TCP Tunneling Applications Pros and Cons (Explained by Example)
Рет қаралды 37,342
Күн бұрын💻 More software engineering videos • Software Engineering b...
Tunneling is the process of encapsulating content from a protocol A into another protocol B, usually because protocol A is blocked or unavailable. In this video we will explain how TCP tunneling works, the applications of TCP tunnels and the pros and cons. Coming up!
* TCP Tunneling
* Applications
* Pros and Cons
TCP Tunneling
Here is how TCP Tunneling works.
Lets say your goal is to access a website that your ISP proxy blocks www.server2.com this is hosted on server2 on port 80. Lets say there is another Server1 that you have access to and Server1 have direct access to Server2. So if you can make Server1 make the request on your behave to Server2 and somehow deliver the results back to you, you just created a tunnel between You and Server1.
Here is how it actually works.
You create a legit tcp connection over a known protocol such as SSH between you and Server1. You then create a tcp packet that is intended for Sever2 so you tag it with Server2:80. Then you package that packet into another TCP packet intended for Server1! Huh ! Server1:22. You then forward the packet over, your ISP police will see that there is a packet intended to Server1 on port 22. Proxy approves and forwards it over not knowing that you are smuggling content in that packet. Also the proxy cant even look in the content because its encrypted with RSA. Server1 unpacks the package, decrypt and discover that its an other tcp packet. Here is where the shady stuff happen. Server1 now looks and see that the smuggled package is intended for Server2:80, created a connection and delivers the package it, it changes the source ip to its self and keeps track somehow of that. Once it receives the package it knows that this package has to go back to tunnel. The client now have access to the blocked site! What does this look like guys? Yes you guessed it its a VPN.
It’s literally like smuggling content inside a package 📦 that looks legitimate.
Server1 and Server2 can be the same server
There are many types of tunneling
Local port forwarding: Remote connection,
Socks Proxy: forward pretty much anything (VPN)
Reverse Tunneling : Expose local web server publically
Applications
VPN
Securing an insecure connection
Anonymity
Bypass firewall
SOCKS 4 proxy
redirect all your traffic regardless of the port to an internal proxy instead which tunnels it. Dynamic port forwarding
Pros
Secure connection
Access blocked services
Anonymity
Expose internal traffic
Cons
TCP meltdown (TCP over TCP)
Slow retransmission
Stateful
Local port forwarding
Just one app gets forwarded when the local port is requested
Socks
All apps goes through the proxy
Http tunneling
TCP VS UDP 1:00
11:00 OSI model
15:40 private vs public ip
18:35 proxy vs reverse proxy
24:30 TLS
11:20 local
16:20 reverse
20:40 socks
Stay Awesome!
Hussein
@hnasr Жыл бұрын
Get my Fundamentals of Networking for Effective Backends udemy course Head to network.husseinnasser.com for a discount coupon (link redirects to udemy with coupon applied)
@rongliao9255 4 жыл бұрын
Great tutorial with clear concise explanation! Plus, really good examples!
@christianjohansson9309 4 жыл бұрын
Thanks! These videos are great. Think I've watched them all soon 😁
@TarunKumar-en8si 3 жыл бұрын
This was very well explained. It is only a matter of time before your channel blows up. Subscribed!
@utsabbanerjee9672 2 жыл бұрын
I am glad that you talk about random stuff
@StuxNETozor 3 жыл бұрын
You're a great teacher Hussein, thanks for sharing knowledge !
@hnasr 3 жыл бұрын
❤️
@stephenschneider5240 3 жыл бұрын
Thanks for breaking this down so even I can understand
@dexterflodstrom9975 3 жыл бұрын
Awesome video! Really easy to understand, thanks a lot man
@jarinlima 4 жыл бұрын
Hi bro, I really loved your video and your way of explaining, it is a topic that had taken me a lot of work to understand and now I understand it thanks to you, greetings from Guatemala! I subscribe immediately
@hnasr 4 жыл бұрын
Hey Jarin, I absolutely appreciate your comment. Glad I could simplify the topic. Love to all my subscribers from Guatemala 🇬🇹 the land of great coffee ☕️
@balamca416 3 жыл бұрын
Awesome videos, you are great teacher, i will watch all videos.
