Post

TCP Tunneling

  • Tunneling is the process of converting protocol A to protocol B usually protocol one of the protocols is blocked or unavailable

TCP Connection

image

  • Client C1 wants to connect to System S1, IP address with an open port on 22
  • To establish a bi-directional connection
  • We add the frames to date with info on the source, client, port of receiver, and port from the receiver and send it to the client and server processes the request and sends back the data response in the similar format

TCP Tunneling

  • We want to reach the destination that is blocked from the client, it can be blocked by a firewall or internal network
  • we can establish a standard tcp connection on port 22 , but instead of sending the data we send another TCP packet inside the data

image

  • If we send the data its completely legitimate but inside the data we are sending another request that no one else can see since the data itself is another data packet with encryption, so the firewall allows this packet to smuggle another packet to go through

image

  • The S2 has no idea the packet is coming from S1 and for it receiving as it is coming from C1

image

  • The identity of S1 remains unknown, when the response is received the data response is smuggled again and the packet is sent over

image

  • The Client received the data response as intended as if it was receiving the response from S2
  • There are a lot of TCP connections going

Applications

  • By bypassing the firewall on blocked ports, the firewall can see the TCP port and cannot see the data and the port number being smuggled into the pocket image

  • Solution Local port forwarding tunnel

image

  • Internal IP problem: local IP cannot be accessed from outside the network

image

  • Solution: Reverse Port Forwarding Tunnel

image

  • Blocked Website

image

  • SOCKS proxy (dynamic port) tunneling, we create a proxy on a machine and make all the requests coming from our machine go through that proxy (Used by Fiddler for HTTP proxy debugging) all our traffic goes through the proxy and captures it
  • We make a request to Server 1 and localhost 8080 to smuggle the requests, all the traffic goes through it (similar to VPN) , ISP is not aware of it

image

Pros and Cons

image

This post is licensed under CC BY 4.0 by the author.