Dev Net 1042

Introduction to Python
Network Programming
for Network Architects
and Engineers
Vince Kelly TSA

DevNet1041
CL Melbourne Agenda
 Day 1 DevNet1040 Repository/Basics
 Day 2 DevNet1041 UDP
 Day 3 DevNet1042 TCP
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Introduction: Questions
• Finish up from this mornings discussion
• SUPER QUICK Review of UDP
• Difference between UDP and TCP
DevNet1041: Any Questions From This Morning?
Some Good Reference Material on Python Network Programming
Python Network Programming Coding 101: DNA, REST and APIC-EM

By David W. Beazley By Brett Tiller
https://cisco.box.com/v/devnet1040 https://cisco.box.com/v/devnet1040
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
5
Sending & Receiving Data: UDP
Machine to Machine - Simple UDP Message Passing

Putting It All Together
followUDP_Server1.py
- Takes UDP port number from the keyboard

- Prompts user to enter a message
- Encodes the message using ROT-13 algorithm
- Continually sends encoded message as a UDP datagram
- Example of socket datagram service, setting socket options and socket sendto() method
followUDP_Client1.py
- Takes UDP port number from the keyboard
- Continually receives UDP datagram messages
- Decodes the message using ROT-13 algorithm
- Example of socket port binding, datagram service, setting socket options and socket
sendto() method
DEVNET-1040
X.X.X.X.0/24 10.0.2.0/24
Username: vagrant Username: vagrant Username: xxxxxxxx
Username: xxxxxxxx
Password: vagrant Password: vagrant Password: xxxxxxxx
Password: xxxxxxxx
Ubuntu WINDOWS VMs Are

Ubuntu64 Windows8.1_64 WindowsXP_32 NOT PROVIDED
14.04 LTS Server 30 day evals available here:
WIN81_64 IEUser
Router 12.04
http://www.vagrantbox.es/
X86_64
DHCP
NAT 100 - 150 eth0 eth0 eth0
.1
eth0 eth1
External vSwitch Private vSwitch

Isolation Segment
HYPER-V
Surface
Security: Encrypting Messages
Why Kids Should NOT Have Computers…….
Sending & Receiving Data: UDP
Machine to Machine - Simple UDP Message Passing

Putting It All Together
cryptoExample.py
- Uses AES Cipher module in Python Library
- Prompts the user to enter a message
- Encodes the message using AES Cipher
- Prints the Message
- Decodes and prints out the original message
- Easy to copy into our code but Evil Server is sitting out there – how do we get the keys to each side?
- Example of why we let the lower layer protocol stacks do all the hard work
https://cisco.box.com/v/devnet1040 DEVNET-1040
Agenda
• Introduction: Questions
• Python getpass Built-in: Really, REALLY BAD ‘Log on System’
• Python Socket Library: Simple Message Passing Using UDP
• Python Hashlib Library: Secure Hashes and Message Digests
• Conclusion
Python Socket Library:
Simple Message Passing
Using TCP
Sending & Receiving Data
The ‘Big Five’ Questions to Answer:

1) What kind of network do we want to talk to?
• What ‘address family’? IPv4 (AF_INET) or IPv6 (AF_INET6), etc.
2) What type of connection do we want?

• Do we want a datagram service (UDP) or a connection oriented stream service (TCP)?
3) What kind of protocol do we need?

• Answers 1 and 2 already narrowed this down
4) What IP address to use?

5) What UDP or TCP port number should we use?
https://cisco.box.com/v/devnet1040 DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UDP Socket Objects
Retrieve (and use) the Python socket module
import socket Python socket module’s METHOD
c = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
New socket object What Protocol Stack Version? What Part of the Protocol Stack Do You Want ?
INET: use IPv4 SOCK_STREAM: use TCP
INET6: use IPv6 SOCK_DGRAM: use UDP
What do we mean by a ‘socket object’?

