bcollet/socat
1
0
Fork 0
mirror of https://repo.or.cz/socat.git synced 2025-07-14 07:23:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Longer Socat examples are now splitted into two or three lines; improved CSS

Browse source
This commit is contained in:
Gerhard Rieger 2023-04-02 20:55:22 +02:00
parent 7cbe0b645b
commit c3719e7603
8 changed files with 774 additions and 310 deletions

509
doc/socat.yo
View file

@ -12,6 +12,8 @@ def(Procan)(0)(bf(Procan))
manpage(socat)(1)()()()
htmlcommand(<link rel="stylesheet" type="text/css" href="dest-unreach.css">)
whenhtml(
label(CONTENTS)
manpagesection(CONTENTS)
@ -664,8 +666,8 @@ label(ADDRESS_PROXY_CONNECT)dit(bf(tt(PROXY:<proxy>:<hostname>:<port>)))
link(pf)(OPTION_PROTOCOL_FAMILY), and sends a CONNECT
request for hostname:port. If the proxy grants access and succeeds to
connect to the target, data transfer between socat and the target can
start. Note that the traffic need not be HTTP but can be an arbitrary
protocol. nl()
start (link(example)(EXAMPLE_PROXY_CONNECT)).
Note that the traffic need not be HTTP but can be an arbitrary protocol. nl()
Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(HTTP)(GROUP_HTTP),link(RETRY)(GROUP_RETRY) nl()
Useful options:
link(proxyport)(OPTION_PROXYPORT),
@ -1687,13 +1689,14 @@ label(OPTION_UNLINK_LATE)dit(bf(tt(unlink-late[=<bool>])))
Unlinks (removes) the file after opening it to make it inaccessible for
other processes after a short race condition.
label(OPTION_UNLINK_CLOSE)dit(bf(tt(unlink-close[=<bool>])))
Removes the addresses file system entry when closing the address.
Controls removal of the addresses file system entry when closing the address.
For link(named pipes)(ADDRESS_NAMED_PIPE),
link(UNIX domain sockets)(ADDRESS_UNIX_LISTEN),
and the link(symbolic links)(OPTION_SYMBOLIC_LINK) of link(pty addresses)(ADDRESS_PTY),
the default is 1; for link(created files)(ADDRESS_CREAT),
the default is remove (1); for link(created files)(ADDRESS_CREAT),
link(opened files)(ADDRESS_OPEN), and
link(generic opened files)(ADDRESS_GOPEN) the default is 0.
link(generic opened files)(ADDRESS_GOPEN) the default is keep (0).
Setting this option to 1 removes the entry, 0 keeps it. No value means 1.
enddit()
startdit()enddit()nl()
@ -2065,7 +2068,7 @@ label(GROUP_SOCK_UNIX)em(bf(UNIX option group))
These options apply to UNIX domain based addresses.
startdit()
label(OPTION_UNIX_TIGHTSOCKLEN)dit(bf(tt(unix-tightsocklen=[0|1])))
label(OPTION_UNIX_TIGHTSOCKLEN)dit(bf(tt(unix-tightsocklen[=(0|1)])))
On socket operations, pass a socket address length that does not include the
whole code(struct sockaddr_un) record but (besides other components) only
the relevant part of the filename or abstract string. Default is 1.
@ -3115,8 +3118,18 @@ manpagesection(EXAMPLES)
startdit()
COMMENT(I could not find a way to have these multiline examples with yodl,
code() and verbatim() failed miserably...)
