Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Network Programming
for Network Architects
and Engineers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Introduction: Questions
• Finish up from this mornings discussion
• SUPER QUICK Review of UDP
• Difference between UDP and TCP
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DevNet1041: Any Questions From This Morning?
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
5
Sending & Receiving Data: UDP
followUDP_Client1.py
- Takes UDP port number from the keyboard
- Continually receives UDP datagram messages
- Decodes the message using ROT-13 algorithm
- Example of socket port binding, datagram service, setting socket options and socket
sendto() method
DEVNET-1040
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
X.X.X.X.0/24 10.0.2.0/24
Username: vagrant Username: vagrant Username: xxxxxxxx
Username: xxxxxxxx
Password: vagrant Password: vagrant Password: xxxxxxxx
Password: xxxxxxxx
HYPER-V
Surface
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security: Encrypting Messages
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data: UDP
- Easy to copy into our code but Evil Server is sitting out there – how do we get the keys to each side?
- Example of why we let the lower layer protocol stacks do all the hard work
https://cisco.box.com/v/devnet1040 DEVNET-1040
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Introduction: Questions
• Python getpass Built-in: Really, REALLY BAD ‘Log on System’
• Python Socket Library: Simple Message Passing Using UDP
• Python Hashlib Library: Secure Hashes and Message Digests
• Conclusion
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Python Socket Library:
Simple Message Passing
Using TCP
Sending & Receiving Data
https://cisco.box.com/v/devnet1040 DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
UDP Socket Objects
Retrieve (and use) the Python socket module
c = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
New socket object What Protocol Stack Version? What Part of the Protocol Stack Do You Want ?
INET: use IPv4 SOCK_STREAM: use TCP
INET6: use IPv6 SOCK_DGRAM: use UDP
UDP Sockets
followUDP_Client.py
import socket
c = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
‘c’
10.255.88.76
NIC
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
UDP Sockets
followUDP_Client.py
import socket
c = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
NIC
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
UDP Sockets
followUDP_Client.py
GOTCHA! Binds to a preferred interface & Port Numbers
import socket
Bind options:
c = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
c.bind((“ “, 12345)) # accept from any interface
c.bind((‘ ’,5678))
c.bind((“127.0.0.1”,12345)) # only connect locally
c.bind((“10.255.88.255”,12345)) # only All Hosts interface
c.bind((“10.255.88.76”, 12345)) # Bind to this specific interface
NIC
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
followUDP_Server.py
UDP Sockets
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST)
s.sendto(msg,dest)
Socket object
‘s’
10.255.88.76
NIC
https://cisco.box.com/v/devnet1040 DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DevNet 1042 (TCP) Agenda:
https://cisco.box.com/v/DevNet1040GettingStarted
Sending & Receiving Data
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data: Geek Test
TCP
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
TCP Socket Objects
Retrieve (and use) the Python socket module
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
New socket object What Protocol Stack Version? What Part of the Protocol Stack Do You Want ?
(in this case we just INET: use IPv4
call it ‘c’ for ‘client’)
SOCK_STREAM: use TCP
INET6: use IPv6 SOCK_DGRAM: use UDP
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
New socket object What Protocol Stack Version? What Part of the Protocol Stack Do You Want ?
INET: use IPv4 SOCK_STREAM: use TCP
INET6: use IPv6 SOCK_DGRAM: use UDP
Sockets
client
import socket
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
Socket object
c.connect((‘www.cisco.com’,80)) Socket object
- Gets instantiated/’spun up’ (on each side) through the
‘c’ python socket module
- Handles setting up the session
- Handles sending & receiving data
- Handles Error recovery
- Handles ending/tearing down the session
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
Sockets
server
GOTCHA! Binds to the preferred interface
import socket
serverAddr = socket.gethostname()
s.bind((“ “, 12345)) # accept from any interface
s.bind((serverAddr,12345))
s.bind((“127.0.0.1”,12345)) # only connect locally
s.bind((“10.255.88.76”,12345)) # only this specific interface
10.255.88.76
NIC
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
server
Sockets
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serverAddr = s.gethostname()
s.bind((serverAddr,12345))
s.listen(5)
while 1:
client, cleintAddr = s.accept()
10.255.88.76
NIC
https://cisco.box.com/v/devnet1040 DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
Sockets server
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serverAddr = ‘10.255.88.76’
client
s.bind((serverAddr,12345))
import socket
s.listen(5) client 192.168.13.5
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
c.connect((‘10.255.88.76’,80)
while 1:
c.send(‘Hello Server!!!’)
