# Chapter 3: Socket Programming
##Table of Contents:
* [Technical requirements ](#scrollTo=B9crte0Lso9h&line=3&uniqifier=1)

* [Understanding the socket package for network requests](#scrollTo=LS-xZ0EFssFi&line=2&uniqifier=1)

* [Network sockets in Python ](#scrollTo=mvu54lIGxtS9&line=1&uniqifier=1)

* [The socket module](#scrollTo=7_ZsG_oZ3Cpq&line=9&uniqifier=1)

* [Server and client socket methods](#scrollTo=Cm6-ZJeXRQVO&line=1&uniqifier=1)

* [Gathering information with sockets](#scrollTo=-ru8OrojeR-L&line=1&uniqifier=1)

* Managing socket exceptions • 86

* Basic client with the socket module • 87

* Port scanning with sockets  88

* Implementing a port scanner • 88

* Advanced port scanner • 90

* Implementing a reverse shell with sockets  93

* Implementing a simple TCP client and TCP server  95

* Implementing a server and client with sockets • 95

* Implementing the TCP server • 97

* Implementing the TCP client • 98

* Implementing a simple UDP client and UDP server  99

* Implementing the UDP server • 100

* Implementing the UDP client • 101

* Implementing an HTTP server in Python  102

* Testing the HTTP server • 103

* Sending files via sockets • 104

* Implementing secure sockets with the TLS and SSL modules  107

* Summary  112

* Questions  113

* Further reading  113





## Socket Programming
This chapter will showcase networking basics using Python’s socket module. The socket module
exposes all the necessary pieces to quickly write TCP and UDP clients and servers for writing
low-level network applications. We will also cover implementing a reverse shell with the socket
module and implementing secure sockets with TLS.
Socket programming refers to an abstract principle by which two programs can share any data
stream by using an Application Programming Interface (API) for different protocols available
in the internet TCP/IP stack, typically supported by all operating systems. We will also cover
implementing HTTP server and socket methods for resolving IP domains and addresses.

The following topics will be covered in this chapter:
* Understanding the socket package for network requests
* Implementing a reverse shell with sockets
* Implementing a simple TCP client and TCP server with the socket module
* Implementing a simple UDP client and UDP server
* Implementing an HTTP server in Python
* Implementing secure sockets with TLS


## Technical-requirements

To get the most out of this chapter, you will need some basic knowledge of command execution in operating systems. Also, you will need to install the Python distribution on your local machine.
We will work with Python version 3.10, available at https://www.python.org/downloads.

The examples and source code for this chapter are available in the GitHub repository at https://github.com/PacktPublishing/Python-for-Security-and-Networking.


Check out the following video to see the Code in Action: https://packt.link/Chapter03

##Understanding the socket package for network requests

Sockets are the main components that allow us to leverage the capabilities of an operating system
to interact with a network. You may regard sockets as a point-to-point channel of communication
between a client and a server.
Network sockets are a simple way of establishing communication between processes on the same
machines or on different ones. The socket concept is very similar to the use of file descriptors for
UNIX operating systems. Commands such as read() and write() for working with files have
similar behavior to dealing with sockets. A socket address for a network consists of an IP address
and port number. A socket’s aim is to communicate processes over the network.

## Network sockets in Python
When two applications or processes interact, they use a specific communication channel. Sockets
are the endpoints or entry points of these communication channels. We can use sockets to establish a communication channel between two processes, within a process, or between processes
on different machines. There are different types of sockets, like TCP sockets, UDP sockets, and
UNIX domain sockets.

Sockets are internal endpoints for sending or receiving data within a node on a computer. A
socket is defined by local and remote IP addresses and ports, and a transport protocol. Creating a
socket in Python is done through the socket.socket() method. The general syntax of the socket
method is as follows:



```
s = socket.socket (socket_family, socket_type, protocol=0)
```



The preceding syntax represents the address families and the protocol of the transport layer.