COMMENT(Thus this tedious hack for now)
label(EXAMPLE_ADDRESS_TCP4_CONNECT)
dit(bf(tt(socat - TCP4:www.domain.org:80)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - TCP4:www.domain.org:80\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - TCP4:www.domain.org:80</div>)
transfers data between link(STDIO)(ADDRESS_STDIO) (-) and a
link(TCP4)(ADDRESS_TCP4_CONNECT) connection to port 80 of host
@ -3128,12 +3141,16 @@ label(EXAMPLE_ADDRESS_READLINE)
label(EXAMPLE_OPTION_HISTORY)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat -d -d READLINE,history=$HOME/.http_history \\
TCP4:www.domain.org:www,crnl\fP)
mancommand(\fBsocat -d -d \\)
mancommand(\.RS)
mancommand(\fBREADLINE,history=$HOME/.http_history \\
TCP4:www.domain.org:www,crnl\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>socat -d -d READLINE,history=$HOME/.http_history \</strong><br>
<strong>TCP4:www.domain.org:www,crnl</strong></code><dd>)
htmlcommand(<hr><div class="shell">socat -d -d &#x5C;
READLINE,history=$HOME/.http_history &#x5C;
TCP4:www.domain.org:www,crnl</div>)
this is similar to the previous example, but you can edit the current line in a
bash like manner (link(READLINE)(ADDRESS_READLINE)) and use the
@ -3143,8 +3160,21 @@ progress (link(-d -d)(option_d_d)). The port is specified by service name
(link(crnl)(OPTION_CRNL)) instead of NL are used.
COMMENT((bf(tt(socat TCP4-LISTEN:www TCP4:www.domain.org:www))))
label(EXAMPLE_ADDRESS_TCP4_LISTEN)
dit(bf(tt(socat TCP4-LISTEN:www TCP4:www.domain.org:www)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBTCP4-LISTEN:www \\
TCP4:www.domain.org:www\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
TCP4-LISTEN:www &#x5C;
TCP4:www.domain.org:www</div>)
installs a simple TCP port forwarder. With
link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN) it listens on local port "www" until a
@ -3159,14 +3189,16 @@ label(EXAMPLE_OPTION_SUBSTUSER)
label(EXAMPLE_OPTION_RANGE)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat -d -d -lmlocal2 \\
TCP4-LISTEN:80,bind=myaddr1,reuseaddr,fork,su=nobody,range=10.0.0.0/8 \\
TCP4:www.domain.org:80,bind=myaddr2\fP)
mancommand(\fBsocat -d -d -lmlocal2 \\)
mancommand(\.RS)
mancommand(\fBTCP4-LISTEN:80,bind=myaddr1,reuseaddr,fork,su=nobody,range=10.0.0.0/8 \\
TCP4:www.domain.org:80,bind=myaddr2\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>socat -d -d -lmlocal2 \</strong><br>
<strong>TCP4-LISTEN:80,bind=myaddr1,su=nobody,fork,range=10.0.0.0/8,reuseaddr \</strong><br>
<strong>TCP4:www.domain.org:80,bind=myaddr2</strong></code><dd>)
htmlcommand(<hr><div class="shell">socat -d -d -lmlocal2 &#x5C;
TCP4-LISTEN:80,bind=myaddr1,su=nobody,fork,range=10.0.0.0/8,reuseaddr &#x5C;
TCP4:www.domain.org:80,bind=myaddr2</div>)
TCP port forwarder, each side bound to another local IP address
(link(bind)(OPTION_BIND)). This example handles an almost
@ -3190,12 +3222,16 @@ label(EXAMPLE_OPTION_PTY)
label(EXAMPLE_OPTION_STDERR)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat TCP4-LISTEN:5555,fork,tcpwrap=script \\
EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr\fP)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBTCP4-LISTEN:5555,fork,tcpwrap=script \\
EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>socat TCP4-LISTEN:5555,fork,tcpwrap=script \</strong><br>
<strong>EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr</strong></code><dd>)
htmlcommand(<hr><div class="shell">socat &#x5C;
TCP4-LISTEN:5555,fork,tcpwrap=script &#x5C;
EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr</div>)
a simple server that accepts connections
(link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN)) and link(fork)(OPTION_FORK)'s a new
@ -3217,12 +3253,16 @@ label(EXAMPLE_OPTION_CRNL)
label(EXAMPLE_OPTION_MSS)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \\
TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512\fP)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBEXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \\
TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>socat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \</strong><br>
<strong>TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512</strong></code><dd>)
htmlcommand(<hr><div class="shell">socat &#x5C;
EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 &#x5C;
TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512</div>)
file(mail.sh) is a shell script, distributed with socat(), that implements a
simple
@ -3240,7 +3280,18 @@ at most 512 data bytes per packet (link(mss)(OPTION_MSS)).
label(EXAMPLE_ADDRESS_GOPEN)
label(EXAMPLE_OPTION_TERMIOS_RAWER)
label(EXAMPLE_OPTION_ESCAPE)
dit(bf(tt(socat -,escape=0x0f /dev/ttyS0,rawer,crnl)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fB-,escape=0x0f \\
/dev/ttyS0,rawer,crnl\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
-,escape=0x0f &#x5C;
/dev/ttyS0,rawer,crnl</div>)
opens an interactive connection via the serial line, e.g. for talking with a
modem. link(rawer)(OPTION_TERMIOS_RAWER) sets the console's and
@ -3256,12 +3307,16 @@ label(EXAMPLE_OPTION_SOCKSUSER)
label(EXAMPLE_OPTION_SOURCEPORT)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \\
SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20\fP)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBUNIX-LISTEN:/tmp/.X11-unix/X1,fork \\
SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>socat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \</strong><br>
<strong>SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20</strong></code><dd>)
htmlcommand(<hr><div class="shell">socat &#x5C;
UNIX-LISTEN:/tmp/.X11-unix/X1,fork &#x5C;
SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20</div>)
with link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), socat() opens a listening
unixdomain() socket file(/tmp/.X11-unix/X1). This path corresponds
@ -3281,7 +3336,18 @@ session with a given set of addresses and ports.
label(EXAMPLE_option_u)
label(EXAMPLE_OPTION_IGNOREEOF)
dit(bf(tt(socat -u /tmp/readdata,seek-end=0,ignoreeof -)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat -u \\)
mancommand(\.RS)
mancommand(\fB/tmp/readdata,seek-end=0,ignoreeof \\)
mancommand(\fBSTDIO\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat -u &#x5C;
/tmp/readdata,seek-end=0,ignoreeof &#x5C;
STDIO</div>)
this is an example for unidirectional data transfer
(link(-u)(option_u)). Socat() transfers data
@ -3297,12 +3363,16 @@ label(EXAMPLE_OPTION_SETSID)
label(EXAMPLE_OPTION_CTTY)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fB(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |
socat - EXEC:'ssh -l user server',pty,setsid,ctty\fP)
mancommand(\fB(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) | \\)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBEXEC:'ssh -l user server',pty,setsid,ctty\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |</strong><br>
<strong>socat - EXEC:'ssh -l user server',pty,setsid,ctty</strong></code><dd>)
htmlcommand(<hr><div class="shell">(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |
socat - &#x5C;
EXEC:'ssh -l user server',pty,setsid,ctty</div>)
link(EXEC)(ADDRESS_EXEC)'utes an ssh session to server. Uses a link(pty)(OPTION_PTY) for communication between socat() and
ssh, makes it ssh's controlling tty (link(ctty)(OPTION_CTTY)),
@ -3315,12 +3385,16 @@ label(EXAMPLE_OPTION_CREAT)
label(EXAMPLE_OPTION_APPEND)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat -u TCP4-LISTEN:3334,reuseaddr,fork \\
OPEN:/tmp/in.log,creat,append\fP)
mancommand(\fBsocat -u \\)
mancommand(\.RS)
mancommand(\fBTCP4-LISTEN:3334,reuseaddr,fork \\
OPEN:/tmp/in.log,creat,append\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>socat -u TCP4-LISTEN:3334,reuseaddr,fork \</strong><br>
<strong>OPEN:/tmp/in.log,creat,append</strong></code><dd>)
htmlcommand(<hr><div class="shell">socat -u &#x5C;
TCP4-LISTEN:3334,reuseaddr,fork &#x5C;
OPEN:/tmp/in.log,creat,append</div>)
implements a simple network based message collector.
For each client connecting to port 3334, a new child process is generated (option link(fork)(OPTION_FORK)).
@ -3350,7 +3424,18 @@ window size.
)
label(EXAMPLE_OPTION_NOECHO)
dit(bf(tt(socat READLINE,noecho='[Pp]assword:' EXEC:'ftp ftp.server.com',pty,setsid,ctty)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBREADLINE,noecho='[Pp]assword:' \\
EXEC:'ftp ftp.server.com',pty,setsid,ctty\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
READLINE,noecho='[Pp]assword:' &#x5C;
EXEC:'ftp ftp.server.com',pty,setsid,ctty</div>)
wraps a command line history (link(READLINE)(ADDRESS_READLINE)) around the link(EXEC)(ADDRESS_EXEC)'uted ftp client utility.
This allows editing and reuse of FTP commands for relatively comfortable
@ -3366,12 +3451,16 @@ label(EXAMPLE_OPTION_WAIT_SLAVE)
label(EXAMPLE_OPTION_NONBLOCK)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat PTY,link=$HOME/dev/vmodem0,rawer,wait-slave \\\bf)
mancommand(\fBEXEC:"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,rawer"\fP)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBPTY,link=$HOME/dev/vmodem0,rawer,wait-slave \\
EXEC:'"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,rawer"'\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>socat PTY,link=$HOME/dev/vmodem0,rawer,wait-slave \</strong><br>
<strong>EXEC:'"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,rawer"'</strong></code><dd>)
htmlcommand(<hr><div class="shell">socat &#x5C;
PTY,link=$HOME/dev/vmodem0,rawer,wait-slave &#x5C;
EXEC:'"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,rawer"'</div>)
generates a pseudo terminal
device (link(PTY)(ADDRESS_PTY)) on the client that can be reached under the
@ -3382,24 +3471,39 @@ to a modemserver via ssh where another socat instance links it to
file(/dev/ttyS0).
label(EXAMPLE_PROXY_CONNECT)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat TCP4-LISTEN:2022,reuseaddr,fork \\
PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass\fP)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBTCP4-LISTEN:2022,reuseaddr,fork \\
PROXY:proxy.local:www.domain.org:22,proxyport=3128,proxyauth=username:s3cr3t\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<dt><code><strong>socat TCP4-LISTEN:2022,reuseaddr,fork \</strong><br>
<strong>PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass</strong></code><dd>)
htmlcommand(<hr><div class="shell">socat &#x5C;
TCP4-LISTEN:2022,reuseaddr,fork &#x5C;
PROXY:proxy.local:www.domain.org:22,proxyport=3128,proxyauth=username:s3cr3t</div>)
starts a forwarder that accepts connections on port 2022, and directs them
through the link(proxy)(ADDRESS_PROXY_CONNECT) daemon listening on port 3128
(link(proxyport)(OPTION_PROXYPORT)) on host proxy, using the
CONNECT method, where they are authenticated as "user" with "pass" (link(proxyauth)(OPTION_PROXY_AUTHORIZATION)). The proxy
(link(proxyport)(OPTION_PROXYPORT)) on host proxy.local, using the
CONNECT method, where they are authenticated as "username" with "s3cr3t"
(link(proxyauth)(OPTION_PROXY_AUTHORIZATION)). proxy.local
should establish connections to host www.domain.org on port 22 then.
label(EXAMPLE_ADDRESS_OPENSSL_CONNECT)
dit(bf(tt(socat - SSL:server:4443,cafile=server.crt,cert=client.pem)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBSSL:server:4443,cafile=./server.crt,cert=./client.pem\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
SSL:server:4443,cafile=./server.crt,cert=./client.pem</div>)
is an OpenSSL client that tries to establish a secure connection to an SSL
server. Option link(cafile)(OPTION_OPENSSL_CAFILE) specifies a file that
@ -3413,7 +3517,18 @@ The first address ('-') can be replaced by almost any other socat address.
label(EXAMPLE_ADDRESS_OPENSSL_LISTEN)
dit(bf(tt(socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBOPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=./server.pem,cafile=./client.crt \\
PIPE\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=./server.pem,cafile=./client.crt &#x5C;
PIPE</div>)
is an OpenSSL server that accepts TCP connections, presents the certificate
from the file server.pem and forces the client to present a certificate that is
@ -3424,16 +3539,38 @@ For instructions on generating and distributing OpenSSL keys and certificates
see the additional socat docu tt(socat-openssl.txt).