Socket object client, clientAddr = s.accept()
Socket object
c.shutdown(socket.SHUT_RDWR))
‘c’ ‘client’
client.close()
10.255.88.76
192.168.19.5
Hello Server!!! TCP | IP NIC NIC
https://cisco.box.com/v/devnet1040 DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data
Sockets server
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serverAddr = s.gethostname()
client
s.bind((serverAddr,12345))
import socket
s.listen(5)
c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client 192.168.13.5
client2 10.23.11.254
c.connect((‘www.cisco.com’,80))
Socket object3 client3 17.255.10.1
while 1:
c.send(‘Hello Server!!!’) Socket object2
Socket object client, clientAddr = s.accept()
Socket object
c.shutdown(socket.SHUT_RDWR)
‘client’
‘client’
‘c’ ‘client’
print “I just got a connection request from: “, clientAddr
client.close()
10.255.88.76
192.168.19.5
Hello Server!!! TCP | IP NIC NIC
https://cisco.box.com/v/devnet1040 DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Execution Space Python Execution Space
DOS
server Client
.py py
SERVER CLIENT
192.168.56.1:12345 192.168.56.101:12345
TCP
OS Kernel TCP/I
P
Transmit Receive /IP OS Kernel
Stack Stac
k
NIC NIC
Receive Transmit
Server set-up
s = socket.socket(AF_INET…
s = bind(host, port)
c.connect(“192.168.56.1”, 12345)
s.listen() SYN
Accept connect, spin up SO s.accept()
SYN-RECEIVED state SYN-ACK
Return success
ESTABLISHED state
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Simple Message Passing Using TCP
followTCP_Client.py followTCP_Server.py
LISTEN *
connect
CLIENT
SERVER
Hello Server!
HELLO CLIENT!!!
NOTE: If you want to connect between machines (e.g., the VM and your PC),
make sure that any internal FW and/or VPNs ar disconnected.
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Simple Message Passing Using TCP
followTCP_Client.py followTCP_Server.py
- Uses built-in socket module:
- Uses built-in socket module: - .bind(), .setsockopt(), .listen(), .accept(), send(),
- .connect(), getsockname(), send(), recv(), recv(), close() methods
close() methods - Sets socket option
- Takes an IP address & port number from user. - Takes an IP address & port number from user.
- Establishes a stream/TCP object - Binds to the IP address and port given by the user
- Connects to server - Issues a listen for up to 5 outstanding requests
- Displays socket name - Infinitely loops:
- Sends ‘Hello Server!’ message - Accepts a connection request & displays who called
- Waits for a response (issues recv()) - Issues a receive to get the client message
- Displays the message back from server - Sends ‘HELLO CLIENT!’ message back to client
- Closes the socket connection - Shuts down the client connection
- Asks if user wants to continue looping/waiting for calls
- If ‘y’ server continues listening for inbound
connection requests
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Sending & Receiving Data: TCP
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Simple File Transfer Using TCP
followTCP_Client2.py followTCP_Server2.py
LISTEN *
connect
CLIENT
SERVER
File name to send back
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Simple File Transfer Using TCP
followTCP_Client2.py followTCP_Server2.py
-
Uses built-in socket module:
- Uses built-in socket module: - .bind(), .setsockopt(), .listen(), .accept(), send(),
- .connect(), getsockname(), send(), recv(), recv(), close() methods
close() methods - Sets socket option
- Takes an IP address & port number from user. - Takes an IP address & port number from user.
- Establishes a stream/TCP object - Binds to the IP address and port given by the user
- Connects to server - Issues a listen for up to 5 outstanding requests
- Displays socket name - Infinitly loops:
- Sends name of file to retrieve to server - Accepts a connection request & displays who called
- Opens a local file (with the same name) for writing - Issues a receive to get the client message
- Continually gets 1024 blocks of the file - Opens the file name (sent by the client) for reading
recv(1024). - Begins looping:
- When data back from server is null “ “, client - Reads 1024 bytes of the file
closes the local file and the socket connection - Sends 1024 byte block back to the client
- When local file hits EOF:
- Close the local file
- Close the connection
- Wait for the next connection request
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Sending & Receiving Data: TCP
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Simple File Transfer With Directory Search Using TCP
followTCP_Client3.py followTCP_Server3.py
LISTEN *
connect
CLIENT
SERVER
File name to retrieve
search
NOTE: If you want to connect between machines (e.g., the VM and your PC),
make sure that any internal FW and/or VPNs ar disconnected.
