[noCensorship] Re: [Proxy Elites] Proxies, ports and stuff.....
- From: Michael Foord <Michael.Foord@xxxxxxxxxxxxxxxxxx>
- To: milhaus@xxxxxxxxxxxx, nocensorship@xxxxxxxxxxxxx
- Date: Tue, 15 Oct 2002 11:15:18 +0100
Hello milhaus this is an email you did me a *long* time ago which I was too
much of a novice to really understand.
I`m still quite a novice but have got to the point where I need to know more !!
Are you able to answer my questions on this subject or am I better off
directing my queries elsewhere ?, sorry for not replying to this earlier (I
must have seemed very ignorant) but I don`t think I properly realised you were
trying to help - I was quite lost in the subject. There is still a lot I don`t
understand - like why for example I can`t connect from port 25 on my system
(which happens to be open - and I know is
normally reserved for email use) to port 80 on another system.
It seems a bizarre convention, especially considering that all the `port
number` can really be is just a number in a header somewhere.... hmmmm.....
only packets with a number 25 (for example) get out of my system - only packets
with a number 80 in them get listened to at the site I am trying to conenct to
- odd and unfortunate. However, I suppose if it didn`t work like this the
techniques used to block would just be
different and one convention is only as arbitrary as another....
milhaus van heuten wrote:
> Hi Michael
>
> I would highly recommend using httptunnel or something simpler than sockscap
> and socks2http. If it is
Did get httptunnel working briefly once. Trouble was the proxies I had (needing
to be maually entered) were very slow and localproxy seemed to do the job so
much better for http access. At the moment the range of IPs I can access is
very limited so the chances of finding a CONNECT proxy I can get to is pretty
small unfortunately. If I find one I might try all this as I really want to get
news services and filesharing
working.
> possible for you to use external HTTP CONNECT proxies, you can do away with
> the socks solution altogether, and create a tunnel on your own machine (port
> 119) to the external news server, via the proxy. All that would be needed to
> get to the external news service, is to point your newsreader at 127.0.0.1
> (localhost)
>
> This may be confusing if you do not understand ports/tunnels/etc :)
>
Its the `create a tunnel on your own machine` that is gobbledygook to me - but
I have never checked the httptunnel docs to see if I could manage it - as I
said at the moment its possibly not worth it but is something I would very much
like to do in general as this could solve my problems. Hmmm.... I also want to
tunnel udp access - will httptunnel convert that via a CONNECT proxy as well...
if so it would do for
filesharing as well which localproxy is not yet capable of.
So if I have a CONNECT proxy I can connect to that from one of my few open
ports (so long as I can find a CONNECT capable proxy that works on that port)
and use that to point anywhere else on any port - right ???
>
> Each machine using TCP/IP on the internet has 65536 ports (numbers
> 1 to 65535 I think). Most of the port numbers below 1024 are 'assigned' -
> meaning, they have an agreed purpose. Port 80 is the standard port for HTTP
> traffic.
>
> A service can listen on a port for incoming connections. If someone attempts
> to connect to a port on your machine, and there is no service 'listening' on
> that port, your machine will refuse the connection. If you are running an FTP
> server on your machine, it will probably be listening for incoming
> connections on port 21.
>
> Every time you browse a web page on the internet, you are actually making a
> connection to port 80 of the web server in the URL.
>
Yet I have to go via my Superscout censoring proxy server. So make a connection
with that on port 8080 - it then makes the connection to port 80 on the outside
and pipes the result for me (including authentication issues and censoring in
the mix) ??
>
> When you try to make a TCP connection to another machine, you specify an
> address and a port. Your machine sends a request to the target, requesting a
> connection on that port. If there is a service listening, it will pick up the
> connection, and send a TCP handshake. A connection is established and data
> can flow back and forth in both directions.
>
Right - (sorry to labour the issue) so a machine will only ever connect from
port 80 to port 80 or port 1080 to port 1080 etc ??
This matters because most of my ports are blocked, 8080 is proxied (to port 80
on the outside ??) and a couple are open (probably by mistake). So if I want to
use a proxy I have to find one that will listen on either the open ports or
one I can get through to on port 80 that isn`t censored (which is a *very*
restricted range of IPs - although I can `social engineer additions!!).
>
> A HTTP connection is very simple. Your PC connects to the remote server on
> port 80, and sends the following (example):
>
> GET /index.html HTTP/1.0 (followed by two carriage returns)
>
> The remote HTTP server understands that command and looks in its / directory
> for the index.html file. If it finds it, it sends back to your browser:
>
> HTTP/1.1 200 OK
>
> <contents of index.html file>
>
> Your browser, being a HTTP client, knows what to do with this information and
> displays the file appropriately. The connection is then closed, and this
> process is repeated for any other pages you browse on the website.
>
> FTP traffic looks very similar, with simple commands in plain english such as
> GET file, PUT file, CHDIR, MKDIR, QUIT, LIST, DELETE, etc.
>
> Proxies are similar to HTTP servers except, instead of serving up local
> files, they allow you to GET other websites. ELITE proxies have a command
> called CONNECT that makes a full connection to a secondary IP and port.
>
> You can play with all of this stuff by using TELNET. Simply telnet to a
> webserver or FTP server and start issuing some of the commands in this email.
> Don't worry, you won't hurt it ;)
>
> try :
>
> Telnet www.blah.com 80
>
> when it connects, type:
>
> GET / HTTP/1.0 (followed by ENTER twice)
>
Can`t do that because the telnet program doesn`t cope with authentication - so
*ALWAYS* fails.
>
> This is basically what your browser is doing in the background.
>
> I cut and paste some of this from a website so sorry if it's a bit long ;)
>
Hmmm cool - I don`t suppose you remember which website ?
>
> cheers
>
> .milhaus.
Many Thanks
Michael
===8<============== noCensorship community ===============
List's webpage: //www.freelists.org/webpage/nocensorship
List's archive: //www.freelists.org/archives/nocensorship
To unsubscribe: nocensorship-request@xxxxxxxxxxxxx with 'unsubscribe' in the
Subject field.
Moderator's email: nocensorship-moderators@xxxxxxxxxxxxx
===8<============== noCensorship community ===============
Other related posts:
