#networks

Currently this layer uses guess_payload_class to enumerate all the different types of payloads it can carry, with each being it's own layer (ADU vs PDU)

But I'm trying to get multiple copies of the layer to get read, so I'd like to convert it to using

packetfield instead. Having a little bit of trouble figuring out how that messes up the building functions though.

Actually it messes with a ton of stuff. Ugh. Back to the drawing board.

Library == module, no?

https://www.geeksforgeeks.org/what-is-the-difference-between-pythons-module-package-and-library/

Now at the point where I have Scapy correctly dissecting the packet. Yay!

Sadly, it still shows several layers, all as children of each other, instead of as siblings.

Can anybody give me a clue on making these layers siblings instead of parent/child?

All I can think of is making another layer that is an empty excepting a packetlistfield object

Hey im getting an error when trying to have a client interact with a server, can someone ping if they are able to help?

Just ask your question, not asking and waiting for someone to answer to ask your question is wasting time

any tips?

on?

Hello,
I am having a very hard to understand issue with network authentication: I have a python 3.10 + python-behave project that is essentially a network client to test several https server back ends. I use requests to implement all the communication (not sure of the version, the one that comes by default with ubuntu 22.04). A normal run of the code might have a few thousand requests. The issue I am experiencing is that every 20 or so runs a random request might get stuck on a function on ssl.py. I have seen 5 cases so far, 4 of them on do_handshake() and one on read(). I can provide stack traces created from py-spy. I have also ps-ed during the issue and i can see that there are many idle python threads. Googling this issue gives me very few results and the ones I get are old. The most recent is this one: https://github.com/openssl/openssl/issues/19066 . If this answer has anything to do with my issue, it would imply that somewhere in my module stack some python code is using openssl from several threads at the same time and deadlocking.

Has anyone seen this issue? Any insights? Let me know if there is any more info I should provide.
Thanks

SEND COOOODEEEEEE

sorry is this to me? I am not sure what part of the project is relevant to share. I can't share it all because it's proprietary code and as far as I know my calls to request.post are rather normal:

import requests
import json
from requests.packages.urllib3.util.retry import Retry
session = requests.Session()
session.verify = False
retries = Retry(total=5, backoff_factor=1)
session.mount("https://", HTTPAdapter(max_retries=retries))
url = "my.server.domain"
user = test_user
res = session.post(url + "/login", data=json.dumps({"user": user}))

There is no call stranger than that. Besides I believe what is causing the issue is some poor code in behve, requests or ssl python modules, which won't benefit from any code I share, hence why I didn't do it. Happy to be proven wrong tho

like, the threaded part

you should probably use async instead :P

I don't implement threads. All the code me or my team have created is single threaded. Any multithreaded behaviour must come from one of the modules I use, probably behave

send stack traces

do_handshake example stack trace

read example stack trace

how i can make a requests with a proxy list like proxy.txt ?

u read file and make a list

For anybody who was following my Scapy journey: I added another layer that implemented absolutely nothing except PacketFieldList, and with proper extract_padding implementations it is working properly.

Now I just have to add a guess_payload_class somehow into the PacketFieldList and I'm golden.

hi

this channel is about computer networking, not social networking

My bad

LOL! I was moments from posting something similar until I read someone's toubleshoot xD xD

Anyone knows how do i avoid site not reached ERR_TUNNEL_CONNECTION_FAILED error when logging into outlook mail ?
https://discord.com/channels/267624335836053506/1151716496263876689 thread is here

you'd be unlikely to find help here

😦

Suggestion: whatever you do, make it an async library. That makes it easier for caller apps to integrate into their event loops.

How to scale load balancers?
For example, say service A has lots of nodes and they make requests to Service C which also has lots of nodes via Load balancer B. As the requests increase, a single load balancer will no longer be sufficient. So how do we add more load balancers? Usually load balancers are the devices that split traffic. In this case, who can split traffic between load balancers?
Thanks in advance.
PS: I hope this is the right channel for this question

I googled it for you. You either need a bigger load balancer or you need a different approach like round-robin DNS. https://serverfault.com/questions/268597/what-is-a-typical-method-to-scale-out-a-software-load-balancer

Thanks a bunch 👍

is there anywhere to see a comprehensive list of ALL possible socket connection errors and what situations they occur in/what exactly they mean? i tried writing my code based on the manpage here https://man7.org/linux/man-pages/man2/connect.2.html but just now had a crash with a ECONNABORTED during connect which wasnt mentioned :/

this thread explains it better than I could
https://stackoverflow.com/q/9646550/11317314

although a bit outdated lol

i'd really like to avoid further unexpected crashes, so am looking for a list of potential errors that can occur during socket operations like ECONNABORTED

like any other ones that the manpage doesn't mention

there is a loose list of errno mappings here https://docs.python.org/3/library/errno.html

but like... this is probably not the way to go about it

catch the obvious ones and add a generic case to handle any you haven't caught

if they become so recurrent you need special handling, then add a new clause before your general one

using nonblocking sockets so need to discern between errors that mean unrecoverable failure, and errors that mean 'try again later'. a generic case would be too broad and could potentially catch an unexpected retryable error.

as of now i've encountered these:

if platform.system() == 'Linux':
    RETRY = (115, 114, 11,) # EINPROGRESS, EALREADY, EAGAIN
    RETRY_HARDER = (110,) # ETIMEDOUT
    FAILED = (111, 103,) # ECONNREFUSED, ECONNABORTED
    SUCCESS = (106,) # EISCONN
elif platform.system() == 'Windows':
    RETRY = (10035,) # WSAEWOULDBLOCK
    RETRY_HARDER = ()
    FAILED = (1022,) # WSAEINVAL
    SUCCESS = (10056,) # WSAEISCONN

one other issue is that EAGAIN seems to mean multiple things and i havent been able to figure out how to discern extra context via select/connect_ex.

sometimes retrying after an EAGAIN works and other times it hangs 🤷‍♂️

@stark spear, welcome to our community.
This channel is about computer networking, and not social networking. I hope you can find better help in #1035199133436354600.
If you ever have any questions regarding computer networks, feel free to ask over here.

oh i see

got it, thank u sir

i made a python socketserver ```py
import asyncio
import websockets

async def echo_server(websocket, path):
try:
await websocket.send("connected to server: ready for echo")

    async for message in websocket:
        try:
            print(f"Received message from client: {message}")
            # Process the received message here
            await websocket.send(f"Received: {message}")
            print(f"Sent response to client: Received: {message}")
        except Exception as e:
            print(f"Error processing message: {e}")
except websockets.ConnectionClosedError:
    print("Client disconnected.")