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Simple File Transfer With Directory Search Using TCP
followTCP_Client3.py followTCP_Server3.py
-
Uses built-in socket module:
- Uses built-in socket module: - .bind(), .setsockopt(), .listen(), .accept(), send(),
- .connect(), getsockname(), send(), recv(), recv(), close() methods
close() methods - Sets socket option
- Takes an IP address & port number from user. - Takes an IP address & port number from user.
- Establishes a stream/TCP object - Binds to the IP address and port given by the user
- Connects to server - Issues a listen for up to 5 outstanding requests
- Displays socket name - Infinitly loops:
- Sends name of file to retrieve to server - Accepts a connection request & displays who called
- Opens a local file (with the same name) for writing - Issues a receive to get the client message
- Continually gets 1024 blocks of the file - Opens the file name (after search) for reading
recv(1024). - Begins looping:
- When data back from server is null “ “, client - Reads 1024 bytes of the file
closes the local file and the socket connection - Sends 1024 byte block back to the client
- When local file hits EOF:
- Close the local file
- Close the connection
- Wait for the next connection request
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Sending & Receiving Data: TCP
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Sending & Receiving Data: TCP
LISTEN *
connect
SERVER
CLIENT Key Exchange/Negotiation
1. Client sends a hello with key exchange method, cipher, hash, etc
2. Server sends back what it selects for the session (key, cipher, etc.)
server.crt file server.crt file
3. Server sends a certificate that identifies it as legit
server.key file
4. Client sends a ‘start encrypting’ message
5. Server sends a ‘start encrypting’ message 42
https://cisco.box.com/v/DevNet1040GettingStarted © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sending & Receiving Data: TCP
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Sending & Receiving Data: TCP
followSSL_Client.py
- Uses ssl module ssl.wrap_socket(), connect(),getpeername(),
.cipher(),, .getpeercert(), .read(), write() methods
- Takes IP address, port from user.
- Initiates a socket wrap request to server using self-signed certificate
- If negotiation is successful, issues an ssl.connect()
- Displays the remote peer socket name (the server)
- Dsiplays the ssl.cipher being used
- Requests and then displays the certificate from the server
- Sends the server a message to display
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Sending & Receiving Data: TCP
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Sending & Receiving Data: TCP
followSSL_Server.py
- Uses socket bind() & listen(), shutdown() methods, ssl module
ssl.wrap_socket(), .read(), write() methods
- Takes IP address, port from user.
- Accepts a socket wrap request from client using self-signed certificate
and key
- If negotiation is successful, continually reads/recev() message from
client and displays it.
- Uses ssl socket shutdown() to close the SSL tunnel and the ‘normal’
socket tunnel
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Sending & Receiving Data: TCP
followSSL_Server.py
https://cisco.box.com/v/devnet1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Introduction to Network Programming for Architects and Engineers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Machine to Machine - Decompose Simple TCP Message Passing
https://cisco.box.com/v/devnet1040 DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Presentation ID © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
X.X.X.X.0/24 10.0.2.0/24
Username: vagrant Username: vagrant Username: xxxxxxxx
Username: xxxxxxxx
Password: vagrant Password: vagrant Password: xxxxxxxx
Password: xxxxxxxx
HYPER-V
Surface
Topics We Didn’t Cover……
udpChatClient.py
udpChatServer.py
DEVNET-1040
https://cisco.box.com/v/devnet1040
Python Hashlib Library:
Secure Hashes and
Message Digests
News Flash !
https://cisco.box.com/v/devnet1040
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
https://cisco.box.com/v/devnet1040
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security
followHash_List.py
- Uses hashlib and webbrowser:
- .hashlib.algorithms, update(),hexdigest() methods
- Takes a string as input from user.
- Displays a list of supported algorithms for this platform
- Generates a hash value for each supported algorithm
- Uses webbrowser module to link to
http://hash.online-convert.com/ in order to validate the
hashes
https://cisco.box.com/v/devnet1040
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Security
https://cisco.box.com/v/devnet1040
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
PART II: Python Examples
Follow Along:
https://cisco.box.com/v/devnet1040
DEVNET-1040 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank You
https://cisco.box.com/v/devnet1040
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59