the TCP/UDP protocol and port number of the transport layer can uniquely identify a process of the host. Note that the same port number can be used for TCP and UDP protocols on the same host.

All programming languages that support network communication provide a set of socket API. Take Python 3 as an example to explain the interactive process of establishing a TCP communication connection between the server and the client:

After you have some impression of the above process in mind, it is easier to understand the Python implementation of the TCP server and client in the following two sections.

0x03 TCP server #! / usr/bin/env python3#-*-coding: utf-8-*-import socketimport threadingdef tcplink (conn, addr): print ("Accept new connection from% s" addr) conn.send (b "Welcome!\ n") while True: conn.send (b "What's your name?") Data = conn.recv (1024). Decode () if data = = "exit": conn.send (b "Good bye!\ n") break conn.send (b "Hello% s!\ n"% data.encode ()) conn.close () print ("Connection from% SVA% s is closed" % addr) s = socket.socket (socket.AF_INET Socket.SOCK_STREAM) s.bind (("127.0.0.1", 6000) s.listen (5) print ("Waiting for connection...") while True: conn, addr = s.accept () t = threading.Thread (target = tcplink, args = (conn, addr)) t.start ()

Line 6: define a tcplink () function. The first conn parameter is the socket object of the data exchanged between the server and the client, and the second addr parameter is the IP address and port number of the client, represented by two tuples (host, port).

Line 8: after the connection is successful, send the greeting message "Welcome!\ n" to the client.

Line 9: enter the cycle of data interacting with the client.

Line 10: sends the query message "What's your name?" to the client.

Line 11: receives a non-empty string from the client.

Line 12: if the non-empty string is "exit", the end message "Good bye!\ n" is sent to the client and the loop phase of exchanging data with the client is ended.

Line 15: if the non-empty string is not "exit", the greeting message "Hello% s!\ n" is sent to the client, where% s is a non-empty string sent by the client.

Line 16: close the socket and no longer send data to the client.

Line 19: create a socket object, the first parameter is socket.AF_INET, which represents the use of the IPv4 protocol for network communication, and the second parameter is socket.SOCK_STREAM, which represents the use of the TCP protocol for connection-oriented network communication.

Line 20: bind the server host address ("127.0.0.1", 6000) to the socket object, that is, the TCP 6000 port of the local host.

Line 21: enable the listening function of the socket object and wait for the connection request from the client.

Line 24: enters the cycle phase of listening for client connection requests.

Line 25: receives the connection request from the client and obtains the socket object conn that interacts with the client and the IP address and port number addr of the client, where addr is a binary group (host, port).

Line 26: using multithreading technology, create a new thread for each TCP client that requests to connect, and realize the function of one server communicating with multiple clients at the same time.

Line 27: the activity to start a new thread.

0x04 TCP client #! / usr/bin/env python3#-*-coding: utf-8-*-import sockets = socket.socket (socket.AF_INET, socket.SOCK_STREAM) s.connect (("127.0.0.1") 6000) print (s.recv (1024). Decode () data = "client" while True: if data: print (s.recv (1024). Decode ()) data = input ("Please input your name:") if not data: continue s.send (data.encode ()) print (s.recv (1024). Decode ()) If data = "exit": breaks.close ()

Line 5: create a socket object, the first parameter is socket.AF_INET, which represents the use of IPv4 protocol for network communication, and the second parameter is socket.SOCK_STREAM, which represents the use of TCP protocol for connection-oriented network communication.

Line 6: initiates a connection request to the ("127.0.0.1", 6000) host, which is the TCP 6000 port of the local host.

Line 7: after the connection is successful, receive the greeting message "Welcome!\ n" sent from the server.

Line 9: create a non-empty string variable data with an initial value of "client" (as long as it is a non-empty string) to determine whether to receive the query message "What's your name?" from the server.

Line 10: enter the cycle of data interacting with the server.

Line 12: when the user's input is not empty and is not equal to "exit" (marked as an illegal string), it receives the query message from the server.

Line 13: ask the user to enter a name, a legal string.

