Tcp layer binary data manupulation

application sends data to specific port , in tcp layer how can I parse the binary data and get the destination address and port ? ? Applications use various kinds of protocols. like http / websocket / FTP / smtp ..etc

What is it you are actually wanting to do?

Applications operate on an abstraction layer above the TCP/IP layer. Typically applications don't need to know or care what IP address or port they are getting data from. A web server can be run on pretty much any port and work just the same. If you are writing a server application you already know what port it will use because you tell it which port to listen on. Similarly if you are writing a client your code has to specify which port to connect to on the server.

Given all that its's not clear what your question is about.

At a lower level of abstraction, if you are observing TCP/IP packets from some interface you will have to decode the binary format. Which you can find described all over the net TCP/IP Packet Formats and Ports - Tutorial and is specified by "Request For Comment" documents like RFC 791. And no doubt many others.

You might be interested in "Implementing TCP in Rust" by Jon Gjengset: where he discusses all this and writes Rust code to do it.

1 Like

I'm writing a proxy server using tcp which can forward application packages to destinationIP:port

no you can't. the destination address is in the IP header, and the destination port number is in the TCP header. if you are using the TCP socket, you only see the TCP payload as a binary data stream.

a proxy server typically speak a specific proxy protocol (most common are http CONNECT or socks5) and the application will need to explicitly configured to talk to the proxy server.

if you want intercept all TCP traffic and route it another way, that's not a normal proxy server, what you need is a network packet filter, which you typically achieve via raw socket.

1 Like

how the server side forward the data to target server ?

if the client program is correctly configured to use a proxy server, it will request the proxy server for the destination it want to connect, and the proxy server simply connect to the requested address. most http libraries will have a way to configure a proxy server, and the HTTP_PROXY and HTTPS_PROXY environment variables are fairly standard and well supported today.

just search socks5 or http CONNECT or http tunnel, you'll find tons of information on how a proxy server works.


thanks . i saw socks5 , looks like server extract raw socket then resue it

also rust privided


these method bult socket from another socket ; this 2 method not cross platform ,only support for windows

This isn't quite correct. With linux's netfilter you can redirect traffic to a regular socket by using the TPROXY target and the original destination information is available via getsockname or IP_RECVORIGDSTADDR. This is called transparent proxying.

Granted, this isn't portable. But it's more ergonomic than having to parse TCP packets.

1 Like

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.