SIPP basic message exchange between server and client - sipp

I am trying to learn sipp, and hence to get started I was looking for the below example:
SIPP Acting as Server at one end.
SIPP Acting as Client at the other end.
How can we achieve this? and perform Simple message exchange between server and client both simulated by SIPP.
Thanks In Advance!

EXAMPLE:
Run sipp with embedded server (uas) scenario:
./sipp -sn uas
On the same host, run sipp with embedded client (uac) scenario
./sipp -sn uac 127.0.0.1
You can do the same if you have 2 computers/devices on the same network.
With -ifconfig (assuming you are in linux) you can find out the adress your device running the UAS (Server) scenario
The UAC needs to know IP adress of server it tries to send mesages to.
So lets say you run -ifconfig, and you get the adress 192.168.0.101 for your device that you will run UAS on, then your device that runs UAC will need to be run using
./sipp -sn uac 192.168.0.101
I would advise reading the official documentation. It is a bit confusing at first but it is the best source for learning SIPp
http://sipp.sourceforge.net/doc/reference.html

Related

Proxify an application via loopback adapters and SSH

This is part programming, part sysadmin, so please excuse me if you feel that this should be over on serverfault.
I have an application that is not SOCKS aware and that we need to use through a firewall. We cannot modify the application to have SOCKS support either.
At the moment, we do this by aliasing the IPs the application talks to the loopback adapter on the host, then creating SSH tunnels out to another host. The IP's the application uses are hardcoded. Our SSH connections look like:
ssh -L 1.2.3.4:9999:1.2.3.4:9999 user#somehost
Where 1.2.3.x are aliases on the loopback.
So the application connects to the open port on the loopback, which gets sent out to the SSH host and onto the real 1.2.3.4.
It works, but the problem is that this application connects to quite a few IPs ( 50+ ), so we end up with 50 ssh connections out from the box.
We've tried to use several 'proxifying' apps, like tsocks and others but have had alot of issues with them ( the app is running on OS X and tsocks doesn't work so well, even with the patches )
Our idea was to write a daemon that listened on all interfaces on the specified port - it would then take the incoming packets from the application, scrape the packet info ( dst IP, port, payload ), recreate the packet and proxify it through a single SSH SOCKS connection ( ssh -D 1080 user#somehost ). That way, we only have 1 SSH connection that all the ports are being proxied through.
My question is - is this feasible? Is there something that I'm missing here? I've been combing through pfctl, ipfw, iptables docs, but I don't see any option to do it through those and this doesn't seem like it'd be the most difficult thing to code. It would recreate the packet based on the original destination IP and port, connect to the local SOCKs proxy and resend the packet as if it were the original application, but now with SOCKS support.
If I'm missing something that someone knows about that already does this, please let me know. I don't know socket programming or SOCKs too well, but this doesn't seem like it'd be too big of a project to tackle, but I'd like some opinions if I'm biting off way more that I should.
Thanks
If your application could add SOCKS client support, you can simply ssh -D lock_socks_port remote_machine, which will open up the local *lock_socks_port* as a SOCKS server at localhost, which can then connect to any host accesible by the remote machine.
Example: imagine you are using an untrusted wifi network without encryption. You can simply launch ssh -D 1082 home, and then configure your web browser to use localhost:1080 as SOCKS server. Of course, you need a SOCKS-enabled client. All the traffic would appear as coming from your gateway, and the connection would be opaque to those snooping the wifi.
You can also open a single ssh client with an indefinite number of LocalForward requests, which would be tunneled on top of a single ssh session.
Moreover, you can add ssh connections to an already-established ssh connection by using the ControlMaster and ControlPath options of ssh.

Using RawCap to Sniff localhost on Windows XP, SP3

I am attempting to use RawCap to sniff Windows localhost. However, contrary to its billed ability to do so, it is not working. I am starting it as follows:
rawcap 127.0.0.1 echo.pcap
I then run a little echo TCP client / server test app I wrote. I use the client to send some data over 127.0.0.1, and it indeed gets printed on the server and sent back to the client, where it is also printed. Howver, the packet capture file is empty.
I am running under Windows XP, SP3.
Is anybody aware of any other steps I need to take to get this to work?
Additional information added on 7/20/2011: I contacted the company that produces RawCap, and they suggested making sure that I have administrator privilege, that I try sniffing ping 127.0.0.1, and that I try enabling telnet and sniffing telnet 127.0.0.1. I do indeed have administrator privilege, RawCap sees ping packets, but it did not see telnet packets. I also tried sniffing 127.0.0.1 on another machine, and I failed there also.
Best,
Dave
I've been in contact with the author of RawCap, and he indicated that I found a bug where Windows XP SP 3 can't sniff TCP on localhost. He does not seem hopeful that he can fix it. If any more useful information comes along, I will, in an attempt to help the community, comment on this answer.