Line 14: when the user input is not empty, the loop is restarted, requiring the user to re-enter the legal string.

Line 16: when the user enters a legal string, the string is converted to a bytes object and sent to the server.

Line 17: receives the response data from the server, converts the bytes object to a string and prints it out.

Line 18: when the user enters the string "exit", the loop phase of interacting data with the server ends and the socket is about to be closed.

Line 21: close the socket and no longer send data to the server.

0x05 TCP interprocess communication

The scripts of the TCP server and client are named tcp_server.py and tcp_client.py respectively, and then saved to the desktop. The author will demonstrate it with PowerShell under the Windows 10 system.

Tip: when readers replay, make sure that Python 3 is installed on this machine, and note that the author has changed the default startup path name python to python3.

Single server VS single client

Run the command python3. / tcp_server.py in one of the PowerShell, and the server displays the Waiting for connection..., and listens to the local host's TCP port 6000, entering the waiting state for connection.

Run the command python3. / tcp_client.py in another PowerShell, the server displays Accept new connection from 127.0.0.1 Accept new connection from 42101, establishes a communication connection with the TCP 42101 port of the local host, and sends greeting information and inquiry information to the client. The client receives the information and prints it out.

If the client sends the strings Alice and Bob to the server, it receives the greeting response information from the server.

If the client sends an empty string to the server, the string is required to be re-entered

If the client sends the string exit to the server, it receives the end response message from the server.

The communication connection between the client and the server has been closed, and the server displays Connection from 127.0.0.1 virtual 42101 is closed and continues to listen for client connection requests.

Single server VS multi-client

Run the command python3. / tcp_server.py in one of the PowerShell, and the server displays the Waiting for connection..., and listens to the local host's TCP port 6000, entering the waiting state for connection.

Run the command python3. / tcp_client.py in the other three PowerShell. At the same time, the server establishes a communication connection with the TCP ports 42719, 42721 and 42722 of the local host, and sends greeting information and inquiry information to the client, respectively. The client receives the information and prints it out.

The three clients send the strings Client1, Client2, Client3 to the server, and receive the greeting response information from the server.

All clients send the string exit to the server and receive the end response message from the server.

All communication connections between the client and the server have been closed, and the server continues to listen for client connection requests.

0x06 Python API Referencesocket module

This section introduces the socket module built-in functions used in the above code, which is also the core function of socket programming.

Socket () function

The socket () function is used to create a socket object in network communication. The function prototype is as follows:

Socket.socket (family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None)

The family parameter represents the address family (Address Family), and the default value is AF_INET, which is used for IPv4 network communications and, most commonly, AF_INET6, for IPv6 network communications. The optional value of the family parameter depends on the native operating system.

The type parameter represents the type of socket, and the default value is SOCK_STREAM, which is used for TCP protocol (connection-oriented) network communication, and commonly used SOCK_DGRAM, for UDP protocol (connectionless) network communication.

The proto parameter represents the protocol of the socket, and the default value is 0, which is generally ignored. Unless the family parameter is AF_CAN, the proto parameter should be set to CAN_RAW or CAN_BCM.

The fileno parameter represents the socket's file descriptor, and the default value is None. If this parameter is set, the other three parameters will be ignored.

Socket object

This section describes the socket object built-in functions used in the above code, which are also common functions in socket programming. Note that the "socket" in the following function prototype refers to the socket object, not the socket module.

Bind () function

The bind () function is used to bind an IP address and port number to a socket object. Note that the socket object must not be bound and the port number is not occupied, otherwise an error will be reported. The function prototype is as follows:

Socket.bind (address)

The address parameter represents the address to which the socket is bound, and its format depends on the socket's family parameter. If the family parameter is AF_INET, the address parameter is represented as a binary (host, port), where host is the host address represented by a string and port is the port number represented by integers.

Listen () function

The listen () function is used by the TCP server to turn on the listening function of the socket. The function prototype is as follows:

Socket.listen ([backlog])

The backlog optional parameter represents the maximum number of connections that the operating system can suspend before the socket rejects a new connection. The backlog parameter is generally set to 5, if it is not set, the system will automatically set a reasonable value for it.

