0

I'm learning socks5 protocol and trying to write my own socks5 TCP-based server relying on RFC 1928 documentation (https://www.rfc-editor.org/rfc/rfc1928). I use python to handle all networking. My goal is to inspect all http traffic going from my browser and just redirect wherever it needs to go.

How it goes so far (bytes represented as a decimal numbers):

  1. Client asks to establish connection (I configured my browser to use localhost as a SOCKS5 server): 5 1 0
  2. I accept connection: 5 0
  3. Client reply: 5 1 0 1 2 19 112 1

According to RFC 1928:

    +----+-----+-------+------+----------+----------+
    |VER | CMD |  RSV  | ATYP | DST.ADDR | DST.PORT |
    +----+-----+-------+------+----------+----------+
    | 1  |  1  | X'00' |  1   | Variable |    2     |
    +----+-----+-------+------+----------+----------+

As far as I understand my port is 112 1 (two bytes, which is fine), but address is 2 19 (also two bytes, which is not fine). What do I miss?

CodingTea
  • 15
  • 4
  • AFAICT there should be 4 bytes for an IPv4 address, as described in [section 5](https://www.rfc-editor.org/rfc/rfc1928#section-5). I've found running `tcpdump -vv` helpful for looking at the raw bytes moving around, or [`scapy`](https://scapy.net/) can be good if you're after something in Python – Sam Mason Feb 09 '23 at 12:36

0 Answers0