start_server = websockets.serve(echo_server, "0.0.0.0", 8765)

asyncio.get_event_loop().run_until_complete(start_server)
asyncio.get_event_loop().run_forever()
and i want to connect a computer from cc:tweaked computercraft to it with the following code written in lualua
local ws = assert(http.websocket("ws://myip:8765"))
print(ws.receive()) -- receive welcome
sleep(2)
ws.send("Hello!") -- Send a message
print(ws.receive()) -- And receive the reply
ws.close()```

i used this code with a public echo server and it works

but when i hook it up to my own server i can only send messages from server to client

i can not send anything from client to server

i tested both client and server and they work independently

what am i doing wrong?

whats the best way to learn how to make a private network system in python? i need to learn how to make one for my A level project but dont know where to start...

What are the main frameworks for networking? Paramiko, Netmiko as the extesion of paramiko and something else worth learning?

Idk I just use the standard library. What do you network?

I mainly use networking for Routers and interacting with them. I want to start using SNMP functions as well.
The big issue is that i want to start automating a huge ammount of routers and L3 switches (probably way more than 50k).
My idea atm is to create a DB with daily backups and SNMP readings but for a small population of routers and then expand

@vestal scroll i like your profile pic , nice duck

Would be nice to keep the channel on topic ^^

depending on what you're automating, you could do something like ansible to run tasks using snmp

hmm well I am able to connect to my home network via my phone ,but im not able to do the same with the pc, there are too many networks near me , and it does not show networks after a certain number of them. its not even showing network of my mobile hotspot

help

wrong discord server

please read description

What kind of netwokring is thsi?

seemskinda lame tho\

like how tls is really cool

can we just talk about how tls is kinda scuffed tho

CAs signing CAs signing CAs signing-

do you guys have any better way to communicate securely?

you could have a secure conneciton with passwords or smth

but

Is there a problem with our existing secure communications protocols?

The nsa

That sounds right

Don't think so. IPv6 has it's own special address for listening on all interfaces

Don't remember what it is off the top of my head

Isn't it just ::?

yes

When I send an outbound TCP request to a server and on Wireshark, it showed to be Connection Reset [RST, ACK]. Is it issue on my side or issue on server side?

How can i bypass this or log out in everywhere where ever it is logged in or have the session data or cookie related to this account. I am trying to login my student account for the exam comming up but i can't log in and says this. Last time I log in to this account in a computer shop in the last exam which is 6 months ago. I don't know why they keep a session data expiry that so long or cookie. How can i solve this from my side? I think the shop I last time logged in they don't do this often so probaly they have not log in any other account for this site after me (my guess). Also last time i forgot the password for the account and the site did not have a forgot password option. So I went to college and and tell them that i have forgot the password then they give me the password that is save in raw.
(Do you think this is a poor practice and design for a website?)
How can I login in my account again?

Did you try clearing cookies/data and resetting browser settings?

I doubt anyone here can help you much beyond that.

i have cleared all the cockie for this site in my all browsers. that i have with me and used to login with
so the only prosible place will be the shop where i last time print out a copy to submit in college from this site
but i can't got to the shop and has no contact with them.
if there are any other way possible

The only solution I can imagine is that the website owner fixes their ish. I would badger them until they do.

My Google is weak today. Does anybody know of an application that actually uses the urgent flag/pointer in TCP?

Good day guys!!

Please can anyone help me on how host my twisted project so that my users can send and receive bytes to each other.

I am using digitalocean

Thanks in advance

Please guys help me I needed this

what do you need help with exactly?

I have a python twisted code that uses Datagramprotocol to send and receive bytes from one user to another but it's locally how can this go in production mode I am using digitalocean as a server deployment company

do you know how to host something?

Yes I know

what issues are you facing when hosting the app?

I never hosted a python twisted Datagramprotocol to live

Is your networking system peer-to-peer or server-client?

Usually it's always server-client to some degree, so you host the server program and ship client programs

Peer-to-Peer

Then you don't need to host any server

Keep in mind that if a consumer wants to communicate with another consumer somewhere else around the world, they need to set up port forwarding

i think wireshark has mostly tcp filtering no sure abt the other one tho

what is this server

🙋 Looking for a study buddy to dive into Machine Learning with!
⏰ Ideal if you're in or around my timezone (UTC +2).
🧠 Should have some familiarity with:
RNN (Recurrent Neural Networks)
LSTM (Long Short-Term Memory)
🌲 Regression Trees
Feel free to reach out if you're interested!

This channel is not for socializing, it's about computer networks 👍

please read description and delete ty

try moving over to #data-science-and-ml

hi

why would someone make a website using http requests instead of https?

alr

so

budget? is it harder?

essentially,

HTTPs is just HTTP over TLS

what you're asking is why would someone create a connection without TLS

(TLS is the shit they use to secure connections)

anyways so

tls is transfer layer security righ?

yup

anyways so

an overview of how TLS works is

(oh god i need to explain a lot of shit)

firstly

we have a symmetric cipher

oh lòrd 😭

basically, 1 key to decrypt and encrypt

alright

S = symmetric cipher
S(key, plaintext) = ciphertext
S(key, ciphertext) = plaintext

secondly

yup

you have a "key exchange algorithm"

what it does is

the client needs to send a "public key" to the server, and vice versa

what both sides do, is use it to create a "shared key" for the symmetric cipher

no not that

was that pgp?

https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange

its usually elliptic-curve diffie-hellman, but same concept

anyway

the issue is

someone could sit in the middle

and create a connection with both the client and the server and decrypt and re-encrypt all the msgs and read them

so

you need a digital certificat

heres the real hard bit

so

gotta eat dinner

oh

okay :c

@ember ledge back

i thought you bailed on me @edgy pelican

i had to eat dinner

it was 7:45 here

anyways

the good part

so now, the server needs to use a certificate

essentially it works like this

sign(private_key, data) -> stuff
open(public_key, stuff) -> data

the sign just signs the data, and you can re-"open" it with the public key

it ensures authenticity/integrity

this is like ssh keys

yeah essentially

the problem is

you dont know if those keys are actually from the server or not

which is big sad

oh

what you need is a CA

(certificate authority)

a CA has their own certificate public & private key

what they do, is the CA uses their private key to sign the server's public key

how do you know that the certificate is from the server

very cool

problem solved

next problem: how do we know if the CA hasn't been hacked

yeah

which is big sad

what happens next

is another CA uses their private key to sign the other CA's public key

now how do we know THAT hasn't been hacked

we get another CA

and so on

is this a joke 😭

no this is actually how modern communication works

so you keep signing it... forever?

its kinda funny

ah thats the problem

you can't go on forever

you need to have someone at the top that you can trust

my ISP?