@richardcoleman4686 Жыл бұрын
Really well done video. Thanks for sharing.
@vladislavkaras491 5 ай бұрын
Really great video! Thanks!
@ArchiDimon 2 жыл бұрын
Awesome content! Your channel is the first place I go to learn any new concept - before diving deeper into the docs. Great teaching skills!
@bihireboris3407 4 жыл бұрын
big thanks bro to those computer science lessons bro, for self teaching developers we only get lessons to make pages run we don't get access to those info 👌👌
@hnasr 4 жыл бұрын
bihire boris thank you ! I really like to share whatever new info I learn and there is endless sea 🌊 of good software engineering out there! Appreciate the support
@SaidNuriUYANIK 4 жыл бұрын
Great video and explanation, thank you so much
@hnasr 4 жыл бұрын
Said Nuri UYANIK thanks Said!
@munshiyadav4405 7 ай бұрын
Great tutorials 😍😍I am enjoying it alot
@kenilpatel7841 3 жыл бұрын
Really great video!! But just one question: Why would S2 entertain request coming from S1 but not from other clients (C1 in this case)?
@mozartgodson 4 жыл бұрын
God bless you bro....
@hnasr 4 жыл бұрын
Godson Rajamanickam 🙏
@rogerward0 3 жыл бұрын
lol I love your explanations. Thanks for the great vid.
@hnasr 3 жыл бұрын
Thanks Roger!
@glenndwiyatcita1663 3 жыл бұрын
Thank you for the video, Hussein. 🙇🏻♂️ I'm a wee confused of the concept terminologies though: how is it different from VPN? Is tunnelling protocol actually the underlying protocol of VPN?
@Ms.Robot. 3 жыл бұрын
I like this one. ❤ It was good. 😍
@thatshay3217 4 жыл бұрын
this helped thanks so much
@hnasr 4 жыл бұрын
That's Hay happy to help! 😊
@matteodefanti1654 3 жыл бұрын
In your opinion, what is the mechanism of teamviewer or anydesk? Thanks
@anshikagupta4931 2 жыл бұрын
I ditched Netflix for you !!! Are you a CDN ? I literally love the way you deliver content !
@ianurbina9777 3 жыл бұрын
Thanks!
@IgorAherne 3 жыл бұрын
Thanks man
@hnasr 3 жыл бұрын
Your welcome Igor 🙏
@ecw0647 2 жыл бұрын
This is very interesting. I use VMware a lot and my concern would be that tunneling might provide a way to negate the benefits of the VM. Is that something someone should worry about?
@MrOtmix 4 жыл бұрын
Thanks! This video is great. i have a question : is possible to connect to my local server using IP public (Router) with a specific port ? my machine has a Privat IP
@hnasr 4 жыл бұрын
Dzino XP hey! Sure you can. If you opened that port on your router kzbin.info/www/bejne/b2PFXp2gd7qFodk
@MrOtmix 4 жыл бұрын
@@hnasr Thanks sir, but i install xamp and i make change to port of apache at 8012 and open the port on my router so my router ip is for exmple 1.1.1.1 and my local ip is 192.168.1.2 , but when i type 1.1.1.1:8012 dont works "The connection has timed out" but it's work when i type 192.168.1.2:8012 and also work fine with ngrok
@MrOtmix 4 жыл бұрын
Any solution ?
@pajotrus 4 жыл бұрын
A great video, I've learnt a lot, but I have on doubt: 12:40 - this mini server (the entry to the tunnel) is actually an IpSec client? (I'm watching VPN vs Proxy video right now)
@hnasr 4 жыл бұрын
Correct! Either an IPSec or SOCKS proxy. Anything that can does the VPNing.
@djnoteazy 3 жыл бұрын
On the Pros and Cons slide... Isn't it should be STATELESS since you have to reconnect to the server if connection brakes?
@pkcc9381 4 жыл бұрын
Awesome videos. Can you please make a Video on Onion Routing, How does it bring Anonymity.
@hnasr 4 жыл бұрын
That is a great suggestion! Ill add it to my todo!
@nathanbenton2051 3 жыл бұрын
Really awesome videos! Is there ever UDP tunneling?
