# Sockets

## What is a socket?

Whenever we talk about networking in programming, we also have to talk about sockets. They're the endpoints of the communication channels or basically, the endpoints that talk to each other. The communication may happen in the same process or even across different continents over the internet.

What's important is that in Python we have different access levels for the
network services. At the lower layers, we can access the simple sockets that
allow us to use the connection-oriented and connection-less protocols like
TCP or UDP, whereas other Python modules like FTP or HTTP are working
on a higher layer – the application layer.

## Creating sockets

In Python, we can create sockets by using the socket module. Let's see how we can create a socket

```python
import socket
```

Before jumping into the code, we need to know a couple of thing in advance:
- Are we using an internet socket or a Unix domain socket?
- Which protocol are we going to use?
- Which IP-address and port are we going to use?
- Which port are we going to use?

The first question can be answered by looking at the address family. If we want to use an internet socket, we have to use the AF_INET address family. If we want to use a Unix domain socket, we have to use the AF_UNIX address family.

The second question is a bit trickier. We have 2 options here: TCP or UDP. **TCP(Transmission Control Protocol)** is a connection-oriented protocol and more trustworthy than UDP, whereas **UDP (User Datagram Protocol)** is a connection-less protocol. This means that UDP is faster than TCP, but it's also less reliable.

The basic IP-address is **127.0.0.1** which is the localhost address. This applies to every machine but only works when we want to connect to our own machine. If we want to connect to another machine, we have to use the server's IP-address or something like that accordingly.

For our port we can choose any number we want. But be careful with low number, **<i>since all numbers up to 1024 are standardized and the rest (up to 49151)</i>** are reserved. It may collapse or conflicts with other application or your operating system.

In [1]:
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

We create a socket by calling the socket function of the socket module. The socket function takes 2 arguments: the address family and the socket type. The address family is AF_INET and the socket type is SOCK_STREAM for TCP and SOCK_DGRAM for UDP.

## Client-Server Architecture

In short, the serer is a program that runs continuously and waits for connection from client. The client is a program that runs on a computer and establishes connection to the server. The client can send data to the server and the server can send data to the client.

## Server Socket Methods

<table>
    <tr>
        <th>Method</th>
        <th>Description</th>
    </tr>
    <tr>
        <td>socket.bind(address)</td>
        <td>Binds the socket to address, which should be a tuple (host, port)</td>
    </tr>
    <tr>
        <td>socket.listen(backlog)</td>
        <td>Listen for connections made to the socket. The backlog argument specifies the maximum number of queued connections and should be at least 0; the maximum value is system-dependent (usually 5), the minimum value is forced to 0.</td>
    </tr>
    <tr>
        <td>socket.accept()</td>
        <td>Accept a connection. The socket must be bound to an address and listening for connections. The return value is a pair (conn, address) where conn is a new socket object usable to send and receive data on the connection, and address is the address bound to the socket on the other end of the connection.</td>
    </tr>
</table>

## Client Socket Methods

For client, there is only one specific and very important method, namely the <code>connect</code> method. The connect method takes one argument, a tuple of host and port.

## Other Socket Methods

<table>
    <tr>
        <th>Method</th>
        <th>Description</th>
    </tr>
    <tr>
        <td>socket.recv(bufsize[, flags])</td>
        <td>Receive data from the socket. The return value is a bytes object representing the data received. The maximum amount of data to be received at once is specified by bufsize. See the Unix manual page recv(2) for the meaning of the optional argument flags; it defaults to zero.</td>
    </tr>
    <tr>
        <td>socket.send(bytes[, flags])</td>
        <td>Send data to the socket. The socket must be connected to a remote socket. The optional flags argument has the same meaning as for recv() above. Returns the number of bytes sent. Applications are responsible for checking that all data has been sent; if only some of the data was transmitted, the application needs to attempt delivery of the remaining data. For further information on this concept, consult the Socket Programming HOWTO.</td>
    </tr>
    <tr>
        <td>socket.recvfrom(bufsize[, flags])</td>
        <td>Receive data from the socket. The return value is a pair (bytes, address) where bytes is a bytes object representing the data received and address is the address of the socket sending the data.</td>
    </tr>
    <tr>
        <td>socket.sendto(bytes[, flags], address)</td>
        <td>Send data to the socket. The socket should not be connected to a remote socket, since the destination socket is specified by address. The optional flags argument has the same meaning as for recv() above. Returns the number of bytes sent. Applications are responsible for checking that all data has been sent; if only some of the data was transmitted, the application needs to attempt delivery of the remaining data. For further information on this concept, consult the Socket Programming HOWTO.</td>
    </tr>
    <tr>
        <td>socket.close()</td>
        <td>Close the socket. All future operations on the socket object will fail. The remote end will receive no more data (after queued data is flushed). Sockets are automatically closed when they are garbage-collected.</td>
    </tr>
    <tr>
        <td>socket.getpeername()</td>
        <td>Return the address of the remote endpoint. For IP sockets, the address info is a pair (hostaddr, port).</td>
    </tr>
    <tr>
        <td>socket.getsockname()</td>
        <td>Return the socket’s own address. This is useful to find out the port number of an IPv4/v6 socket, for instance. The address info is returned as a pair (hostaddr, port).</td>
    </tr>
    <tr>
        <td>socket.setsockopt(level, optname, value)</td>
        <td>Set a socket option. The needed symbolic constants are defined in the socket module (SO_* etc.). The value argument can either be an integer, or a bytes-like object representing a buffer.</td>
    </tr>
    <tr>
        <td>socket.gethostname()</td>
        <td>Return a string containing the hostname of the machine where the Python interpreter is currently executing.</td>
    </tr>
</table>

