Networking socat

Examples

socat parameters

source
destination

Simple Connection

---
config:
  layout: dagre
---
flowchart LR
  subgraph node1["node1"]
    stdin Lstdin__producer@--> producer("socat")
  end

  subgraph node2["node2"]
    consumer("socat:8080") Lconsumer__stdout@--> stdout
  end
  producer Lconsumer__producer@--> consumer

  %% styling nodes
  node1:::default
  node2:::default
  producer:::default
  consumer:::default

  %% styling edges
  class Lconsumer__producer default_dashed_animate
  class Lstdin__producer default_dashed_animate
  class Lconsumer__stdout default_dashed_animate

  %% style definitions
  classDef default fill:#fff,stroke:#0066CC,stroke-width:1px,color:#0066CC;
  classDef default_dashed fill:#fff,stroke:#0066CC,stroke-width:1px,color:#0066CC,stroke-dasharray:3;
  classDef default_dashed_animate stroke:#0066CC,stroke-width:1px,stroke-dasharray: 5,5,stroke-dashoffset: 300,animation: dash 25s linear infinite;

node1 - producer
```
socat - tcp4:node2:8080
```
source destination

stdin node2:8080
node2 - consumer
```
socat tcp4-listen:8080 -
```
source destination

*:8080 stdout

if more producers need to connect use
```
socat tcp4-listen:8080,fork,reuseaddr -
```

source	destination
stdin	`node2:8080`

source	destination
`*:8080`	stdout

Simple Proxy

---
config:
  layout: dagre
---
flowchart LR
  subgraph node1["node1"]
    curl("curl")
  end

  subgraph node2["node2"]
    proxy("socat:8080")
  end

  subgraph node3["node3"]
    http_server("http server:8081")
  end

  curl Lcurl__proxy@--> proxy
  proxy Lproxy__http_server@--> http_server

  %% styling nodes
  node1:::default
  node2:::default
  node3:::default
  curl:::default
  http_server:::default

  %% styling edges
  class Lcurl__proxy default_dashed_animate
  class Lproxy__http_server default_dashed_animate

  %% style definitions
  classDef default fill:#fff,stroke:#0066CC,stroke-width:1px,color:#0066CC;
  classDef default_dashed fill:#fff,stroke:#0066CC,stroke-width:1px,color:#0066CC,stroke-dasharray:3;
  classDef default_dashed_animate stroke:#0066CC,stroke-width:1px,stroke-dasharray: 5,5,stroke-dashoffset: 300,animation: dash 25s linear infinite;

start server on node3
```
nc -l 8081
```

start proxy on node2

socat tcp4-listen:8080,fork,reuseaddr,bind=eth0 tcp4:node3:8081

To sniff traffic use -v

socat -v tcp4-listen:8080,fork,reuseaddr,bind=eth0 tcp4:node3:8081

Debugging

Use -d - -dddd flag to increase verbosity

Other Useful Options

-T5 - timeout connection after 5 seconds
...,keepalive,keepidle=60,keepintvl=60

TLS

---
config:
  layout: dagre
---
flowchart LR
  subgraph node1["node 1"]
    curl("curl")
  end

  subgraph node2["node 2"]
    proxy("socat:8443")
  end

  subgraph node3["node 3"]
    http_server("http server:8080")
  end

  curl Lcurl__proxy@-- TLS --> proxy
  proxy Lproxy__http_server@-- HTTP --> http_server

  %% styling nodes
  node1:::default
  node2:::default
  node3:::default
  curl:::default
  http_server:::default

  %% styling edges
  class Lcurl__proxy default_dashed_animate
  class Lproxy__http_server default_dashed_animate

  %% style definitions
  classDef default fill:#fff,stroke:#0066CC,stroke-width:1px,color:#0066CC;
  classDef default_dashed fill:#fff,stroke:#0066CC,stroke-width:1px,color:#0066CC,stroke-dasharray:3;
  classDef default_dashed_animate stroke:#0066CC,stroke-width:1px,stroke-dasharray: 5,5,stroke-dashoffset: 300,animation: dash 25s linear infinite;

generate certificate

openssl req -x509 \
  -days 365 \
  -newkey ed25519 \
  -keyout rootCA.key \
  -nodes \
  -out rootCA.crt

start proxy on node2

socat -dd openssl-listen:8443,reuseaddr,fork,cert=server.pem,cafile=rootCA.crt tcp4:node3:8080

test with curl on node1
```
curl node2:8443 --cacert rootCA.crt
```

View more in YouTube: SOCAT - you won’t believe what this Linux tool can do!