Skip to main content

Wiki Network

How does Wireshark sniff the network traffic on OSX?

On OSX, Wireshark use /dev/bpf* which is the OSX system's packet capture devices. On Linux, Wireshark use socket to capture the network interface such as eth0.

TCP handshake

TLS handshake

https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/

Proxy vs Reverse Proxy

Certainly! Let's explore the key differences between a proxy and a reverse proxy:

  1. Proxy (Forward Proxy):
  • Acts as an intermediary between clients (users or devices) and the internet.
  • Forwards client requests to the internet resource (e.g., a website).
  • Provides:
    • client anonymity
    • caching
    • traffic control
    • request/response transformation.
  • Commonly used for bypassing content filters and accessing restricted content.
  • Examples include:
    • Squid
    • Proxy
    • Tor
    • Charles Proxy
    • HTTP Toolkit
    • MITM Proxy
    • Fiddler Proxy
  1. Reverse Proxy:
  • Sits in front of one or more web servers.
    • Forwards server responses to clients (users or devices).
    • Offers benefits like:
    • server anonymity
    • load balancing
    • DDoS protection
    • URL/content rewriting.
  • Used for improving server performance and enhancing security.
  • Examples include:
    • Nginx
    • Traefik

In summary, a proxy handles client traffic, while a reverse proxy shields servers by managing requests and responses.

Proxy

Man-in-the-middle(MitM)

https://httptoolkit.com/docs/guides/android/

https://docs.mitmproxy.org/stable/concepts-howmitmproxyworks/

How the proxy intercepts the HTTP traffic?

Install SSL cert in android emulator

Socks Proxy

Reverse Proxy

Resources

Socket

Terms of sockets in socket programming,

  • On the server side:
    • The socket responsible for listening and accepting incoming connections is commonly referred to as the "server socket".
    • The individual sockets created for each accepted connection, responsible for data exchange with the connected clients, are often referred to as "client socket" (or simply "socket").
  • On the client side:
    • The socket responsible for initiating a connection to the server and handling data exchange is commonly referred to as the "client socket" or "socket"

In summary:

  • Server Side:
    • Listening Socket: "Server Socket"
    • Data Exchange Sockets (for each connection): "Client Socket" or just "Socket"
  • Client Side:
    • Data Exchange Socket: "Client Socket" or just "Socket"

Transports and Protocols — Python 3.12.1 documentation

selectors — High-level I/O multiplexing — Python 3.12.1 documentation

socket — Low-level networking interface — Python 3.12.1 documentation

VPN

OpenVPN: how secure virtual private networks really work

!!!Favorite explanation

ip - How do VPN's forward network traffic? (Layer 3) - Network Engineering Stack Exchange

How to set up a router with Surfshark? – Surfshark Customer Support

Routers Supporting VPN Client - Home Network Community

Kill Switch

KillSwitch could be used to block outgoing traffic when the VPN connection drops and crashes.

PF(packet filter) MacOS

Setting up correctly Packet Filter (pf) firewall on any macOS

Prevent outgoing traffic unless OpenVPN connection is active using pf.conf on Mac OS X

Quick and easy pf (packet filter) firewall rules on macOS

A Cheat Sheet For Using pf in OS X Lion and Up

OS X PF Manual

Set Up Firewall to Allow Access Only via VPN(KillSwitch)

ENABLING VPN-ONLY ACCESS TO THE INTERNET WITH WINDOWS FIREWALL

KillSwitch for macOS