## Creating a Server and Client

In [1]:
import socket
import threading

def server():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
    s.bind(("127.0.0.1", 9999))
    s.listen(5)
    print("Server listening...")
    
    while True:
        client, addr = s.accept()
        print("Connected to", addr)
        data = client.recv(1024)
        print("Received:", data)
        client.send(b"Hello from server")
        
def client():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect(("127.0.0.1", 9999))
    s.send(b"Hello from client")
    data = s.recv(1024)
    print("Received:", data)

t1 = threading.Thread(target=server)
t2 = threading.Thread(target=client)
t1.start()
t2.start()

Server listening...
Connected to ('127.0.0.1', 60461)
Received: b'Hello from client'
Received: b'Hello from server'


The method <code>accept</code> waits for a connection attempt to come and accepts it. It then returns a client for further communication with the client. We can then use this in order to send the message. But it's important that we encode the message before sending it.

## Port Scanner

So, we have learned a lot about multithreading, locking, queues and sockets. With all that knowledge, we can create a highly efficient and well working port scanner.

Port scanner is a program that scans a server for open ports. It's a very useful tool for network administrators and hackers. It's also a very good example for multithreading and sockets.

**WARNING**: Port scanning is illegal in some countries. Make sure you have the permission of the owner of the server before scanning it.

In [2]:
import socket

target = "10.0.0.5"

def portscan(port):
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        conn = s.connect((target, port))
        return True
    except:
        return False
    
for port in range(1, 1024):
    if portscan(port):
        print("Port", port, "is open!")
    else:
        print("Port", port, "is closed.")

Port 1 is closed.
Port 2 is closed.
Port 3 is closed.
Port 4 is closed.
Port 5 is closed.
Port 6 is closed.
Port 7 is closed.
Port 8 is closed.
Port 9 is closed.
Port 10 is closed.
Port 11 is closed.
Port 12 is closed.
Port 13 is closed.
Port 14 is closed.
Port 15 is closed.
Port 16 is closed.
Port 17 is closed.
Port 18 is closed.
Port 19 is closed.
Port 20 is closed.
Port 21 is closed.
Port 22 is closed.
Port 23 is closed.
Port 24 is closed.
Port 25 is closed.
Port 26 is closed.
Port 27 is closed.
Port 28 is closed.
Port 29 is closed.
Port 30 is closed.
Port 31 is closed.
Port 32 is closed.
Port 33 is closed.
Port 34 is closed.


We can easily notice that it's extremely slow. That's because we serially scan one port after the other.

## Threaded Port Scanner

In [2]:
import socket
import queue
import threading

ports = {'Number':[], 'Status':[]}
target = "10.0.0.5"
q = queue.Queue()
for x in range(1, 501):
    q.put(x)
    
def portscan(port):
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        conn = s.connect((target, port))
        return True
    except:
        return False
    
def worker():
    while True:
        port = q.get()
        if portscan(port):
            print("Port", port, "is open!")
            ports['Number'].append(port)
            ports['Status'].append('Open')
        else:
            print("Port", port, "is closed.")
            ports['Number'].append(port)
            ports['Status'].append('Closed')
            
for x in range(30):
    t = threading.Thread(target=worker)
    t.start()

PortPort 11 is closed.
Port 14 is closed.
Port 10 is closed.
Port 1 is closed.
Port 2 is closed.
Port 4 is closed.
Port 12 is closed.
 3 is closed.
Port 5 is closed.
Port 7 is closed.
Port 23 is closed.
Port 27 is closed.
Port 6 is closed.
Port 19 is closed.
Port 15 is closed.
Port 16 is closed.
Port 13 is closed.
Port 17 is closed.
Port 20 is closed.
Port 22 is closed.
Port 21 is closed.
Port 26 is closed.
Port 29 is closed.
Port 30 is closed.
Port 25 is closed.
Port 24 is closed.
Port 8 is closed.
Port 28 is closed.
Port 18 is closed.
Port 9 is closed.


In [7]:
print("There is {} open ports".format(len(ports['Number'])))

for i in range(len(ports['Number'])):
    if ports['Status'][i] == 'Open':
        print("Port {} is {}".format(ports['Number'][i], ports['Status'][i]))
    else:
        pass

There is 241 open ports


Port 242 is closed.
Port 245 is closed.
Port 243 is closed.
Port 244 is closed.
Port 246 is closed.
Port 251 is closed.
Port 261 is closed.
Port 248 is closed.
Port 259 is closed.
Port 258 is closed.
Port 254 is closed.
Port 257 is closed.
Port 256 is closed.
Port 263 is closed.
Port 262 is closed.
Port 260 is closed.
Port 249 is closed.
Port 247 is closed.
Port 255 is closed.
Port 253 is closed.
Port 250 is closed.
Port 252 is closed.
Port 267 is closed.
Port 266 is closed.
Port 270 is closed.
Port 265 is closed.
Port 269 is closed.
Port 268 is closed.
Port 264 is closed.
Port 271 is closed.
Port 272 is closed.
Port 275 is closed.
Port 274 is closed.
Port 273 is closed.
Port 276 is closed.
Port 289 is closed.
Port 293 is closed.
Port 285 is closed.
Port 284 is closed.
Port 282 is closed.
Port 277 is closed.
Port 281 is closed.
Port 278 is closed.
Port 283 is closed.
Port 279 is closed.
Port 280 is closed.
Port 292 is closed.
Port 286 is closed.
Port 287 is closed.
Port 288 is closed.