UDP Sockets
followUDP_Client.py
import socket
c.bind((‘ ’,5678)) Socket object

- Gets instantiated/’spun up’ (on each side) through the
python socket module
- Handles setting up the session
- Handles sending & receiving data
- Handles Error recovery
Socket object
- Handles ending/tearing down the session
‘c’
10.255.88.76
NIC
UDP Sockets
followUDP_Client.py
import socket
client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) Socket object

c.bind((‘ ’,5678)) - Gets instantiated/’spun up’ (on each side) through the
client.bind((‘ ‘,3579)) python socket module
Socket object
Socket object
‘client’
‘c’
10.255.88.76
NIC
UDP Sockets
followUDP_Client.py
GOTCHA! Binds to a preferred interface & Port Numbers
import socket
Bind options:
c.bind((“ “, 12345)) # accept from any interface
c.bind((‘ ’,5678))
c.bind((“127.0.0.1”,12345)) # only connect locally
c.bind((“10.255.88.255”,12345)) # only All Hosts interface
c.bind((“10.255.88.76”, 12345)) # Bind to this specific interface
TCP/UDP Port Numbers:

Socket object
0 65535 # Range MUST be an integer
0 1023 # Reserved Ports
‘c’ 1024 49151 # Registered Ports
49152 65535 # Dynamic Ports
10.255.88.76
NIC
followUDP_Server.py
UDP Sockets
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST)
dest = (‘<broadcast>’, 5678)
msg = “Hello World”
s.sendto(msg,dest)
Socket object
‘s’
10.255.88.76
NIC
DevNet 1042 (TCP) Agenda:
• TCP: Simple Message Passing

• TCP: Simple File Transfer
• TCP: Simple File Transfer With Directory Search
• Instantiating an SSL Connection Over TCP
https://cisco.box.com/v/DevNet1040GettingStarted
Geek Test !!!!
Sending & Receiving Data: Geek Test
The Difference Between UDP and TCP….
UDP “A UDP Packet Bar Walks A Into………”
TCP
TCP Socket Objects
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
(in this case we just INET: use IPv4
call it ‘c’ for ‘client’)
SOCK_STREAM: use TCP

Socket Objects
INET: use IPv4 SOCK_STREAM: use TCP

Sockets
client
import socket
Socket object
c.connect((‘www.cisco.com’,80)) Socket object
- Gets instantiated/’spun up’ (on each side) through the
‘c’ python socket module
Sockets
server
GOTCHA! Binds to the preferred interface
import socket
Bind options: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serverAddr = socket.gethostname()
s.bind((“ “, 12345)) # accept from any interface
s.bind((serverAddr,12345))
s.bind((“127.0.0.1”,12345)) # only connect locally
s.bind((“10.255.88.76”,12345)) # only this specific interface
10.255.88.76
NIC
server
Sockets
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serverAddr = s.gethostname()
s.listen(5)
while 1:
client, cleintAddr = s.accept()
10.255.88.76
NIC
Sockets server
import socket
serverAddr = ‘10.255.88.76’
client
import socket
s.listen(5) client 192.168.13.5
c.connect((‘10.255.88.76’,80)
while 1:
c.send(‘Hello Server!!!’)
Socket object client, clientAddr = s.accept()
Socket object
c.shutdown(socket.SHUT_RDWR))
print “I just got a connection request from: “, clientAddr
‘c’ ‘client’
client.close()
10.255.88.76
192.168.19.5
Hello Server!!! TCP | IP NIC NIC
Sockets server
import socket
serverAddr = s.gethostname()
client
import socket
s.listen(5)
client 192.168.13.5
client2 10.23.11.254
c.connect((‘www.cisco.com’,80))
Socket object3 client3 17.255.10.1
while 1:
c.send(‘Hello Server!!!’) Socket object2
Socket object client, clientAddr = s.accept()
Socket object
c.shutdown(socket.SHUT_RDWR)
‘client’
‘client’
‘c’ ‘client’
print “I just got a connection request from: “, clientAddr
client.close()
10.255.88.76
192.168.19.5
Hello Server!!! TCP | IP NIC NIC
Execution Space Python Execution Space
DOS
server Client
.py py
SERVER CLIENT
192.168.56.1:12345 192.168.56.101:12345
TCP
OS Kernel TCP/I
P
Transmit Receive /IP OS Kernel
Stack Stac
k
NIC NIC
Receive Transmit
Server set-up
s = socket.socket(AF_INET…
s = bind(host, port)
c.connect(“192.168.56.1”, 12345)
s.listen() SYN
Accept connect, spin up SO s.accept()
SYN-RECEIVED state SYN-ACK
Return success
ESTABLISHED state
ESTABLISHED state ACK
Notice the new client socket object c1.send() c.recv(num bytes)