@ember ledge you can actually see this

no

the DNS?

there's like 3 top CAs

if they get hacked, the entire internet essentially crumbles

i hope that happens

would be funni

so is that what https is?

that's TLS

HTTPs is just transmitting data using TLS

i understand now

http isnt even complicated

i read some http requests using wireshark once haha

its not like its public info or anything

wym ;-;

like, the HTTP format

anyway, you can actually see the certificate chain

using wireshark?

no

what OS are you on?

linux

cools

anyway

fire up your terminal

and run openssl s_client -showcerts -connect discord.com:443

im scared

it'll show a whole fuck ton of info about it

only part you want is the one under Certificate chain

whats ssl

!d ssl

read like, the first paragraph

thank you

anyway heres the interseting part https://paste.pythondiscord.com/FKZA

what about the 443

the domain port

443 is the default HTTPs port

ohhh i see

80 is plain ol' http

anyway you can see the cert chain is quite short

uhm... can i ask smth?

what

whats a port 😭

i always forget

sorry

In computer networking, a port or port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port at the software level is identified for each transport protocol and address combination by the port number assigned to it. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP); those port numbers are 16-bit unsigned numbers.

a connection ENDpoint

so like

basically only for the server

well what if my phone is a server?

then you need to open up a port on your network for anyone to connect to it outside your network

(network as in LAN)

i understand

this was surprisingly informative

✨ information ✨

thank you <3

anyways you can see the cert chain

the discord one is shockingly short

the bottom one (the server cert) is a cloudflare certificate

 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
   v:NotBefore: Nov 19 00:00:00 2022 GMT; NotAfter: Nov 19 23:59:59 2023 GMT```