Based on the communication type, sockets are classified as follows:
* TCP sockets (socket.SOCK_STREAM)
* UDP sockets (socket.SOCK_DGRAM)

The main difference between TCP and UDP is that TCP is connection-oriented, while UDP is
non-connection-oriented. Another important difference between TCP and UDP is that TCP is
more reliable than UDP because it checks for errors and ensures data packets are delivered to the
communicating application in the correct order. At this point, UDP is faster than TCP because
it does not order and check errors in the data packets. Sockets can also be categorized by family.
The following options are available:

* UNIX sockets (socket.AF_UNIX), which were created before the network definition and are based on data
* The socket.AF_INET socket for working with the IPv4 protocol
* The socket.AF_INET6 socket for working with the IPv6 protocol


There is another socket type called a raw socket. These sockets allow us to access the communication protocols, with the possibility of using layer 3 (network-level) and layer 4 (transport-level)
protocols, therefore giving us access to the protocols directly and the information we receive in
them. The use of sockets of this type allows us to implement new protocols and modify existing
ones, bypassing the normal TCP/IP protocols.

As regards the manipulation of network packets, we have specific tools available, such as Scapy
(https://scapy.net), a module written in Python for manipulating packets with support for
multiple network protocols. This tool allows the creation and modification of network packets
of various types, implementing functions for capturing and sniffing packets.
Now that we have analyzed what a socket is and its types, we will now move on to introducing
the socket module and the functionalities it offers.

## The socket module
Types and functions required to work with sockets can be found in Python in the `socket` module.
The socket module provides all the required functionalities to quickly write TCP and UDP clients
and servers. Also, it provides every function you need to create a socket server or client.
When we are working with sockets, most applications use the concept of client/server where
there are two applications, one acting as a server and the other as a client, and where both communicate through message-passing using protocols such as TCP or UDP:

* Server: This represents an application that is waiting for connection by a client.

* Client: This represents an application that connects to the server.

In the case of Python, the socket constructor returns an object for working with the socket methods. This module comes installed by default when you install the Python distribution. To check
it, we can do so from the Python interpreter:



```
>>> import socket
>>> dir(socket)
['__builtins__', '__cached__', '__doc__', '__file__', '__loader__',
'__name__', '__package__', '__spec__', '_blocking_errnos', '_intenum_
converter', '_realsocket', '_socket', 'close', 'create_connection',
'create_server', 'dup', 'errno', 'error', 'fromfd', 'gaierror',
'getaddrinfo', 'getdefaulttimeout', 'getfqdn', 'gethostbyaddr',
'gethostbyname', 'gethostbyname_ex', 'gethostname', 'getnameinfo',
'getprotobyname', 'getservbyname', 'getservbyport', 'has_dualstack_ipv6',
'has_ipv6', 'herror', 'htonl', 'htons', 'if_indextoname', 'if_nameindex',
'if_nametoindex', 'inet_aton', 'inet_ntoa', 'inet_ntop', 'inet_pton',
'io', 'ntohl', 'ntohs', 'os', 'selectors', 'setdefaulttimeout',
'sethostname', 'socket', 'socketpair', 'sys', 'timeout']
```



In the preceding output, we can see all methods that we have available in this module. Among the most-used constants, we can highlight the following:

* socket.AF_INET
* socket.SOCK_STREAM

To open a socket on a certain machine, we use the socket class constructor that accepts the family, socket type, and protocol as parameters. A typical call to create a socket that works at the TCP level is passing the socket family and type as parameters:



```
>>> socket.socket(socket.AF_INET,socket.SOCK_STREAM)
```



Out of the main socket methods, we can highlight the following for implementing both clients and servers:

* socket.accept() is used to accept connections and returns a value pair as (conn, address).
* socket.bind() is used to bind addresses specified as a parameter.
* socket.connect() is used to connect to the address specified as a parameter.
* socket.listen() is used to listen for commands on the server or client.
* socket.recv(buflen) is used for receiving data from the socket. The method argument indicates the maximum amount of data it can receive.
* socket.recvfrom(buflen) is used for receiving data and the sender’s address.
* socket.recv_into(buffer) is used for receiving data into a buffer.
* socket.send(bytes) is used for sending bytes of data to the specified target.
* socket.sendto(data, address) is used for sending data to a given address.
* socket.sendall(data) is used for sending all the data in the buffer to the socket.
* socket.close() is used for releasing the memory and finishes the connection.
In this section, we have analyzed the built-in methods available in the socket module and now we will move on to learn about specific methods we can use for the server and client sides.

## Server and client socket methods

In a client-server architecture, there is a central server that provides services to a set of machines that connect to it. These are the main methods we can use from the point of view of the server:

* socket.bind(address): This method allows us to connect the address with the socket, with the requirement that the socket must be open before establishing the connection with the address.

* socket.listen(count): This method accepts as a parameter the maximum number of connections from clients and starts the TCP listener for incoming connections.

* socket.accept(): This method enables us to accept client connections and returns a tuple with two values that represent client_socket and client_address. You need to call the socket.bind() and socket.listen() methods before using this method.

From the client’s point of view, these are the socket methods we can use in our socket client for connecting with the server:

* socket.connect(ip_address): This method connects the client to the server’s IP address.

* socket.connect_ext(ip_address): This method has the same functionality as the previous method and offers the possibility of returning an error in the event of not being able to connect with that address.

The socket.connect_ex(address) method is very useful for implementing port scanning with sockets. The following script shows ports that are open on the localhost machine with the loopback IP address interface of 127.0.0.1. You can find the following code in the socket_ports_open.py file:

In [16]:
import socket
ip ='127.0.0.1'
portlist = [21,22,23,80]

for port in portlist:
  sock= socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  result = sock.connect_ex((ip,port))
  print(port,":", result)
  sock.close()

21 : 111
22 : 111
23 : 111
80 : 111


The preceding code is checking ports for ftp, ssh, telnet, and http services in the localhost interface. The following could be the output of the previous script where the result for each port is a number that represents whether the port is open or not. In this execution, port 80 returns value 0, which means the port is open. All other ports return a non-zero value, meaning that the
ports are closed:

Sockets can also be used to communicate with a web server, a mail server, or many other types of servers. All that is needed is to find the document that describes the corresponding protocol and write the code to send and receive the data according to that protocol. The following example shows how to make a low-level network connection with sockets.

In the following script, we are making a connection to a web server that listens on port 80 and we access a specific route within this server to request a text document. You can find the following code in the socket_web_server.py file:

In [22]:
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('ftp.debian.org', 80))
cmd = 'GET http://ftp.debian.org/debian/README.mirrors.txt HTTP/1.0\r\n\r\n'.encode()
sock.send(cmd)
while True:
  data = sock.recv(512)
  if len(data) < 1:
    break
  print(data.decode(),end='')
sock.close()

HTTP/1.1 200 OK
Connection: close
Content-Length: 86
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Referrer-Policy: no-referrer
X-Xss-Protection: 1
Permissions-Policy: interest-cohort=()
Last-Modified: Sat, 04 Mar 2017 20:08:51 GMT
ETag: "56-549ed3b25abfb"
X-Clacks-Overhead: GNU Terry Pratchett
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
Date: Fri, 08 Mar 2024 14:28:17 GMT
Via: 1.1 varnish
Age: 16
X-Served-By: cache-ams12722-AMS
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1709908098.665401,VS0,VE2
Vary: Accept-Encoding

The list of Debian mirror sites is available here: https://www.debian.org/mirror/list


The execution of the previous script begins with the header the server sends to describe the document. For example, the Content-Type header indicates that the document is a text/plain document. Once the server sends the header, it adds a blank line to indicate the end of the header and then sends the file data using a GET request:



```
HTTP/1.1 200 OK
Connection: close
Content-Length: 86
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Referrer-Policy: no-referrer
X-Xss-Protection: 1
Permissions-Policy: interest-cohort=()
Last-Modified: Sat, 04 Mar 2017 20:08:51 GMT
ETag: "56-549ed3b25abfb"
X-Clacks-Overhead: GNU Terry Pratchett
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
Date: Fri, 08 Mar 2024 14:27:45 GMT
Via: 1.1 varnish
Age: 104
X-Served-By: cache-ams12762-AMS
X-Cache: HIT

X-Cache-Hits: 1
X-Timer: S1709908065.176569,VS0,VE3
Vary: Accept-Encoding

The list of Debian mirror sites is available here: https://www.debian.org/mirror/list


```



## Gathering information with sockets

The socket module provides us with a series of methods that can be useful if we need to convert a hostname into an IP address and vice versa. Useful methods for gathering more information about an IP address or hostname include the following:

* socket.gethostbyname(hostname): This method returns a string converting a hostname to the IPv4 address format.