dit(bf(tt(echo |socat -u - file:/tmp/bigfile,create,largefile,seek=100000000000)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBecho |
socat -u - \\)
mancommand(\.RS)
mancommand(\fBFILE:/tmp/bigfile,create,largefile,seek=100000000000\fP)
mancommand(\.RE)
mancommand(\.fi)
creates a 100GB sparse file; this requires a file system type that
supports this (ext2, ext3, reiserfs, jfs; not minix, vfat). The operation of
htmlcommand(<hr><div class="shell">echo |
socat -u - &#x5C;
FILE:/tmp/bigfile,create,largefile,seek=100000000000</div>)
creates a 100GB+1B sparse file; this requires a file system type that
supports this (ext2, ext3, ext4, reiserfs, xfs; not minix, vfat). The operation of
writing 1 byte might take long (reiserfs: some minutes; ext2: "no" time), and
the resulting file can consume some disk space with just its inodes (reiserfs:
2MB; ext2: 16KB).
dit(bf(tt(socat tcp-l:7777,reuseaddr,fork system:'filan -i 0 -s >&2',nofork)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBTCP-L:7777,reuseaddr,fork \\
SYSTEM:'filan -i 0 -s >&2',nofork\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
TCP-L:7777,reuseaddr,fork &#x5C;
SYSTEM:'filan -i 0 -s >&2',nofork</div>)
listens for incoming TCP connections on port 7777. For each accepted
connection, invokes a shell. This shell has its stdin and stdout directly
@ -3441,20 +3578,51 @@ connected to the TCP socket (link(nofork)(OPTION_NOFORK)). The shell starts fil
stderr (your terminal window).
dit(bf(tt(echo -e "\0\14\0\0\c" |socat -u - file:/usr/bin/squid.exe,seek=0x00074420)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBecho -e "\\0\\14\\0\\0\\c" |
socat -u - \\)
mancommand(\.RS)
mancommand(\fBFILE:/usr/bin/squid.exe,seek=0x00074420\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">echo -e "\0\14\0\0\c" |
socat -u - &#x5C;
FILE:/usr/bin/squid.exe,seek=0x00074420</div>)
functions as primitive binary editor: it writes the 4 bytes 000 014 000 000 to
the executable /usr/bin/squid at offset 0x00074420 (this is a real world patch
to make the squid executable from Cygwin run under Windows, actual per May 2004).
the executable /usr/bin/squid.exe at offset 0x00074420 (this was a real world patch
to make the squid executable from Cygwin run under Windows, in 2004).
dit(bf(tt(socat - tcp:www.blackhat.org:31337,readbytes=1000)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBTCP:www.blackhat.org:31337,readbytes=1000\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
TCP:www.blackhat.org:31337,readbytes=1000</div>)
connects to an unknown service and prevents being flooded.
label(EXAMPLE_END_CLOSE)
dit(bf(tt(socat -U TCP:target:9999,end-close TCP-L:8888,reuseaddr,fork)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat -U \\)
mancommand(\.RS)
mancommand(\fBTCP:target:9999,end-close \\
TCP-L:8888,reuseaddr,fork\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat -U &#x5C;
TCP:target:9999,end-close &#x5C;
TCP-L:8888,reuseaddr,fork</div>)
merges data arriving from different TCP streams on port 8888 to just one stream
to target:9999. The link(end-close)(OPTION_END_CLOSE) option prevents the child
@ -3465,7 +3633,18 @@ connection).
label(EXAMPLE_GENERIC_DCCP_SERVER)
dit(bf(tt(socat TCP-LISTEN:10021,reuseaddr,socktype=6,protocol=33,fork PIPE)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBTCP-LISTEN:10021,reuseaddr,socktype=6,protocol=33,fork \\
PIPE\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
TCP-LISTEN:10021,reuseaddr,socktype=6,protocol=33,fork &#x5C;
PIPE</div>)
is a simple DCCP echo server. It uses socat()s TCP procedures, but changes the
socket type to SOCK_DCCP=6 (on Linux) and the IP protocol to IPPROTO_DCCP=33.