the top one is also a cloudflare certificate
``` 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 27 12:48:08 2020 GMT; NotAfter: Dec 31 23:59:59 2024 GMT```

theres 2 of them

which is very little

google.com has

3

and all of them are google certs, even the top one

i think you exposed where you live...

i dont think i did

baltimore... im coming

you dont need "local CAs"

i live in asia

oh lol

why

Unrelated to networking, ask in #1035199133436354600 or #python-discussion

Anyone who is into web crawling with python?

Maybe

<@&831776746206265384>

he sent it to more channels

Guys why is this happening

self.transport.write in python twisted says Nonetype has no attribute write

self.transport is None

I dont understand

How can it be None when the class of Datagramprotocol is up and running

Don't know, I just know it's None as the error says

Don't have a crystal ball to guess your code or get some logs either

you should..

Yeah sometimes it could be useful

I am just starting network and i was wondering if anybody has any guides or recommendations on how to use python sockets or if i should use something else for my project(a multiplayer card game for 4 people)

https://docs.python.org/3/howto/sockets.html

That is if you want to use socket sockets. Python has a higher level networking interface in the asyncio library and it's asynchronous, but you would have to turn your program into an async/await program

if the game is turn based then should i use async?

If you still want to use socket sockets, you can use those for the clients and a socketserver socket for the server

alright thank you

You probably don't need a client socket to be asynchronous as each client is going to be using one socket at a time with a game server probably (you wouldn't be playing multiple games at once)

So you can just use socket for the client sockets. Just make sure they are set to not block and use selectors to get the client connection communicating right

!resources

#bot-commands

Anyone here that can give me code for simple quic implementation using aioquic library

A simple client server would work

Or some link to a working example

I would also appreciate any alternative libraries that have good documentation for implementing quic

how do i use selectors? i am complete beginner to networks and sockets.

Nvm, you don't need to use selectors for the client

Hii
I have setup an flask application in my local system which is having post endpoint to get the request
Now I want to make it accessible through internet while flask app run on my system
Is that possible?

You can port forward the flask host and then access your application using your ISP provided IP and the port you forwarded to. You need to configure the port forwarding in your router.

I normally do what cokdheart says but if you're behind nat or don't have the ability to port forward there are tools like ngrok

Best tip I can give you is rent a small cloud instance (from for example Hetzner or some other similar provider). Not very expensive and makes life easy

Hey

Any Django devs here

Why here and not #web-development

Hi all, I am using flask and I would like to retreive the form data. I am sending the form data through a react web. However, I keep getting empty request.form in flask..

    print(request.form)
    username = request.form.get('username')
    password = request.form.get('password')

In case you need the react code:

export const POST = async (formData: FormData) => {
    const url = "http://127.0.0.1:5000/login"
    try {

        const response = await fetch(url, {
            method: "POST",
            body: formData,
        })
        const data = await response
        return data
        return NextResponse.json(data)
    }catch(error) {
        console.log("FAILED")
        console.log(error)
        return NextResponse.json({message: error})
    }
}

#web-development

im having some difficulty understanding how dhts work and how do they function as a look up. i understand each dht implimentation varies and dependant on requirements but generally, how does a mdns dht become reachable. if im writting a p2p software that tries to connect to a mesh net, how can i let other devices on the same network independantly find the nearest peer.

Hi, for video app like youtube is SSE good or Websockets? connection will be one directional i just wanna user receive video blop.It looks SSE is generally good for mono directional but looks so expensive for me

hi! i'm writing a tcp listening server that should accept several simultanous incoming connections and then data from each of these connections should be output together in a single outgoing tcp stream. this is trivial, with queues and all that to communicate between the different threads, or even by using async, but the problem i have is regarding garbage collection. there could be quite a bit of backpressure here, so a lot of data could be queued up in the memory where this server is running and i want to make sure that this is not bloated over time. the only way i have figured that i can safely clean up is by running this in a separate process and then terminate it once it's done.

yup

but i have fixed this by inserting a header when sending out the data at the sender side

the logic for all this is created, the only problem i'm left with is the garbage collection

receiver is not able to receive data quickly enough, so it will build up a buffer of data on the server running this code

it should store it, yes, and that will consume memory. and i need to make sure that this is freed afterwards, since it can be lots of GBs worth of data

it sends it constantly, as long as the receiver is able to receive and that we have available data in the correct order

the inputs are sending quickly, but the problem may arise when the receiver is not able to receive quickly enough

then the memory on this machine will start to be utilized to buffer the data

so you mean once i have issued .send() on the socket, it's no longer "my" problem?

meaning: my memory's problem

but isn't this something that's done after the process terminates?

https://rapidfork.medium.com/breaking-down-python-concurrency-the-gil-and-its-effect-on-multi-threading-b5ab99083cb2

not every input, but every socket

what's the difference between a process pool and just processes?

yeah, so i can have a shared socket for the outgoing data and all the different threads can write to that? but i still need to make sure that this happens in the right order, so i need to have an "organizer" of some sort that will monitor a queue

or i could just use async?

did you see the link i posted?

yeah, but the conclusion i'm getting from that is that i can't use threads safely and get garbage collection

hm, i'll look into this again. see if i can make sense of it

because i have code that uses this that has been running for a few weeks and now its memory usage is roughly 3 GBs

and it's not doing anything

it's not serving clients

but its memory has bloated and i have a memory leak

https://dpaste.org/yS4CX

that's the whole script

it seems like if i let this run for a while and handle a few incoming streams, then the memory usage for this script will never go down, instead it will constantly keep the memory usage of its "largest" run

well, this is async code, so it doesn't spawn any processes

but i'm considering rewriting this to use processes instead, to make sure that the memory is wiped when the process is terminated

but the problem i'm facing is how to make sure that the memory isn't bloated in the main process, but instead in the different processes

if that makes sense

right now i'm considering just outputting ALL data to the shared outgoing socket and then that process will have the job of reordering the packets and then send it to the end destination. it's not pretty, but it'll work

ok, cool 🙂

.. preferably not in Go, though 🙂

gotta run, but i'll check back here tomorrow morning. thanks in advance 🙂

Hehe

Implement backpropagation neural network, trace the error and compute the accuracy.. can anyone help with a step by step instructions?

wrong channel

im having some difficulty understanding how dhts work and how do they function as a look up. i understand each dht implimentation varies and dependant on requirements but generally, how does a mdns dht become reachable. if im writting a p2p software that tries to connect to a mesh net, how can i let other devices on the same network independantly find the nearest peer.

What is the easiest way to create local connection between 2 computer in python(they connect to same WiFi)

Also need to capable to make multiple different connection to different computer

sockets

It work terrible for me every time I try lmao

sockets

Don't need to send twice lol

Then one more question, are there any built-in library that can do similar thing except socket?

instead of that, what does work terribly when using sockets?

Like I tried to connect between my laptop and my phone(since I don't own a second computer), it failed to connect

And another time I tried between 2 public computer on same internet

And also doesn't work

Like at the connection and accept stage

did you use local or public ip address

asyncio

Look into asyncio.start_server and asyncio.open_connection

It is high level and uses async/await syntax though

There are examples in the docs, look up "Python Streams" on Google

well yeah, but it wnot help that problem

The server needs to be bound to one of the private IP addresses on its machine because these are the only IP addresses known to the rest of the entities in the private network

You can get a list of usable TCP addresses for the server by running this on the server machine:

from socket import getaddrinfo, AF_UNSPEC, SOCK_STREAM, IPPROTO_TCP
from pprint import pprint

pprint(getaddrinfo("", 8000, AF_UNSPEC, SOCK_STREAM, IPPROTO_TCP))

The address "" means "any interface/address available".
Just as an example, this searches port 8000 (but could be anything you want, this does not check usability).
AF_UNSPEC means "an unspecified address family", so either IPv4 or IPv6 addresses, maybe others too.
SOCK_STREAM for stream sockets.
IPPROTO_TCP for sockets using TCP

Or use this PowerShell command and pick an address

(Get-NetIPAddress -InterfaceAlias '*Wi-Fi' -SkipAsSource 0).IPAddress

I want to know how a http/3 response for sending html css and img looks like

Local

Isnt the html/css/img just put in the ‘data’ part of the packet?

<@&831776746206265384>

@open olive, we are not an ad board.

Oh ok

Hi, not sure where the right place to ask is. I'm interested in fiddling with code for multi-party video conferencing. I'm trying to get some footing.

This is how far I've progressed. If you know any complete projects, please point me in that direction.

Else we can have a long chat about this topic and make it simpler to digest.

For the record, it's a Python server

I don't mind a pythonic answer, Krypton.

If your current code is in JS, what's the point

We help with Python code or issues/questions, not JS.

you're right, I'll rework it in python before speaking to a single soul. What would I need, opencv, pyaudio, asyncio, aiortc, threading, sockets, requests... I just asked myself: do I need to be doing this, or has someone done this already? Do you have an answer to that question? There is no apropos to fetching projects that I know of.

https://docs.bigbluebutton.org/greenlight/v3/install/ ive been an end user for a site that used greenlight before and it worked rly well, maybe take a look at that?

Its a preconfigured web conferencing web app I think u just gotta do some docker install wtv

If you know then show me the http/3 response to send them

I got this off google but this is what an http3 packet would look like fully encapsulated

an http response is just an http response

that whole thing parsed

guys you have channel i want to learn administration control for my work im currently in computer laboratory assigned im freshment i want to learn basic role of an admin please can someone help me?

you might be better-suited in another discord server

can you suggest me some server?

Thanks for the Answer

HTTP response is not just HTTP response as HTTP version 1.1, 2 and 3 all have somewhat different response. I want to just see how a raw HTTP 3 response looks because I want to know how more than one file in is sent in one response using UDP, QUIC, etc in HTTP 3

Are you sure it isn't socket.Socket?

yes im pretty sure

You probably have to specify the name=value in the parameters

wdym?

What is the name of your file?

If the name is "socket.py", the issue occurs because Python tries to import local data first instead of the library. Change the name to something else, but not "socket".

no its not socket i made sure of that

Some other Python file in its directory is named socket

no no its not

anyway i fixed it thanks y'all

Also just so you know, AF_INET and SOCK_STREAM are the default arguments to the address family and socket type

How did you solve this?

created a diff directory and ran there

in the help section my close post isn't working any idea how to close it?

!close

do i need to keep my intermedia ca's .csr file around after i sign it with my root ca?

I LOVE NETWORKS WHEYYYYYY

indeed

https://denizhalil.com/2023/10/12/secure-communication-with-python/

I'd love to read it but.. UX wise not possible

Thank you very much for the notification. I will fix this problem as soon as possible

Nice

I guess I will try this domain for some time

@ember ledge as a next project, try making it without knowing the key beforehand

tip: ||check out how CAs work||

thank you dude

Hi im a newbie at network programming and im making this I’d like to have some returns if possible https://github.com/ksfi/sniffer

the int(mode) check in run.py seems like a prime candidate for the strategy pattern

hi guys, i wanted to learn Python. and I dont know anything about codes and programming, maybe a little, can anyone help me learn ?

This channel is not for social networking, ask in #python-discussion

why dose python get the riff raff 🤣

huh?

Hey , may i ask for help , i tried to connect to clients and i want the first client to get the message that the second client connected , heres my code:

From where do you have that

from a textbook

Then there's likely an explanation before/after

there isnt

its just in a section with questions

but i couldnt find how to calculate it in the chapter

You don't get random questions in a text book

i know

You get questions based on its content, so use the content to answer

but i couldnt find anything

anyone know a good network api

What sort of "network API" are you looking for? To do what exactly?

one that can work with pygame

Like this? https://stackoverflow.com/questions/9961752/basic-networking-with-pygame

k

hello there, pretty much new here. wondering if anyone knows how to fetch API using python requests with some generated headers and how to detect those generated headers

https://api.debank.com/feed/hot_list?limit=100 <- lets say for this endpoint, i want to fetch it datas. While it might work a couple of times, i always get rate-limited after a couple of request. I came to a conclusion that I am getting rate-limited because it keeps generating new nonce, sign, or ts. (can someone pls confirm if this is true too) or even checks if the same User-Agent keeps getting in which I dont think should be the problem

Oh and fyi I call request for every 50 minutes which doesnt make sense to get a 429 response (too much requests)

Thanks in advance

You have to respect the API's rate limits, which the API needs to cover somewhere in its documentations. In any case, it's a good idea to store cached data and only fetch again when it is necessary to get an update. As an example, you can have fetch functions which periodically fetch up-to-date data every now and then according to what the rate limit on a specific resource allows, cache the data, and use non-fetching functions which use data from the caches

This is good

@ember ledge can use more strong encryption to create a encrypted tunnel for client and sever

fernet is basically as good as can be

(which isnt saying much)

Need more development

its like how vpn companies say "military-grade encryption"

well no shit everyone uses "military-grade encryption" (well, except for people who use outdated shit, and chacha20 probably but its about as secure)

VPN stores our activity in logs .....and not much encrypted they are basic ....well a skilled system admin can trace

not really

VPN encryption is as good as it can be

I prefer proxy chain ⛓️

Multiple proxies

VPN set us at one location and can be filtered by sys admin

back

well then use it

👽

what im saying is that strong encryption isnt hard

Yes true buddy

Yup can be used for chat apps too made by u right ✅️

me: makes a chat app

"military-grade encryption"

Cool

What u do ? College ? Job

grade school :P

Cool

any guidance at this? and i do respect the APIs rate limit, it is just that for "some reason" that im not sure what... either it being the parameters i mention above during the request header or is it another factor

anyone did ssh using paramiko library ?

I have yet to implement what I talked about. I suggest looking for an official Debanked API wrapper on PyPi. If none exist, you're going to have to implement one on your own. Being rate-limited in HTTP means receiving an HTTP 429 status code. In short, this response code is received when making too many requests regarding a resource, not because you included the wrong headers in the request. RESTful APIs respond with 429 responses to tell their users they won't be served for sending the same request regarding a resource until a duration of time passes or until a date is in the past (dictated by the Retry-After header in the error response). You can learn more about caching specifically in HTTP in here. I don't know which headers Debanked's API expects you to inspect for caching its resources if it even uses any. It might just be in the documentations

Many people have. Try asking your actual question.

i see, thanks for the insight... are u 100% sure about the no headers in the request though? because I am seeing a changing nonce, sign, and ts on the front-en (lemme link u up the website url) https://debank.com/stream?tab=hot and u can see at the end of request headers there are changing generation of those parameters. Also, debank openAPI doesnt provide this endpoints.

is there any reason their 429 response never gave a Retry-After? i tried printing it using response.headers

thanks for the help though

It's not required by the server according to the proposed standard

okay thanks for that

still wondering why only debank has this nonce and stuff

just tested in the server, 1 request per 1 hour and still isnt working, getting 429 after 5 requests

and trying on the front-end too, refreshed 10 times in a minute and it's still working haha

Considering said front-end provides additional headers in its requests, it might be an issue of authentication or authorization

The API probably wants you to authenticate before being able to make these requests

Meaning Debanked's API is weird for sending you this error response for an authentication error

so their authentication or authorization is a bit weird i think, they use this Account key

which gets some random id im not even sure how to get those

at first i thought it shouldnt be a problem since i could be fetching a couple time

Well do you have an account?

It's weird that you need an account key and not some specialized personal API key

i do!

Then use that key if it abides by their terms of service

lemme shoot u with a screenshot

i took a conclusion that these keys arent necessary... but after running the request for usually the 5th time, i get rate-limited as always

and would have to wait another 5 hrs to be able to fetch again

while i could reload website normally

10x every minute

To be sure, are you making HTTPS requests?

In any case, the X-Api- headers seem vital for it to work. Aren't they covered in the documentations of the API?

You may want to remove this screenshot from Discord so people don't authenticate as you by the way

removed, thanks for the reminder haha

nope, and yes i think it's vital for this request

yup

https request

The Account header might be vital too, it isn't standard. It's weird that it isn't prefixed with X-Api- like the rest

Though maybe it's because it isn't necessary for the API endpoints to be used

so i keep trying to find these x-api- keys and ways to generate them

is it possible they're stored in the front-end?

It says on https://cloud.debank.com/#view-all-apis that the initial rate limit for API calls is 100 requests per second, and from https://docs.cloud.debank.com/en/readme/open-api I understand it applies to the Pro Plan

Here are the error codes they use just in case you need to know them: https://docs.cloud.debank.com/en/readme/error-code

And it seems you should be using the API through specific endpoints

yeah, i understand that

Which feed doesn't seem like one of the endpoints

the problem is, the datas i want arent provided thru their made endpoints

haha

Then it seems you can't legally access feed data

If that is a thing

Or their documentation is severely lacking which is unlikely

Maybe it is true that the documentation is lacking because you seem to be able to use that endpoint through a web browser

Where did you even get that endpoint from to begin with

this is true

possibly not

uhh i just had to check the network and apis they r communicating with

im still wondering about these x-api stuff tho, like how r they generated? because i have checked repeatedly that there r no back-end involved for these keys

It sounds funny to me that this part of the API is exposed for web browsers but not documented for users to use

Should've been hidden behind the servers of the actual website

In any case, you shouldn't try to use these API endpoints because they're undocumented

Might want to contact them about it

hahaha yeah apparently so, do u by any chance know how to check front-end functions or somewhat reverse engineer them?

i see

would they tolerate me knowing i been trying to scrape something they dont provide tho? hahaha

It isn't legal unless specified otherwise by the terms of service or whatever seems relevant as it

It's a fault on their part for failing to hide this side of their service, but it doesn't legally allow you to use/reverse engineer it

this is true too

hi there is some one familiar with the DNS server Bind9 in Ubuntu22.04?

is for a task i have to do but i have an error in the /etc/bind/db.local config it probably in the MX well i attach some photos and if someone is interested pls tell me what should i do I'm attaching a config photo a cheack photo and a status of the server cheack

ty

ik this may not be the server correct to say this but if someone know what should be could help me i would be happy 🙂 ty

networking

intersting

but its seems hard to learn

what kind of networking is strong

for Penetrate

as n Security purpose

Good day guys!!

I think I am in the right place,

Please did anyone knows how run a twisted server in production????

Thanks in advance

im looking to setup a local proxy server that i can route all my traffic through and modify as i need
something like mitmproxy, any way i can do that?

Something like mitmproxy? Why not... mitmproxy?

im planning on making a web content filter and since im not sure if i can stop mitmproxy from being modified, i decided to try and make my own

this question arises from my superficial understanding of the OSI model and websocket connection:
It came to my understanding that in the context of ws connection between a client and a server. only the server sends PING frames.

• what would be the benefits/drawbacks (if any) of explicitly making the server disregard any incoming PING frame?

ICMP is sometimes blocked to avoid letting outsiders know, "it" is up, by preventing them to send an echo and make an attack a little harder, like doing a port scan, because u'd know, which one is up and the scan would be profitable. (correct me if wrong)

most of the time you can just send a SYN if ICMP is blocked

so either i have some serious ressource reading to do or we're talking about different things.
the PING frame i'm talking about is the one sent by the server in what is called heartbeat whatchamacallit.
the server pings each of the connected clients, regularly to see if they're still reachable or not.
it's delivered through the websocket connection

hi rme

https://stackoverflow.com/questions/46111656/must-websockets-have-heartbeats
Just did a quick google because I was curious as well; the answer seems to be no, you don't have to implement nor respond to PING/PONG events.
But if a client or server is expecting that practice, you cannot ignore it either.

yeah, i came across that answer. what i understood is that:

• servers sends pings, not clients
• the browser api (WebSocket) doesn't even expose a way to send a ping from the client because that isn't what a client sends
  then, some time later, while reading about nginx, i came across a directive to explicitly disregard PING frames. and that's why i asked whether to set it or not.
  now, after a bit of thought, i'm tending towards not having to explicitly disregard these frames, because:
• for a ping to be sent, a ws connction needs to be instantiated and in the end-of-world scenario where someone managed to establish a ws connection outside the vue app, they can check the status of the connection by other means.
• i can easily forget about having set that directive in some distant future and cause myself unnecessary pita if i ever wanted to make something that relies on my server being pinged that way

Well if the server or client are using PING/PONG events to determine whether the heartbeat is still alive (which is the primary purpose for this) then I'd imagine it might be an issue if you're dealing with clients that are expecting them.

If you own both the server and the client; then it seems reasonable if you have some other way to determine whether a specific client has and is maintaining a connection. I'm not sure why you'd explicitly forbid this behavior personally, because it's kind of handy as a level of abstraction to know if your websocket is still alive.

If the server is sending PINGs, the and the client is responding with the appropriate PONGs, then that's still the client implementing that behavior. If you only control one point in this chain, there could be logic you're not accounting for in whether or not some sort of reconnection behavior is dependent on these events occurring.

Typically a lot of what you're going to read about handing PING in the context of networks is going to be as other users suggested, ICMP 8 0 events. They have some dangers associated, but a PING/PONG event in the context of a websocket is probably less of a concern.

what i was asking if i should do or not is: Should my server acknowledge incoming PING frames, at the NGINX level.