@hnasr 3 жыл бұрын
You made me research that haha not sure there is because tunneling require a two way connection.. i suppose you can create a UDP tunnel if you manage it at the application side? But you 100% sure you can tunnel UDP traffic through a TCP tunnel .
@thegame8538 2 жыл бұрын
I am trying to find a place to buy SSH Tunnel no-login servers. Have any ideas?
@elikelik3574 4 жыл бұрын
Thanks for the interesting content. I have a question, I red somewhere that in vpn connection first time it uses tcp but inside tunnel it uses udp that is why it is not so slow. But u said it used tcp over tcp or u did not mean vpn connection? By the way it would super helpful if you beside presentation show us real life example or maybe in packet Tracer something like that :D
@hnasr 4 жыл бұрын
Elik Elik thanks for the suggestion. As for your comment that VPN tunnels in udp Im not sure if thats true, otherwise you will be losing data like crazy. The slowness is due to extra layer of encryption, multiple hops and packet packaging. Cheers hope that helps
@palaniappanrm6277 3 жыл бұрын
So when you connect to VPN from laptop/mobile, essentially what happens is a local port forwarding to that IP address. That actually makes sense. But how do we get a private IP of that VPN network once the connection gets established? In that case, it means we're already connected in that network locally. Then why do we need this local port forwarding? Not needed right? I hope I'll not confusing you.
@hnasr 3 жыл бұрын
I talk about VPN here and explain I think answers your questions kzbin.info/www/bejne/pKHRoqyIiZxqkMU
@255pixels9 4 жыл бұрын
Hey Hussein. You are awesome! I am stuck with a reverse port forwarding tunnel method.. your suggestion would help: I have computers A (dynamic IP), S (Server with Public IP) and C (client with dynamic IP). Trying to access A from C via S. I first created a SSH Key on A. Copied the public key from A to S. Then used the private key to create reverse ssh tunnel from A to S at random port 55000. It connects fine. Then I create a SSH Key on C. Copied the public key from C to S. Then used the private key to SSH to S at port 55000 as follows: SSH -i PRIVKEY -p 55000 Server It says permission denied public Key.. I am unable to get past this.. How to connect from C to A.. I need a programmatic solution.. Can't find a way through this..
@hnasr 4 жыл бұрын
Hey thanks for your message. You didn’t specify which port you want to connect on machine A. Am going to assume 80. I think it should be enough to do the reverse tunneling ssh between A and S having S use a the public ip/port 55000 that map to a port 80 on your computer A . Now machine C just connects normally (http) to machine S On port 55000 and that will tunnel requests to your A machine..
@255pixels9 4 жыл бұрын
@@hnasr sorry I forgot to mention. It's port 22 on which I want to connect.. So that I can do SSH into A from terminal on C.
@jacoborb5 3 жыл бұрын
Do you know an udp tunneling tool ?
@sahilsharma-hj4gq 3 жыл бұрын
I think you are talking about LUCY movie bro in the end.
@ankuragarwal9712 Жыл бұрын
in local port forwarding we are trying to connect to a server1 :3389 but how does the client knows that the tunnel through which it can go is server2:22
@ankuragarwal9712 Жыл бұрын
still the same thing is happening right?.....even server2:22 is also sitting beside a firewall.....so how do client can interact with server2:22 but not server1:3389
@Storabrost 3 жыл бұрын
"Go ahead sir!" LOL
@dheelakaperera3741 4 жыл бұрын
Hey how to surf internet from only using youtube server i am free to use youtube from data charges and i want to surf other websites also how can i do itn plz guide me
@mostinho7 3 жыл бұрын
7:45 Local port forwarding vs reverse port forwarding
@mostinho7 3 жыл бұрын
17:45
@turner7777 2 жыл бұрын
isnt this just using S1 as a proxy ? 8:00
@pinhead3030 4 жыл бұрын
those two dislikes are from hackers i bet
@shubham_srt 2 жыл бұрын
@RaviSharma-br3lq 3 жыл бұрын
If u know hindi make video in hindi
@hellelo.5840 Жыл бұрын
TCP Smuggling.
Fabiosa Best Lifehacks
Рет қаралды 11 МЛН
FISPECKT
Рет қаралды 156 М.