SOCKS Protocol
Added 8th Nov 2008 - Viewed 172 times
An abbreviation for SOCKetS, SOCKS is an Internet concordat that enables applications of client servers to utilize network firewalls. A firewall is a great source of protection from the dangers of internet viruses, but if a client needs to access servers outside of their firewall, they can simply use a SOCKS proxy server alternatively. A SOCKS server has the task of controlling the qualifications of clients and gains them access to the extrinsic server and transfers the client’s entreaty to the desired server. SOCKS can also be used in reverse as an alternative, allowing the outside servers to access those inside a firewall.
An average SOCKS connection appeal can be recognized as such. Remember each number represents one byte:
Field 1: SOCKS version number must be 0x04 and equals 1 byte
Field 2: command code=1 byte
0x01= begin a TCP/IP connection
0x02= begin a TCP/IP binding port
Field 3: network byte port number=2 bytes
Field 4: network byte IP address=4 bytes
Field 5: the user ID string aborted with 0x00
The server communication to the SOCKS client can be as such:
Field 1: NULL
Status achieved: 1 byte
0x5a=access granted
0x5b=access denied
0x5c=failed because destination is not reachable
0x5d=failed because user ID could not be confirmed
Field 3: 2 capricious bytes (ignore)
Field 4: 4 capricious bytes (ignore)
To put all this information into play, we will map out a sample scenario. Our client is attempting to use SOCKS 4 to connect to 77.122.5.65.75 (IP address), and the server will grant access:
Client Says: 0x04 | 0x01 | 0x00 0x50 | 0x42 0x66 0x07 0x63 | 0x46 0x72 0x65 0x64 0x00
The second to last numerical sequence is the user’s name in ASCII, followed by a nullified byte.
Server Says: 0x00 | 0x5a | 0xXX 0xXX | 0xXX 0xXX 0xXX 0xXX
OxXX can represent any value and should be disregarded.
From this point, all information can be sent between the SOCKS server and client. 0x01 generally stands for "connect", and 0x02 stands for "bind", which allows connections from protocols like FTP.
The SOCKS 4a program is merely an augmentation of the SOCKS 4 protocol. To configure the SOCKS 4a program, set the first three bytes of DSTIP to NULL values and the very last to a nonzero. This will make your IP address 0.0.0.x with x representing your nonzero value. For both the "connect" and "bind" requests, the user must transmit both the domain name of the destination and end it with another nullified byte.
Naturally, the SOCKS 5 protocol would be an extension of the SOCKS 4a. It offers more choices regarding attestation. It is technically defined in RFC 1928, and connects to a server with a list of methods of confirmation, and after the server chooses one, messages can be sent freely between both partners.