I will be taking book notes here on my notion notebook

Chapter 1

Untitled

Strace

strace –e trace=network,read,write /path/to/app args

DTrace

dtrace -s traceconnect.d

/* traceconnect.d - A simple DTrace script to monitor a connect system call */
struct sockaddr_in {
short sin_family;
unsigned short sin_port;
in_addr_t sin_addr;
char sin_zero[8];
};
 syscall::connect:entry
 /arg2 == sizeof(struct sockaddr_in)/
{
 addr = (struct sockaddr_in*)copyin(arg1, arg2);
 printf("process:'%s' %s:%d", execname, inet_ntop(2, &addr->sin_addr),
ntohs(addr->sin_port));
}

Windows Sockets

Windows implements its user-mode network functions without direct system calls. The networking stack is exposed through a driver, and establishing a connection uses the file open, read, and write system calls to configure a network socket for use.

using Process Monitor

Socks Proxy

Socks 4 :
- it supports only IPv4 connections, and the destination address must be specified as a 32-bit IP address
Socks 4A
- allowed connections by hostname (which is useful if you don’t have a DNS server that can resolve IP addresses)