Ports with C++ Server/Client applications

If I create a c++ server/client application, the port I used to communicate does it need to be open on the router of the server and client machine
Or what other approach could I take? the client computer needs to receive information from the server but I am not able to have any ports opened because it is on a school network....
[edit]
Hmm My setup is a php page running on a server say when I press hello, the server makes a ssh connection through php and sends shell commands to the machine. The server is running off of a school server which I do have ssh access to and run all my things from there. The client computer will be my pc running off of the school wifi which is not connected to the server. The server will try to make a ssh connection to the public ip of my computer running off of the school wifi(no ports open/can ssh out but no ssh in). Will these methods you mention make this possible, in particular the connect.c since I can't run putty off of the server, and the connect.c I could call from the php.
The choice of language is highly irrelevant here.
There don't need to be ports 'open' on any router, unless your traffic must pass through it. On normal peer hosts in the same network (or subnet) there would hardly be any firewall policy, not even in schools.
Technically it is possible for the switch to block peer-2-peer traffic (meaning traffic not destined to the outgoing gateway), but that is not very usual.
Of course, if the school doesn't allow outbound (WAN) traffic on most ports, tough luck, and they're absolutely right :)
You can look at
ssh (with tunnels -L, -D and -R options, perhaps -o GatewayPorts on)
stunnel
connect.c
http-tunnel
All very readily googled
To establish a TCP/IP connection, only the server port needs to be accessible by the client. The connection is full-duplex, therefore data can flow from the client to the server and vice-versa.
If you are using UDP for your application, which is a connection-less protocol, what happens depends heavily on the firewall or router and whether it performs connection tracking for your service or not.
Unless you provide some additional information on your service and the network setup on both the client and the server side, we cannot provide more concrete information.

Understand ACTV mode and the PORT command

I'm the part time FTP server administrator (with no real full-time admin). We currently only allow ACTV mode connections. Some of our clients have had issues with this but for the most part they've been ok using ACTV. For the few who aren't, we've been able to push the data over to their servers from ours.
there is one client in particular however who is currently having trouble. He is using file-zilla and issuing a PORT command.
First, does using the PORT command imply that you are in ACTV mode?
Second is there a way in FileZilla to explicitly change to ACTV mode?
Thanks for the help,
_Ramy
Active mode requires the PORT command. PORT is what tells the server where to connect to on the client in order to open the data channel.
Active FTP breaks when the client is behind NAT, hence Passive is the preferred default in most situations where FTP is used. It is strongly preferable to not use FTP and switch to SFTP.

uploading code to dev or production server using ftp or using telnet, are they both not safe?

i still see people using ftp or telnet for work instead of sftp and ssh. is it true that using ftp or telnet can let people see the password quite easily? Who can actually see it?
Update: for example, if i am not using Wireless... which i heard can be breakable if it is WEP when 1GB traffic is sent or received ... so if not using Wireless, and I am using either DSL, Cable Internet like Comcast, or AT&T's U-verse's fiber optics, then who can read it? Can my neighbor, or joe at the data center at a nearby company or university read it? Or joe at a big hosting company or data center that happens to be some where between California and Chicago if I am ftp'ing from California to Chicago?
Update 2: so maybe it is good to alias ftp='echo use sftp!!' on the bash too
To answer briefly, anyone on the path of the packets from your pc to the server.
In some cases (insecure networks, wireless networks, and so on) many more persons.
That's because the password will travel in plain text.
You can see more about packet sniffing at http://en.wikipedia.org/wiki/Packet_capture.
Also check http://en.wikipedia.org/wiki/File_Transfer_Protocol#Security_problems
Both ftp and telnet are unencrypted. That means that anyone who can capture your internet traffic (e.g. your isp, hosting provider, maybe government) can read your password in plain text averytime you login. Ssh and sftp/scp will encrypt your password and none should be able to read it.
Yes, by using a simple packet sniffer, such as Wireshark it is possible to read the plaintext passwords used by telnet and ftp. Try using this tool while initializing a ftp or telnet session and you'll see how non-secure these mechanisms are.
As tagged with this post, ssh and sftp are more secure alternatives as they encrypt the data as it moves across the wire. And, as always, never use these sorts of tools for evil!
Anyone with a sniffer can see it. Use the secure equivalents i.e. SFTP and SSH instead. They are protected with strong encryption and everything will be encrypted.

Resources