DATA EXCHANGE
c.close())
FIN-WAIT-1 state
CLOSE-WAIT state FIN

c1.close()
BOOM!! ACK
FIN-WAIT-2 state
FIN
TIME-WAIT state
CLOSED state
ACK © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data: TCP
Simple Message Passing Over TCP
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Simple Message Passing Using TCP
followTCP_Client.py followTCP_Server.py
LISTEN *
connect
CLIENT
SERVER
Hello Server!
HELLO CLIENT!!!
NOTE: If you want to connect between machines (e.g., the VM and your PC),
make sure that any internal FW and/or VPNs ar disconnected.
Simple Message Passing Using TCP
followTCP_Client.py followTCP_Server.py
- Uses built-in socket module:
- Uses built-in socket module: - .bind(), .setsockopt(), .listen(), .accept(), send(),
- .connect(), getsockname(), send(), recv(), recv(), close() methods
close() methods - Sets socket option
- Takes an IP address & port number from user. - Takes an IP address & port number from user.
- Establishes a stream/TCP object - Binds to the IP address and port given by the user
- Connects to server - Issues a listen for up to 5 outstanding requests
- Displays socket name - Infinitely loops:
- Sends ‘Hello Server!’ message - Accepts a connection request & displays who called
- Waits for a response (issues recv()) - Issues a receive to get the client message
- Displays the message back from server - Sends ‘HELLO CLIENT!’ message back to client
- Closes the socket connection - Shuts down the client connection
- Asks if user wants to continue looping/waiting for calls
- If ‘y’ server continues listening for inbound
connection requests
MAKE SURE INTERNAL FW AND VPNs ARE DISCONNECTED
Simple File Transfer Over TCP
Simple File Transfer Using TCP
followTCP_Client2.py followTCP_Server2.py
LISTEN *
connect
CLIENT
SERVER
File name to send back
File contents in 1024 blocks
- Open the file

- Read in 1024 Blocks
Simple File Transfer Using TCP
-
Uses built-in socket module:
- Displays socket name - Infinitly loops:
- Sends name of file to retrieve to server - Accepts a connection request & displays who called
- Opens a local file (with the same name) for writing - Issues a receive to get the client message
- Continually gets 1024 blocks of the file - Opens the file name (sent by the client) for reading
recv(1024). - Begins looping:
- When data back from server is null “ “, client - Reads 1024 bytes of the file
closes the local file and the socket connection - Sends 1024 byte block back to the client
- When local file hits EOF:
- Close the local file
- Close the connection
- Wait for the next connection request
Simple File Transfer With Directory Search Over TCP
Simple File Transfer With Directory Search Using TCP
LISTEN *
connect
CLIENT
SERVER
File name to retrieve
search
File contents in 1024 blocks
Simple File Transfer With Directory Search Using TCP
-
Uses built-in socket module:
- Displays socket name - Infinitly loops:
- Sends name of file to retrieve to server - Accepts a connection request & displays who called
- Opens a local file (with the same name) for writing - Issues a receive to get the client message
- Continually gets 1024 blocks of the file - Opens the file name (after search) for reading
recv(1024). - Begins looping:
- When data back from server is null “ “, client - Reads 1024 bytes of the file
closes the local file and the socket connection - Sends 1024 byte block back to the client
- When local file hits EOF:
- Close the local file
- Close the connection
- Wait for the next connection request
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Encrypting TCP Traffic over the Network Using SSL
Establish Client/Server Connection Over SSL

