Girish Venkatachalam is a UNIX hacker with more than a decade of
networking and crypto programming experience.
His hobbies include yoga,cycling, cooking and he runs his own
business. Details here:
I am a big fan of netcat known in short as just nc. It has helped me figure out whether a firewall is blocking a UDP or TCP port. It has taught me how to solve complex port forwarding scenarios and netcat has also helped me develop and debug socket programs whether written in C or perl or any other language.
netcat has been around for some years now and remained largely unknown and then one day socat came along and changed the scene completely.
With netcat you can only do so much. You can do TCP, UDP and UNIX domain sockets in client or server mode and is very handy for many tasks. It can do port scanning, sniffing and so on.
But then socat can do so much more. And what a tool?
netcat is good for its smallness and agility and lack of complexity. The learning curve is not steep either.
socat is comprehensive, cool and fantastic for what it can do.
For the uninitiated socat can even bewilder and make the head roll.
socat can setup a pipeline just like the UNIX command line pipe "|" except that with socat you setup a two way pipe. That is the beauty of socat.
With the UNIX command line you can only setup a one way pipe.
For instance, when you type:
$ ls -ltr | grep ^d | less
each command reads from the previous command. So less can read from grep but grep can never read from less.
Pipe is a unidirectional construct but with socat you can do bidirectional communication.
Most real life problems involve setting up a two way pipe. Full duplex.
socat saves your day.
For instance, I am faced with having to scan for viruses in my spam control product SpamCheetah and socat did something that no other tool could. In addition to scanning for virus on a pipe, I can do so much more like content inspection in a very loose sense, adding a trailer advertising my product and so on.
With plain socat itself I could remove the restriction of setting the mail server's default router as SpamCheetah - a restriction imposed by port forwarding that is done by the firewall at the kernel level.
But once you setup TCP proxying with socat your mail server can be across the world and you can still use the network level filter SpamCheetah.
In fact you don't have to change a single parameter in your mail server.
Ain't that cool?
For instance with a simple command line:
$ socat TCP-LISTEN:5000,fork TCP-CONNECT:18.104.22.168:25
what you are doing is actually setup a TCP relay between two sides and acting as an SMTP pass through proxy.
With UNIX pipes you can only do one way communication. With socat you can do two way.
Moreover with socat you can setup one way communication too.
You want to know more?
socat can talk READLINE, PTY, serial ports and so much more.
I tested whatever I wanted. I am able to benefit by its features since I have been tinkering with UNIX for more than a decade. But for beginners socat can be quite overwhelming.
It also comes with a bunch of switches with a garden variety of features that obviates the need for having any other utility.
For my virus scanning however I ended up having three instances of socat in place of one but I am yet to finish it. I know it will work. It is only a matter of working out the details.
For now I will say that the approach I arrived at is this:
$ socat TCP-LISTEN:5000 PIPE:/tmp/tomailserver $ socat PIPE:/tmp/tomailclient TCP-CONNECT:22.214.171.124:25 $ socat -u PIPE:/tmp/tomailclient PIPE:/tmp/tomailserver $ (My custom shell script to read attachments and scan for viruses from /tmp/tomailserver FIFO)
Suffice it to say that with this arrangement I can do whatever I can. I can inject or remove anything I want from an incoming mail.
Imagine what I would have done without socat!
Got something to add? Send me email.
More Articles by Girish Venkatachalam © 2010-08-06 Girish Venkatachalam