TCP Tunneling Applications Pros and Cons (Explained by Example)
ฝัง
- เผยแพร่เมื่อ 31 พ.ค. 2024
- 💻 More software engineering videos • Software Engineering b...
Tunneling is the process of encapsulating content from a protocol A into another protocol B, usually because protocol A is blocked or unavailable. In this video we will explain how TCP tunneling works, the applications of TCP tunnels and the pros and cons. Coming up!
* TCP Tunneling
* Applications
* Pros and Cons
TCP Tunneling
Here is how TCP Tunneling works.
Lets say your goal is to access a website that your ISP proxy blocks www.server2.com this is hosted on server2 on port 80. Lets say there is another Server1 that you have access to and Server1 have direct access to Server2. So if you can make Server1 make the request on your behave to Server2 and somehow deliver the results back to you, you just created a tunnel between You and Server1.
Here is how it actually works.
You create a legit tcp connection over a known protocol such as SSH between you and Server1. You then create a tcp packet that is intended for Sever2 so you tag it with Server2:80. Then you package that packet into another TCP packet intended for Server1! Huh ! Server1:22. You then forward the packet over, your ISP police will see that there is a packet intended to Server1 on port 22. Proxy approves and forwards it over not knowing that you are smuggling content in that packet. Also the proxy cant even look in the content because its encrypted with RSA. Server1 unpacks the package, decrypt and discover that its an other tcp packet. Here is where the shady stuff happen. Server1 now looks and see that the smuggled package is intended for Server2:80, created a connection and delivers the package it, it changes the source ip to its self and keeps track somehow of that. Once it receives the package it knows that this package has to go back to tunnel. The client now have access to the blocked site! What does this look like guys? Yes you guessed it its a VPN.
It’s literally like smuggling content inside a package 📦 that looks legitimate.
Server1 and Server2 can be the same server
There are many types of tunneling
Local port forwarding: Remote connection,
Socks Proxy: forward pretty much anything (VPN)
Reverse Tunneling : Expose local web server publically
Applications
VPN
Securing an insecure connection
Anonymity
Bypass firewall
SOCKS 4 proxy
redirect all your traffic regardless of the port to an internal proxy instead which tunnels it. Dynamic port forwarding
Pros
Secure connection
Access blocked services
Anonymity
Expose internal traffic
Cons
TCP meltdown (TCP over TCP)
Slow retransmission
Stateful
Local port forwarding
Just one app gets forwarded when the local port is requested
Socks
All apps goes through the proxy
Http tunneling
TCP VS UDP 1:00
11:00 OSI model
15:40 private vs public ip
18:35 proxy vs reverse proxy
24:30 TLS
11:20 local
16:20 reverse
20:40 socks
Stay Awesome!
Hussein - วิทยาศาสตร์และเทคโนโลยี
Get my Fundamentals of Networking for Effective Backends udemy course Head to network.husseinnasser.com for a discount coupon (link redirects to udemy with coupon applied)
Thanks! These videos are great. Think I've watched them all soon 😁
Great tutorial with clear concise explanation! Plus, really good examples!
This was very well explained. It is only a matter of time before your channel blows up. Subscribed!
You're a great teacher Hussein, thanks for sharing knowledge !
❤️
Awesome video! Really easy to understand, thanks a lot man
Hi bro, I really loved your video and your way of explaining, it is a topic that had taken me a lot of work to understand and now I understand it thanks to you, greetings from Guatemala! I subscribe immediately
Hey Jarin, I absolutely appreciate your comment. Glad I could simplify the topic. Love to all my subscribers from Guatemala 🇬🇹 the land of great coffee ☕️
I am glad that you talk about random stuff
Awesome videos, you are great teacher, i will watch all videos.
Thanks for breaking this down so even I can understand
big thanks bro to those computer science lessons bro, for self teaching developers we only get lessons to make pages run we don't get access to those info 👌👌
bihire boris thank you ! I really like to share whatever new info I learn and there is endless sea 🌊 of good software engineering out there! Appreciate the support
Really well done video. Thanks for sharing.
Really great video!!
But just one question: Why would S2 entertain request coming from S1 but not from other clients (C1 in this case)?
Great video and explanation, thank you so much
Said Nuri UYANIK thanks Said!
Really great video!
Thanks!
Awesome content! Your channel is the first place I go to learn any new concept - before diving deeper into the docs.
Great teaching skills!
Thank you for the video, Hussein. 🙇🏻♂️ I'm a wee confused of the concept terminologies though: how is it different from VPN? Is tunnelling protocol actually the underlying protocol of VPN?
Great tutorials 😍😍I am enjoying it alot
In your opinion, what is the mechanism of teamviewer or anydesk?