@ -3474,21 +3653,49 @@ datagram protocol.
label(EXAMPLE_GENERIC_DCCP_CLIENT)
dit(bf(tt(socat - TCP:<server>:10021,reuseaddr,socktype=6,protocol=33,fork)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBTCP:<server>:10021,reuseaddr,socktype=6,protocol=33,fork\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
TCP:<server>:10021,reuseaddr,socktype=6,protocol=33,fork</div>)
is a simple DCCP client. It uses socat()s TCP procedures, but changes the
socket type to SOCK_DCCP=6 (on Linux) and the IP protocol to IPPROTO_DCCP=33.
label(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT)
dit(bf(tt(socat - UDP4-DATAGRAM:192.168.1.0:123,sp=123,broadcast,range=192.168.1.0/24)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBUDP4-DATAGRAM:192.168.1.0:123,sp=123,broadcast,range=192.168.1.0/24\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
UDP4-DATAGRAM:192.168.1.0:123,sp=123,broadcast,range=192.168.1.0/24</div>)
sends a broadcast to the network 192.168.1.0/24 and receives the replies of the
timeservers there. Ignores NTP packets from hosts outside this network.
label(EXAMPLE_ADDRESS_GENERIC_CLIENT)
dit(bf(tt(socat - SOCKET-DATAGRAM:2:2:17:x007bxc0a80100x0000000000000000,bind=x007bx00000000x0000000000000000,setsockopt-int=1:6:1,range=x0000xc0a80100x0000000000000000:x0000xffffff00x0000000000000000)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBSOCKET-DATAGRAM:2:2:17:x007bxc0a80100x0000000000000000,bind=x007bx00000000x0000000000000000,setsockopt-int=1:6:1,range=x0000xc0a80100x0000000000000000:x0000xffffff00x0000000000000000\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
SOCKET-DATAGRAM:2:2:17:x007bxc0a80100x0000000000000000,bind=x007bx00000000x0000000000000000,setsockopt-int=1:6:1,range=x0000xc0a80100x0000000000000000:x0000xffffff00x0000000000000000</div>)
is semantically equivalent to the link(previous
example)(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT), but all parameters are
@ -3497,14 +3704,32 @@ tt(SO_BROADCAST).
label(EXAMPLE_ADDRESS_IP4_BROADCAST_CLIENT)
dit(bf(tt(socat - IP4-DATAGRAM:255.255.255.255:44,broadcast,range=10.0.0.0/8)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBIP4-DATAGRAM:255.255.255.255:44,broadcast,range=10.0.0.0/8\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
IP4-DATAGRAM:255.255.255.255:44,broadcast,range=10.0.0.0/8</div>)
sends a broadcast to the local NOEXPAND(network(s)) using protocol 44. Accepts replies
from the private address range only.
label(EXAMPLE_ADDRESS_UDP4_MULTICAST)
dit(bf(tt(socat - UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBUDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0</div>)
transfers data from stdin to the specified multicast address using UDP. Both
local and remote ports are 6666. Tells the interface eth0 to also accept
@ -3516,7 +3741,18 @@ operating system, bridges, or a badly configured switch.
label(EXAMPLE_ADDRESS_TUN)
dit(bf(tt(socat UDP:host2:4443 TUN:192.168.255.1/24,up)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBUDP:host2:4443 \\
TUN:192.168.255.1/24,up\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
UDP:host2:4443 &#x5C;
TUN:192.168.255.1/24,up</div>)
establishes one side of a virtual (but not private!) network with host2 where a
similar process might run, with UDP-L and tun address 192.168.255.2. They can
@ -3526,37 +3762,97 @@ might thus cause packet loss.
label(EXAMPLE_ADDRESS_VSOCK)
dit(bf(tt(socat - VSOCK-CONNECT:2:1234)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBVSOCK-CONNECT:2:1234\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
VSOCK-CONNECT:2:1234</div>)
establishes a VSOCK connection with the host (host is always reachable with
the well-know CID=2) on 1234 port.
dit(bf(tt(socat - VSOCK-LISTEN:1234)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBVSOCK-LISTEN:1234\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
VSOCK-LISTEN:1234</div>)
listens for a VSOCK connection on 1234 port.
