implement xkcd #1553
[www-rohieb-name.git] / blag / post / netcat-your-friendly-network-sniffer.mdwn
1 [[!meta date=2009-09-24]]
2 [[!meta title="netcat, your friendly network sniffer"]]
3 [[!meta license="CC-BY-SA 3.0"]]
4 [[!meta author=rohieb]]
5
6 I was bored today and started to play around with this Windows Mobile
7 Messaging application (I think it’s called Outlook Mobile or sort of
8 thing), and I found out that I was not able to connect to my IMAP
9 mailbox on my root server, though it worked with my Freemail account. So
10 I wanted to see what makes Outlook Mobile bother about my IMAP server.
11
12 If you are familiar with Linux (which I suppose you are ;-)), you
13 certainly know `netcat`. With this little tool, you can talk directly to
14 servers on a byte-oriented basis, and this can be very useful if you
15 have to debug programs which use character-oriented protocols like IMAP,
16 SMTP, IRC and so on.
17
18 But I’ve realised that I can not only use `netcat` to talk to a server
19 myself, but even to build a transparent proxy server that displays all
20 the data that comes over it. After a while — okay, it was about 2 hours
21 — I got the following nice command:
22
23 $ mkfifo pipe
24 $ tty=`tty`; netcat -l 1234 < pipe | tee $tty |
25 netcat myserver.com 143 | tee pipe
26
27 I could now set up Outlook Mobile to talk to port 1234 on my home
28 computer and the bytes went straight to my console and also to port 143
29 (the IMAP port) on my server.
30
31 The first direction was straightforward: the first `netcat` process
32 listens to the local port and pipes its output first to the console
33 (using `tee`) and then to a second `netcat` instance that does the
34 communication with the remote server. Now, the commands from the server
35 have to get back to the client, so I created a named pipe using `mkfifo`
36 (of course, your filesystem has to support it, so you better not do this
37 on FAT) and used this as the input to the first `netcat` process that
38 sends it back to the original client.
39
40 Of course, I could have used Wireshark, but I hate that it does not
41 allow to copy&paste the contents of a packet so I have only the bytes of
42 the protocol that I need — which can be quite useful if you want to
43 reuse parts of the content, especially in character-oriented protocols.
44 Also, the filter settings in Wireshark can be annoying, there is no
45 simple way to only have packets from one network connection (or I
46 haven’t found it yet).
47
48 So, finally I found out that is has something to do with the IMAP
49 capabilities that Outlook Mobile bothers about. I suppose I will write
50 something about it if I have traced the problem back.
51
52 **Update:** Note: You can also rewrite the server and/or client messages
53 using `sed`, but be sure to use unbuffered output with `-u` like that:
54
55 $ tty=`tty`; netcat -l 143 < pipe | tee $tty | netcat myserver.com 143 |
56 sed -u 's/^\* CAPABILITY.*/* CAPABILITY IMAP4 STARTTLS/' | tee pipe
57
58 [[!tag hacking howto debugging IMAP Linux netcat network_protocols
59 proxy_server shell]]
This page took 0.043096 seconds and 5 git commands to generate.