followSSL_Client.py followSSL_Server.py
LISTEN *
connect
SERVER
CLIENT Key Exchange/Negotiation
New socket ‘wrapped’ around the old
1. Client sends a hello with key exchange method, cipher, hash, etc
2. Server sends back what it selects for the session (key, cipher, etc.)
server.crt file server.crt file
3. Server sends a certificate that identifies it as legit
server.key file
4. Client sends a ‘start encrypting’ message
5. Server sends a ‘start encrypting’ message 42
https://cisco.box.com/v/DevNet1040GettingStarted © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Establish a Client/Server Connection Over SSL
SSL Follow Along:

followSSL_Client.py Connect to server using SSL,send a message then display the self-signed certificate
followSSL_Server.py Accept/establish SSL tunnel request, display client message, send back certificate

Client Side:
followSSL_Client.py
- Uses ssl module ssl.wrap_socket(), connect(),getpeername(),
.cipher(),, .getpeercert(), .read(), write() methods
- Takes IP address, port from user.
- Initiates a socket wrap request to server using self-signed certificate
- If negotiation is successful, issues an ssl.connect()
- Displays the remote peer socket name (the server)
- Dsiplays the ssl.cipher being used
- Requests and then displays the certificate from the server
- Sends the server a message to display

Client Side:
followSSL_Client.py

Server Side:
followSSL_Server.py
- Uses socket bind() & listen(), shutdown() methods, ssl module
ssl.wrap_socket(), .read(), write() methods
- Takes IP address, port from user.
- Accepts a socket wrap request from client using self-signed certificate
and key
- If negotiation is successful, continually reads/recev() message from
client and displays it.
- Uses ssl socket shutdown() to close the SSL tunnel and the ‘normal’
socket tunnel

Server Side:
followSSL_Server.py
Introduction to Network Programming for Architects and Engineers
End of Part III DevNet 1042

Questions?
Machine to Machine - Decompose Simple TCP Message Passing
Presentation ID © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
X.X.X.X.0/24 10.0.2.0/24
Username: vagrant Username: vagrant Username: xxxxxxxx
Username: xxxxxxxx
Password: vagrant Password: vagrant Password: xxxxxxxx
Password: xxxxxxxx
Ubuntu WINDOWS VMs Are

Ubuntu64 Windows8.1_64 WindowsXP_32 NOT PROVIDED
14.04 LTS Server 30 day evals available here:
WIN81_64 IEUser
Router 12.04
http://www.vagrantbox.es/
X86_64
DHCP
NAT 100 - 150 eth0 eth0 eth0
.1
eth0 eth1
External vSwitch Private vSwitch

Isolation Segment
HYPER-V
Surface
Topics We Didn’t Cover……
udpChatClient.py
- Example of Try Except Finally error correction clauses

- Example of process/communications limitations: Run one of these in IDLE the other from
the command prompt
udpChatServer.py
- Works with udpChatClient

- Example of process/communications limitations: Run one of these in IDLE the other from
the command prompt
DEVNET-1040
https://cisco.box.com/v/devnet1040
Python Hashlib Library:
Secure Hashes and
Message Digests
News Flash !
“….The combined resources of Microsoft and the Catholic