dit(bf(tt(socat - VSOCK-CONNECT:31:4321,bind:5555)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat - \\)
mancommand(\.RS)
mancommand(\fBVSOCK-CONNECT:31:4321,bind:5555\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat - &#x5C;
VSOCK-CONNECT:31:4321,bind:5555</div>)
establishes a VSOCK connection with the guest that have CID=31 on 1234 port,
binding the local socket to the 5555 port.
dit(bf(tt(socat VSOCK-LISTEN:3333,reuseaddr,fork VSOCK-CONNECT:42,3333)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBVSOCK-LISTEN:3333,reuseaddr,fork \\
VSOCK-CONNECT:42,3333\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
VSOCK-LISTEN:3333,reuseaddr,fork &#x5C;
VSOCK-CONNECT:42,3333</div>)
starts a forwarder that accepts VSOCK connections on port 3333, and directs
them to the guest with CID=42 on the same port.
dit(bf(tt(socat VSOCK-LISTEN:22,reuseaddr,fork TCP:localhost:22)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBVSOCK-LISTEN:22,reuseaddr,fork \\
TCP:localhost:22\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
VSOCK-LISTEN:22,reuseaddr,fork &#x5C;
TCP:localhost:22</div>)
forwards VSOCK connections from 22 port to the local SSH server.
Running this in a VM allows you to connect via SSH from the host using VSOCK,
as in the example below.
dit(bf(tt(socat TCP4-LISTEN:22222,reuseaddr,fork VSOCK-CONNECT:33:22)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBTCP4-LISTEN:22222,reuseaddr,fork \\
VSOCK-CONNECT:33:22\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
TCP4-LISTEN:22222,reuseaddr,fork &#x5C;
VSOCK-CONNECT:33:22</div>)
forwards TCP connections from 22222 port to the guest with CID=33 listening on
VSOCK port 22.
@ -3565,7 +3861,18 @@ Running this in the host, allows you to connect via SSH running
label(EXAMPLE_INTERFACE)
dit(bf(tt(socat PTY,link=/var/run/ppp,rawer INTERFACE:hdlc0)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat \\)
mancommand(\.RS)
mancommand(\fBPTY,link=/var/run/ppp,rawer \\
INTERFACE:hdlc0\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat &#x5C;
PTY,link=/var/run/ppp,rawer &#x5C;
INTERFACE:hdlc0</div>)
circumvents the problem that pppd requires a serial device and thus might not
be able to work on a synchronous line that is represented by a network device.
@ -3575,26 +3882,64 @@ both devices. Use pppd on device tt(/var/run/ppp) then.
label(EXAMPLE_HTTPECHO)
dit(bf(tt(socat -T 1 -d -d TCP-L:10081,reuseaddr,fork,crlf SYSTEM:"echo -e \"\\\"HTTP/1.0 200 OK\\\nDocumentType: text/plain\\\n\\\ndate: \$\(date\)\\\nserver:\$SOCAT_SOCKADDR:\$SOCAT_SOCKPORT\\\nclient: \$SOCAT_PEERADDR:\$SOCAT_PEERPORT\\\n\\\"\"; cat; echo -e \"\\\"\\\n\\\"\"")))
COMMENT( dit(bf(tt(socat -T 1 -d -d TCP-L:10081,reuseaddr,fork,crlf SYSTEM:"echo -e \"\\\"HTTP/1.0 200 OK\\\nDocumentType: text/plain\\\n\\\ndate: \$\(date\)\\\nserver:\$SOCAT_SOCKADDR:\$SOCAT_SOCKPORT\\\nclient: \$SOCAT_PEERADDR:\$SOCAT_PEERPORT\\\n\\\"\"; cat; echo -e \"\\\"\\\n\\\"\""))) )
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat -T 1 -d -d \\)
mancommand(\.RS)
mancommand(\fBTCP-L:10081,reuseaddr,fork,crlf \\
SYSTEM:"echo -e \\"\\\\\\"HTTP/1.0 200 OK\\\\\\nDocumentType: text/plain\\\\\\n\\\\\\ndate: \\$\\(date\\)\\\\\\nserver:\\$SOCAT_SOCKADDR:\\$SOCAT_SOCKPORT\\\\\\nclient: \\$SOCAT_PEERADDR:\\$SOCAT_PEERPORT\\\\\\n\\\\\\"\\"; cat; echo -e \\"\\\\\\"\\\\\\n\\\\\\"\\""\fP)
mancommand(\.RE)
mancommand(\.fi)
creates a simple HTTP echo server: each HTTP client that connects gets a valid
htmlcommand(<hr><div class="shell">socat -T 1 -d -d &#x5C;
TCP-L:10081,reuseaddr,fork,crlf &#x5C;
SYSTEM:"echo -e \"\\\"HTTP/1.0 200 OK\\\nDocumentType: text/plain\\\n\\\ndate: \$\(date\)\\\nserver:\$SOCAT_SOCKADDR:\$SOCAT_SOCKPORT\\\nclient: \$SOCAT_PEERADDR:\$SOCAT_PEERPORT\\\n\\\"\"; cat; echo -e \"\\\"\\\n\\\"\""</div>)
creates a very primitive HTTP echo server: each HTTP client that connects gets
a valid
HTTP reply that contains information about the client address and port as it is
seen by the server host, the host address (which might vary on multihomed
servers), and the original client request.