Connect () function

The connect () function is used by the TCP client to initiate a connection request to the TCP server. The function prototype is as follows:

Socket.connect (address)

The address parameter represents the address to which the socket is connected, and its format depends on the socket's family parameter. If the family parameter is AF_INET, the address parameter is represented as a binary (host, port), where host is the host address represented by a string and port is the port number represented by integers.

Accept () function

The accept () function is used by the TCP server to accept connection requests from TCP clients. The function prototype is as follows:

Socket.accept ()

The return value of the accept () function is a binary (conn, address), where conn is the socket object that the server uses to exchange data with the client, and address is the IP address and port number of the client, represented by a binary (host, port).

Send () function

The send () function is used to send data to a remote socket object. Note that the local socket must be successfully connected to the remote socket before you can use this function, otherwise an error will be reported. As you can see, the send () function can only be used for TCP inter-process communication, while for UDP inter-process communication you should use the sendto () function. The function prototype is as follows:

Socket.send (bytes [, flags])

The bytes parameter represents the bytes object data to be sent. For example, for the string "hello world!" As far as it is concerned, you need to convert the encode () function to the bytes object b "hello world!" In order to carry out network transmission.

The flags optional parameter is used to set the special function of the send () function. The default value is 0, or it can be composed of one or more predefined values, separated by bits or operators. For details, please refer to send (2) in the Unix function manual. The common values of flags parameters are MSG_OOB, MSG_PEEK, MSG_WAITALL and so on.

The return value of the send () function is the number of bytes of data sent.

Recv () function

The recv () function is used to receive data from a remote socket object. Note that unlike the send () function, the recv () function can be used for both TCP and UDP inter-process communication. The function prototype is as follows:

Socket.recv (bufsize [, flags])

The bufsize parameter represents the maximum number of bytes that a socket can receive data. Note that in order for the hardware device to better match the network transport, the value of the bufsize parameter is best set to the power of 2, for example, 4096.

The flags optional parameter is used to set the special function of the recv () function. The default value is 0, or it can be composed of one or more predefined values, separated by bits or operators. For details, please refer to recv (2) in the Unix function manual. The common values of flags parameters are MSG_OOB, MSG_PEEK, MSG_WAITALL and so on.

The return value of the recv () function is the received bytes object data. For example, if you receive the bytes object b "hello world!", it is best to convert it to the string "hello world!" with the decode () function. And then print it out.

Close () function

The close () function closes the local socket object and releases all resources connected to the socket.

Socket.close () threading module

This section introduces the threading module built-in classes used in the above code, which is also the core of Python multithreaded programming.

Thread () class

The Thread () class creates a thread object that calls the start () function to start a new thread. The class prototype is as follows:

Class threading.Thread (group=None, target=None, name=None, args= (), kwargs= {}, *, daemon=None)

The group parameter is used as a reserved parameter for later implementations of the ThreadGroup () class, and the current default value is None.

The target parameter represents the function that is called after the thread is activated by the run () function, and the default value is None, that is, no function will be called.

The name parameter represents the thread name, and the default value is None, then it is automatically named in the format "Thread-N", where N is a decimal number starting at 1.

The args parameter represents the normal parameter of the target parameter to the function, expressed as a tuple, and the default value is an empty tuple ().

The kwargs parameter represents the keyword parameter of the target parameter pointing to the function, expressed as a dict, and the default value is an empty dictionary {}.

The daemon parameter is used to indicate whether the process is a daemon. If set to True, it is marked as daemon; if set to False, it is marked as non-daemon; if set to None, the daemon parameter value of the current parent thread is inherited.

Threading object

This section describes the threading object built-in functions used in the above code, which are also required for multithreaded programming. Note that the "threading" in the following function prototype refers to the threading object, not the threading module.

Start () function

The start () function is used to start thread activity. The function prototype is as follows:

Threading.start ()

Note that the start () function can only be called once per thread object, otherwise it will result in a RuntimeError error.

The above is how to use Python to analyze TCP server and client. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.