HomeResources > Protocol - SOCKS V5

Protocols - SOCKS V5

How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 1928 http://tools.ietf.org/html/rfc1928

This protocol provides a framework for client-server applications in both the TCP and UDP domains to conveniently and securely use the services of a network firewall. The protocol is conceptually a "shim-layer" between the application layer and the transport layer, and as such does not provide network layer gateway services, such as forwarding of ICMP messages. SOCKS Version 4 provides unsecured firewall traversal for TCP-based client-server applications, including TELNET, FTP, and protocols such as HTTP, WAIS and GOPHER. This version of SOCKS extends the SOCKS Version 4 model to include UDP, and extends the framework to include provisions for generalized strong authentication schemes. It also adapts the addressing scheme to encompass domain-name and V6 IP addresses.

The implementation of the SOCKS protocol typically involves the recompilation or relinking of TCP-based client applications to use the appropriate encapsulation routines in the SOCKS library.

Protocol Structure for TCP-based Clients

Version identifier/method selection message:

1 byte 1 byte 1-225 bytes
Version NMethods Methods

Version
The version is 05.

Nmethod
The NMETHODS field contains the number of method identifier octets that appear in the METHODS field.

The method selection message:

1 byte 1 byte
Version Method

Methods
Possible values for methods are:

00    No authentication required
01    GSSAPI
02   Username/Password
IANA assigned
4 to FE Reserved for private methods
FF No acceptable methods

Socks Request Message

1 byte 1 byte Value of 0 1 byte Variable 2 bytes
Version CMD Rsv ATYP DST addr DST Port

Version
The Protocol version is 5.

CMD
Possible values for the cmnd field are:

01    CONNECT1
02   BIND
03   UDP ASSOCIATE

Reserved
The value of this field is 0.

ATYP
Address type of the following address:

01    IP V4 address
03  DOMAINNAME
04  IP V6 address: X'04'

Destination Address
The destination address desired.

Destination Port
The desired destination port in network octet order.

Socks Reply Message

1 byte 1 byte Value of 0 1 byte Variable 2 bytes
Version REP RSV ATYP BND addr BND Port

Version
The protocol version is 5.

REP
The reply field.
Possible values for the reply field are:

00 Succeeded
01        General SOCKS server failure
02  Connection not allowed by ruleset
03   Network unreachable
04   Host unreachable
05    Connection refused
06 TTL expired
07  Command not supported
08 Address type not supported
09 to FF  Unassigned

RSV
Reserved, the value of this field is 0.

ATYP
Address type of the following address:

01  IP V4 address
03   DOMAINNAME
04  IP V6 address: X'04'

BND Address
Server bound address.

BND Port
Server bound port in network octet order.

Protocol Structure for UDP-based Clients

Each UDP datagram carries a UDP request header with it:

UDP Request Header

2byte 1 byte 1 byte Variable 2 Variable
RSV FRAG ATYP DST Addr DST Port Data

RSV
This field is reserved. Its value is 0000.

FRAG
This field contains the current fragment number, and indicates whether the datagram is one of a number of fragments.

ATYP
Address type of the following address:

01  IP V4 address
03    DOMAINNAME
04 IP V6 address: X'04'

DST addr
Desired destination address.

DST Port
Desired destination port.

Data
User data.

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT

Free Network Analyzer

Free Network Analyzer
New Capsa v7.7 Released, Try it Free!

We’re here to help…

    If you have any problem, please tell us to help you.
  • Contact Us
  • Call:  800-381-6680
    Fax:  888-813-1029
    email:  

Stay in touch

Colasoft in Facebook   Colasoft in Twitter   Colasoft in Linkedin

Colasoft, Capsa, nChronos and Colasoft logos are registered trademarks of Colasoft. Sniffer is a registered trademark of Network General Corporation. All other names are trademarks or registered trademarks of their respective owners.