label(EXAMPLE_ANCILLARY)
dit(bf(tt(socat -d -d UDP4-RECVFROM:9999,so-broadcast,so-timestamp,ip-pktinfo,ip-recverr,ip-recvopts,ip-recvtos,ip-recvttl!!- SYSTEM:'export; sleep 1' |grep SOCAT)))
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBsocat -d -d \\)
mancommand(\.RS)
mancommand(\fBUDP4-RECVFROM:9999,so-broadcast,so-timestamp,ip-pktinfo,ip-recverr,ip-recvopts,ip-recvtos,ip-recvttl!!- \\
SYSTEM:'export; sleep 1' |\fP)
mancommand(\.RE)
mancommand(\fBgrep SOCAT\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">socat -d -d &#x5C;
UDP4-RECVFROM:9999,so-broadcast,so-timestamp,ip-pktinfo,ip-recverr,ip-recvopts,ip-recvtos,ip-recvttl!!- &#x5C;
SYSTEM:'export; sleep 1' |
grep SOCAT</div>)
waits for an incoming UDP packet on port 9999 and prints the environment
variables provided by socat. On BSD based systems you have to replace
link(tt(ip-pktinfo))(OPTION_IP_PKTINFO) with link(tt(ip-recvdstaddr))(OPTION_IP_RECVDSTADDR),link(tt(ip-recvif))(OPTION_IP_RECVIF). Especially interesting is
link(tt(ip-pktinfo))(OPTION_IP_PKTINFO) with link(tt(ip-recvdstaddr))(OPTION_IP_RECVDSTADDR),link(tt(ip-recvif))(OPTION_IP_RECVIF). Especially of interest is
SOCAT_IP_DSTADDR: it contains the target address of the packet which may be a
unicast, multicast, or broadcast address.
label(EXAMPLE_SSD)
dit(bf(tt(echo -e "M-SEARCH * HTTP/1.1\nHOST: 239.255.255.250:1900\nMAN: \"ssdp:discover\"\nMX: 4\nST: \"ssdp:all\"\n" |socat - UDP-DATAGRAM:239.255.255.250:1900,crlf)))
label(EXAMPLE_SSDP)
mancommand(\.LP)
mancommand(\.nf)
mancommand(\fBecho -e "M-SEARCH * HTTP/1.1\\nHOST: 239.255.255.250:1900\\nMAN: \\"ssdp:discover\\"\\nMX: 4\\nST: \\"ssdp:all\\"\\n" |
socat - \\)
mancommand(\.RS)
mancommand(\fBUDP-DATAGRAM:239.255.255.250:1900,crlf\fP)
mancommand(\.RE)
mancommand(\.fi)
htmlcommand(<hr><div class="shell">echo -e "M-SEARCH * HTTP/1.1\nHOST: 239.255.255.250:1900\nMAN: \"ssdp:discover\"\nMX: 4\nST: \"ssdp:all\"\n" | &#x5C;
socat - &#x5C;
UDP-DATAGRAM:239.255.255.250:1900,crlf</div>)
sends an SSDP (Simple Service Discovery Protocol) query to the local network
and collects and outputs the answers received.