Thanks
This is very interesting. I use VMware a lot and my concern would be that tunneling might provide a way to negate the benefits of the VM. Is that something someone should worry about?
I ditched Netflix for you !!! Are you a CDN ? I literally love the way you deliver content !
lol I love your explanations. Thanks for the great vid.
Thanks Roger!
On the Pros and Cons slide... Isn't it should be STATELESS since you have to reconnect to the server if connection brakes?
this helped thanks so much
That's Hay happy to help! 😊
I like this one. ❤ It was good. 😍
God bless you bro....
Godson Rajamanickam 🙏
Thanks!
I think you are talking about LUCY movie bro in the end.
I am trying to find a place to buy SSH Tunnel no-login servers. Have any ideas?
Thanks! This video is great. i have a question : is possible to connect to my local server using IP public (Router) with a specific port ? my machine has a Privat IP
Dzino XP hey! Sure you can. If you opened that port on your router th-cam.com/video/92b-jjBURkw/w-d-xo.html
@@hnasr Thanks sir, but i install xamp and i make change to port of apache at 8012 and open the port on my router so my router ip is for exmple 1.1.1.1 and my local ip is 192.168.1.2 , but when i type 1.1.1.1:8012 dont works "The connection has timed out" but it's work when i type 192.168.1.2:8012 and also work fine with ngrok
Any solution ?
Thanks man
Your welcome Igor 🙏
So when you connect to VPN from laptop/mobile, essentially what happens is a local port forwarding to that IP address. That actually makes sense. But how do we get a private IP of that VPN network once the connection gets established? In that case, it means we're already connected in that network locally. Then why do we need this local port forwarding? Not needed right? I hope I'll not confusing you.
I talk about VPN here and explain I think answers your questions th-cam.com/video/npnqyRT77Zc/w-d-xo.html
Awesome videos. Can you please make a Video on Onion Routing, How does it bring Anonymity.
That is a great suggestion! Ill add it to my todo!
Hey how to surf internet from only using youtube server i am free to use youtube from data charges and i want to surf other websites also how can i do itn plz guide me
A great video, I've learnt a lot, but I have on doubt: 12:40 - this mini server (the entry to the tunnel) is actually an IpSec client? (I'm watching VPN vs Proxy video right now)
Correct! Either an IPSec or SOCKS proxy. Anything that can does the VPNing.
Really awesome videos! Is there ever UDP tunneling?
You made me research that haha not sure there is because tunneling require a two way connection.. i suppose you can create a UDP tunnel if you manage it at the application side?
But you 100% sure you can tunnel UDP traffic through a TCP tunnel .
Hey Hussein. You are awesome! I am stuck with a reverse port forwarding tunnel method.. your suggestion would help:
I have computers A (dynamic IP), S (Server with Public IP) and C (client with dynamic IP). Trying to access A from C via S.
I first created a SSH Key on A. Copied the public key from A to S. Then used the private key to create reverse ssh tunnel from A to S at random port 55000. It connects fine.
Then I create a SSH Key on C. Copied the public key from C to S. Then used the private key to SSH to S at port 55000 as follows:
SSH -i PRIVKEY -p 55000 Server
It says permission denied public Key.. I am unable to get past this.. How to connect from C to A.. I need a programmatic solution.. Can't find a way through this..
Hey thanks for your message.
You didn’t specify which port you want to connect on machine A. Am going to assume 80.
I think it should be enough to do the reverse tunneling ssh between A and S having S use a the public ip/port 55000 that map to a port 80 on your computer A . Now machine C just connects normally (http) to machine S On port 55000 and that will tunnel requests to your A machine..
@@hnasr sorry I forgot to mention. It's port 22 on which I want to connect.. So that I can do SSH into A from terminal on C.
in local port forwarding we are trying to connect to a server1 :3389 but how does the client knows that the tunnel through which it can go is server2:22
still the same thing is happening right?.....even server2:22 is also sitting beside a firewall.....so how do client can interact with server2:22 but not server1:3389
Thanks for the interesting content. I have a question, I red somewhere that in vpn connection first time it uses tcp but inside tunnel it uses udp that is why it is not so slow. But u said it used tcp over tcp or u did not mean vpn connection? By the way it would super helpful if you beside presentation show us real life example or maybe in packet Tracer something like that :D
Elik Elik thanks for the suggestion. As for your comment that VPN tunnels in udp Im not sure if thats true, otherwise you will be losing data like crazy.
The slowness is due to extra layer of encryption, multiple hops and packet packaging.
Cheers hope that helps
Do you know an udp tunneling tool ?
7:45
Local port forwarding vs reverse port forwarding
17:45
"Go ahead sir!" LOL
those two dislikes are from hackers i bet
isnt this just using S1 as a proxy ? 8:00
If u know hindi make video in hindi
TCP Smuggling.