it will be always able to send them, as in outgoing PING frames to clients.

Ahh, I'm sorry I misunderstood.

no worries, lol. you pushed me into seriously stepping up my defense game anyways

I don't see any reason for you to explicitly forbid that behavior; but provided you're the writer of the client and you aren't going to implement any logic that relies on the client sending a PING to the server, then I don't see it being an issue disabling it.
Clients can still send PING events, and the server should still respond with a PONG.

Whether you want to take advantage of that is entirely a design decision, and I don't think it has any security implications in either direction that wouldn't be covered in the establishing of the connection anyway.

the thing is, what i gathered to understand is that this isn't anything like the ICMP ping, this is a websocket frame that doesn't carry any data except that hex that any client implementing the ietf stnadards of websockets responds to appropriately

Actually it works more or less the same as ICMP pings to be honest. Both ICMP pings and the websocket pings themselves can contain data, and the protocol dictates that data should be reflected back in the response in full.

yeah, what i'm gonna focus on is to learn and understand exactly how the browser ~instantly knows when a ws connection has been terminated. it checks the socket through an os sys call, alright. how the socket ~instantly knows that the ws connection has been terminated, and so on and so forth

i know that it's at the tcp level (for the socket part), but still, i have too many knowledge gaps that i frankly am not confortable with

Sockets are implemented through TCP;
My impression (and honestly, I truly don't know) is that SYN/ACK flags are degraded over websocket connections, they likely emulate UDP afterward, whereby you're sending minimal headers with data-- without actual acknowledgement; it would kind of defeat the purpose of a websocket if it was just a regular TCP connection.

Since you're no longer tracking SYN/ACK sequentially in that manner, you probably need some way to check that your connection has degraded or disconnected entirely.

Wireshark or something would probably reveal this behavior pretty transparently-- you should be able to see how your syn/ack flags increment during that particular TCP session.

i see, thanks, man, yeah i think learning wireshark is a must

i believe that it operates over a single tcp connection, it starts as an http request with an upgrade header, and once it's in the realm of websocket, it's pretty much magic to me (the inner mechanics)

Yeah I'm not super up to speed on the specific inner workings, I just know that conceptually I don't think websockets could support the speed and multiplexing they're intended to have without kinda' stepping around the TCP protocol after the initial handshake.

hmm, i understand. if you have any ressources you can throw my way, i would love it. for now, i'm pretty much stuck between surface level litterature and RFCs lol
even title of books that you found very insightful when it comes to networking

Hmm. I don't have any good networking books off the cuff to be honest.
Most of my learning has been formal, through classes and whatnot. A lot of Cybersecurity tends to be raw memorization of protocols and implementations in formal settings. 🥴
If you find something that helps you though, please do let me know so I can add it to my own collection.

i admire your academic breath abilities, that must've not been easy at all, lol

💯% for the books, i will ping you with titles whenever i found a really good one

Eh, just don't ask me to do anything beyond addition and subtraction in math, that ship has sailed. 😅

lmao, well you did the brunt of the work when it comes to that, so you earned your right to chill

@snow yoke
RFC's (Online)

And the these two books I thought are not bad:

https://www.amazon.com/TCP-Guide-Comprehensive-Illustrated-Protocols/dp/159327047X
https://www.amazon.com/Protocol-Suite-Mcgraw-hill-Forouzan-Networking/dp/0073376043/ref=zg_bs_g_3624_sccl_21/134-8092353-1786211?psc=1

Neat, cheers. I've read through plenty of RFC's. I have a pretty good intuition for how a lot of the common networking stuff works, so I'll give those a read and if they kinda' hit what (I) think should be covered, I'll add them to my recommended list. 😛

Thanks again!

you are welcome. Networking can get crazy by going in too deep.

so, i feel.

rfc goog

I played around a few times with scapy to craft and understand "packets" and so on but I need to do it more frequently.

while looking in wireshark, what is happening.

ah cool

That’s basically how I developed an intuition for packets, encapsulation, and the OSI model as a whole. Just screwing around until things “clicked”.

make it, break it, learn. Practice, practice, practice and repeating. This is the way, I do but unfortunatley I forget stuff, if I haven't looked into it, for longer time.

(at home ofc.)

From my research, it's just a different application-layer protocol which uses the same ports (

80 for regular WebSocket connections and port 443 for WebSocket connections tunneled over Transport Layer Security (TLS)
).
I think the purpose is simply using a different application-layer protocol than HTTP/1.1. Read https://stackoverflow.com/questions/28582935/does-http-2-make-websockets-obsolete - seems like web sockets is a technology which is superseded by HTTP/2.0. If you want UDP behavior for HTTP, why not use HTTP/3.0 which is implemented atop QUIC over the actual UDP protocol?

Python TCP socket methods raise an OSError exception when the connection is terminated improperly due to a problematic internet connection or due to a clueless peer or connection problems on either peer's side. According to TCP's RFC, connections terminate properly when either peer sends a packet with the FIN bit flag set and the termination process goes on to completion. Python's socket.socket.send sets this bit flag when sending an empty message

i see very well, thanks man

so the PING frame is for the server to check the health of a websocet connection. it seems like the very nature of the ws connection can create a situation where the tcp connection is open but on the application layer level, the webocket connection isn't operational

there's no way around it. this is ietf RFC realm, i can't rely on tech authors' effots alone

I am in a situation where my school network manager can see all my network traffics, should i use tails linux or just a vpn is enough?

I am under the assumption that you are in school

so the question arises, what are you looking at that would raise questions by your network manager

but yes a VPN would be enough assuming there is not a system installed on the device

github

why would github raise questions

My school blocks github because of the 0.5% of bad softwares on it

that is dumb

i agree

https://tenor.com/view/no-noo-gif-12572306

I was working on youtube API and I exceeded my quotaaaa 😭

help meeee XD

All you have to do is wait.

I know 😭
But I'm stupid for not being clear about my intentions behind my message and I apologize for that.

I wanted to know if, with the help of testing libraries, one could just do a few general request and save them in JSON files, then create unit testing functions instead of just sending a request then realize I wrote videoId = requests['videoId'] and got requests is not defined because I actually named my variable request XD

You know, just to avoid those long hours just "writing" the code if that makes sense?

You can, no need of libraries either

Me i think you can use both

What exactly do you mean? Use vpn on tails linux?

wdym can see all my network traffic

are they just passively viewing it or mitming the traffic

both, probably

It's a school

They have some legal requirements to make a "best effort" attempt at certian things

its an either or situation its not both lol

anyway

is it possible to create a c++ server socket, host it on your ip, and then try to connect to it using a curl request on windows? like Im trying to create a c++ rest api from scratch using sockets, and im wondering how can i test it,so for testing it do I have to create a client socket too?? im wondering how to simulate as if the server has recieved a http web request .

Currently on using curl curl -v http://localhost:8000/ im just getting the error where the server refused to connect.

very beginner question but what exactly does it mean in the docs when it says socket.socket() 'creates' a socket https://docs.python.org/3/library/socket.html#socket.socket? from what I read a socket is just an endpoint that is ip + port, so there isn't really a 'creating' of a socket. can someone please explain to me thanks

To what host is the server socket bound? That should be what you enter in localhost's stead

Web browsers can connect even to local servers like these, so it's definitely possible as long as you connect to the right address

Just an object which transmits packets over a network. An endpoint of host & port is a bound TCP socket which listens to endpoints whose deal is simply connecting to it. Then, they communicate over TCP

