Tag Archives for " tools "
Socat: A very powerful networking tool
Welcome to this socat tutorial. Socat is a network utility similar to netcat. Socat supports ipv6 and ssl and is available for both windows and linux. The first thing you will notice with this tool is that it has a different syntax on what you are used to with netcat or other standard unix tools.
|
1 |
socat [options] <address> <address> |
You have to provide both addresses in order for it to work, now these addresses look like this:
|
1 |
protocol:ip:port |
Let’s get started with some examples. First I want to show you how you can get the same functionality as with netcat.
|
1 2 |
nc localhost 80 socat - TCP4:localhost:80 OR socat STDIN TCP4:localhost:80 |
|
1 2 |
nc -lp localhost 700 socat TCP4-LISTEN:700 STDOUT |
|
1 2 |
nc -lp localhost 700 -e /bin/bash socat TCP4-LISTEN:700 EXEC:/bin/bash |
Now we can go beyond netcat with some ssl examples, but first we need to generate a ssl cert for the server.
Generate a SSL cert
openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key
SSL server
|
1 |
socat OPENSSL-LISTEN:443,cert=/cert.pem - |
SSL client
|
1 |
socat - OPENSSL:localhost:443 |
Both addresses don’t have to use the same protocol, so you can do “ssl server -> non-ssl server”. You should also check out the options that you can apply, for example you can use fork to tell socat to listen and handle multiple clients.
|
1 |
socat TCP4-LISTEN:5000,fork OPENSSL:localhost:443 |
Finally if you are tunneling a connection between servers using socat you can use the -v option to print all the traffic to stdout.
I hope you enjoyed this quick socat tutorial. If you want to learn more, check out the socat man page, section “ADDRESS TYPES” or the online documentation.
Ruby tracing – A useful debugging tool
Tracing is following all the steps taken by a program, specially function calls/methods, this can be a useful debugging tool when tracking down some problems with your application.
In Ruby we have a tracing tool built-in, we can invoke it with ruby -rtracer script.rb but as you can see here it’s not easy to tell what’s going on:
|
1 2 3 4 5 6 |
#0:test.rb:2::-: def another_call #0:test.rb:7::-: def more_depth #0:test.rb:12::-: def trace_testing(*argv) #0:test.rb:17::-: 3.times do |t| #0:test.rb:18::-: puts trace_testing('abcd',12345 * t, [1,2,3],:test => 'A') #0:test.rb:12:Object:>: def trace_testing(*argv) |
What we can do is implement our own tracer and format the output to our liking, for this Ruby provides us with the set_trace_func method, we setup our tracing by giving this method a proc that will be called for each tracing event.
|
1 2 3 |
set_trace_func proc { |event, file, line, id, binding, classname| printf "%8s %s:%-2d %10s %8sn", event, file, line, id, classname } |
Here is a summary of what each argument means:
- event, this is whats happening in this step of execution, it can be one of the following: “c-return”, “end”, “return”, “c-call”, “line”, “call”, “class”
- file, this is the file where the event happens
- line, the line number
- id, this is the method name we are in
- binding, the current scope where we are running
- classname, this one doesn’t need much explanation
I have made a gem that implements this and focuses on ruby method calls:
|
1 |
gem install simple-tracer |
You can call it with just “st my_script.rb” and this is how it looks:
Wireshark: Auto-start capturing
Most of the time when you open wireshark you will want to start capturing right away. You can pass some flags to wireshark so it starts capturing as soon as it opens. The option for this is -k but you also need to choose and interface to capture from, in Linux you can see your interfaces with ifconfig or ip show addr (shortcut: ip a) and edit your menu entry or panel launcher like this:
And with that you should be good to go. For windows interface names are a bit more involved, you can list them using wireshark -D, in my case it looks like this:
The part that you need has this format: DeviceNPF_{0F09D25E-33C7-493D-9CB9-8E9B3433439B}
So now you can modify your shortcut:
"C:\Program FilesWiresharkwireshark.exe" -k -i "DeviceNPF_{0F09D25E-33C7-493D-9CB9-8E9B3433439B}"
Finally, remember that when you update wireshark the shortcut will be removed, so you may want to rename it to avoid this.
Squashing spaces
If we want to remove extra spaces in a text like this:
|
1 |
This is some interesting text. |
You could be tempted to use sed, but there is a simpler way using tr
|
1 |
tr -s ' ' |
And we end up with:
|
1 |
This is some interesting text. |
With tr you can also delete characters instead of compressing them. Let’s say we wanted to get rid of the vowels.
|
1 |
tr -d 'aeiou' |
We get:
|
1 |
Ths s sm ntrstng txt. |
Variables with Awk
Awk comes with some predefined variables, like NF for number of fields or OFS for field separator. If you wanna know more about these ‘man awk’ and search for ‘Built-in Variables’. In this post we are going to talk about using your own variables just like in any other programming language. If you are new to awk start here: http://www.blackbytes.info/2012/01/intro-to-awk/
Awk variables example
If we want to find the biggest number in a file we could do something like this:
|
1 |
awk '{ if($1 > max) max = $1; } END { print max }' my_file |
There is a few interesting things in this line. To start with we don’t need to declare our variable which is cool, but what I want you to pay attention to is that variables in awk don’t have a leading $, neither when assigning or accessing the value, this may be a bit confusing if you are used to do bash scripting. Here the leading $ always references fields so if you used $max instead it wouldn’t work as expected.
Then there is this END statement, which allows us to execute some code after all the lines of input have been processed. There is also a BEGIN statement which does exactly what you would expect.
Finally here is an Awk reference card you may find useful: http://www.catonmat.net/download/awk.cheat.sheet.pdf