Church will allow us to make religion easier and more fun
for a broader range of people." Under the terms of the
deal, Microsoft would acquire exclusive electronic rights
to the Bible and would make the sacraments available
online.”
http://hoaxes.org/archive/permalink/microsoft_buys_the_catholic_church
Security
Display All Available Hash Algorithms on This Machine
followHash_List.py
- Uses hashlib and webbrowser:
- .hashlib.algorithms, update(),hexdigest() methods
- Takes a string as input from user.
- Displays a list of supported algorithms for this platform
- Generates a hash value for each supported algorithm
- Uses webbrowser module to link to
http://hash.online-convert.com/ in order to validate the
hashes
Security
Generate a One-way Hash for a File

followHash_File.py
- Uses hashlib and webbrowser:
- .hashlib.algorithms, update(),hexdigest() methods
- Takes a filename and hash algorithm as input from user.
- Generates a hash value for the file
- Uses webbrowser module to link to http://hash.online-
convert.com/ in order to validate the hashes
PART II: Python Examples
Follow Along:
followLogon.py Retrieves UserID & Password then opens webbrowser

followUDP_Server.py Gets UDP port number, binds to the port then continually broadcasts
followUDP_Client.py Gets UDP input port #, then continually receives messages from server
followUDP_EvilServer.py Demonstrates MtM attack, Demonstrates send/recv in the same process
followUDP_Server1.py Encode ROT13 message
followUDP_Client1.py Decodes ROT13 message
followHash_List.py Takes input message and displays various hash values for it
followUDP_Server1.py Gets UDP port number, binds to the port then continually broadcasts
followUDP_Client1.py Gets UDP input port #, then continually receives messages from server
DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank You

Dev Net 1042

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Dev Net 1042

Caricato da

Copyright:

Formati disponibili

Introduction to Python

Vince Kelly TSA

Some Good Reference Material on Python Network Programming

Python Network Programming Coding 101: DNA, REST and APIC-EM

Machine to Machine - Simple UDP Message Passing

- Takes UDP port number from the keyboard

Ubuntu WINDOWS VMs Are

External vSwitch Private vSwitch

Why Kids Should NOT Have Computers…….

Machine to Machine - Simple UDP Message Passing

The ‘Big Five’ Questions to Answer:

2) What type of connection do we want?

3) What kind of protocol do we need?

4) What IP address to use?

import socket Python socket module’s METHOD

What do we mean by a ‘socket object’?

c.bind((‘ ’,5678)) Socket object

client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) Socket object

TCP/UDP Port Numbers:

dest = (‘<broadcast>’, 5678)

msg = “Hello World”

• TCP: Simple Message Passing

Geek Test !!!!

The Difference Between UDP and TCP….

UDP “A UDP Packet Bar Walks A Into………”

import socket Python socket module’s METHOD

What do we mean by a ‘socket object’?

import socket Python socket module’s METHOD

What do we mean by a ‘socket object’?

Bind options: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

print “I just got a connection request from: “, clientAddr

ESTABLISHED state ACK

Notice the new client socket object c1.send() c.recv(num bytes)

CLOSE-WAIT state FIN

Simple Message Passing Over TCP

MAKE SURE INTERNAL FW AND VPNs ARE DISCONNECTED

Simple File Transfer Over TCP

File contents in 1024 blocks

- Open the file

Simple File Transfer With Directory Search Over TCP

File contents in 1024 blocks

Encrypting TCP Traffic over the Network Using SSL

Establish Client/Server Connection Over SSL

New socket ‘wrapped’ around the old

Establish a Client/Server Connection Over SSL

SSL Follow Along:

Establish Client/Server Connection Over SSL

Establish Client/Server Connection Over SSL

Establish Client/Server Connection Over SSL

Establish Client/Server Connection Over SSL

End of Part III DevNet 1042

Ubuntu WINDOWS VMs Are

External vSwitch Private vSwitch

- Example of Try Except Finally error correction clauses

- Works with udpChatClient

“….The combined resources of Microsoft and the Catholic

Display All Available Hash Algorithms on This Machine

Generate a One-way Hash for a File

followLogon.py Retrieves UserID & Password then opens webbrowser

Potrebbero piacerti anche