All via different methods of the same type of object

You construct sockets to communicate over TCP when you do socket.socket(). The default arguments construct a blocking, streaming TCP/IP socket, but you can override any of them by passing different arguments into it

You need to read https://docs.python.org/3/howto/sockets.html as a beginner

server_socket = socket.socket(socket.AF_INET,  socket.SOCK_STREAM)
server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1,)

i am not sure what the second line does
if you could clarify it to me

https://stackoverflow.com/questions/21515946/what-is-sol-socket-used-for

wrong channel, #ot0-psvm’s-eternal-disapproval is more suited for this

and also please read the channel description next time, located on the top of the discord app/web page

Um what does jo-selfie-pond mean?

?

the ot channel name

oh

I was thinking the same way to encrypt the packet when making my own tcp chat-server. I'm just worried if the user could've just capture the packet and take the encrypted message and using it to spam the servers with the same packets cuz yk the encrypted data never changed.

It sets the socket option SO_REUSEADDR to true, which allows different sockets to be bound to the same address without waiting a time duration referred to as TIME_WAIT by the netstat program

mm
thanks🙏

Needless to say, the implementation and behavior is different across different platforms

This stack overflow answer is thorough

https://signal.org/docs/specifications/doubleratchet/

double ratchet

(man, the signal protocol is great, its like its a widely used standard across messaging platforms or something! oh wait, it is)

they have a system to see what websites you visit and they can see every single network request you make if they want to

sorry for the late reply

I'm working on a project that has a tcp socket for clients to connect to and I want to encrypt it with SSL. If I get a cert from let's encrypt will clients need to install it before connecting? Or will it be like HTTPS and automatically be verified because let's encrypt is already trusted by clients?

@ember ledge does this question ^ even make sense? also, how does an os socket detect that the tcp connection is no longer (since i understood that that's how the browser detects a websocket connection is no longer)

i see, i see, thanks man. well at least this convinces me further that it's at a lower level than anything i'd dabble in

lmao, so true

i hear you. the thing is, it's like when you swim in clear water, the bottom is always way further deep than it seems at first lol

yeah, i really like that python always try to abstract complexity but not obscure it. many times, it exposes the underlying endpoints of the C api. like in socket, for example. it's literally the same hooks and options

hahaaaa, amen

that's very true

i just checked coq on google, that's in the realm of sorcery for me, lol

dang

this, i think i kinda get, yeah

i'mma ping you in an ot channel, lol, i'm sorry if this is getting annoying

so they can see the request or can decrypt it

I think they can directly sees it, even they can't they can just see your previous screen

ah so its a school computer

yeah just give up :p

esp. that you doing it would probably anger the school

If I get a cert from let's encrypt will clients need to install it before connecting?
You can check that by simulating the case and testing. Download the Let's Encrypt CA chain and use it for the server and not for the client, explicitly so, and try to connect the client to the server with a default context like from ssl.create_default_context. If the TLS/SSL handshake fails, an ssl.SSLError exception will be raised on the client program. Look out for one about an untrusted host certificate in order to get your answer.
Or will it be like HTTPS and automatically be verified because let's encrypt is already trusted by clients?
Read Python's explanation of certificates. Additionally, look at the examples of using Python's ssl module to understand how verification is done on both sides. If you're using asyncio to create either the server or the client, peer verification is set up by passing an ssl.SSLContext object to the ssl parameter of the respective functions and a string for server_hostname for the client side function. Encryption in TLS or SSL is done using ciphering protocols at a networking layer which, as an application, you don't control beyond being able to choose security settings and letting it do its job basically. Verification happens in the server and client programs themselves. Read the security considerations section about certificate verification settings and cipher selection settings as well as other security considerations

They say I'm allowed to bring my own laptop

did the school tell you to install a certificate on your laptop

or do you need to enter your password the first time you join the internet

if so you're fucked

Thank you!

not this

but why this?

did they

like, enter your laptop password

its a wifi password

no

but why would it matter?

Just wondering

just wifi password and you're connected?

yep

did you have to do anything special to enter the wifi (install anything, download something, ...)

I think their wifi authentication is username and password

nope

wait then how can they see your screen

that deosnt make sense

and how do you know that in the first place

like, know they can see network traffic

oh theyre different

when i say they can see your screen it's when i'm using school computer

They probably can't see decrypt the request if I'm using my own laptop

oh yeah you're fine (unlike me)

just avoid HTTP (not HTTPs) sites and you'll be fine

and avoid doing stupid stuff on school computer

and using just a vpn is enough?

you probably wont even needi t

but they can see your DNS

okay? just change your dns to 1.1.1.1 or smth

Okay

but i have another question

what are their ways of them decrypting the request when I'm using school computer?

idk just dont do stupid stuff to be safe

i gotta go to class in 3 minutes so cant really explain

but i know they can see every single keyboard input on school computers

(they can just always look at search history)

okay have fun

thanks for your help

(im not going to)

uhm oops

good luck then

i think i'll go to sleep

School computers can restrict applications like VPNs from running so it's trivial to MITM yourself

but can they decrypt https requests?

Because TCP/IP sockets are connection based, a good indicator is checking whether the socket's IP address and TCP port, which are a TCP/IP socket's unique identifiers basically, are in use.
[Explained by Wikipedia:]
After a TCP/IP socket is done as in programmatically closed/released and the connection is virtually gone, the system waits for a few minutes before allowing the IP address and TCP port to be reused for new connections. Wikipedia explains this here too and there's a diagram :D (although it is unrelated).
[Not explained by Wikipedia (as in I didn't link a Wikipedia article):]
You can configure it so the system doesn't delay reusing by setting a socket option like:

sock = socket.socket()
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, True)

This apparently works on some platforms, but the reuse delaying behavior for a connection is platform specific and may require setting other socket options on some platforms to match results. It all is explained in this Stack Overflow answer, which, I have to note, has an astoundingly impressive number of upvotes.

Other than that, ungraceful disconnects means resending packets a few times to see whether the peer is responding or timing out on waiting for an acknowledgement, truly disgraceful. I know setting a global socket timeout in Python is possible as a function under the socket module, but I think resending is done by timing out then resending then repeat basically by the developer. The heartbeat system in web sockets is basically a timeout based system for (hopefully gracefully) disconnecting yourself unless your PING message was acknowledged by the peer with a PONG message on time (and not by looking at TCP ACKs for God knows what reasons). Heartbeat control frames are literally interjected between other frames, by design, every heartbeat

goddamn, man. i would kiss you if i could, lol

this is truly trully a nice explanation

i see very well, now, thank you ( :

I'm currently reading this. A great find, man

I'm not keen on how VPNs, beyond being proxies, attempt to hide personal info (sorry VPN ads on YouTube, I didn't listen one bit), but I think that if you're using the school's network, through WiFi or through Ethernet cables, then you're physically giving access to all of your traffic through their network routers/switches/whatnot and there's nothing you can do about them choosing to monitor this traffic except by begging

How can I get the symmetrics key in python SSL library (I want to capture my traffic in wireshark and dycrypt them):

i open socket like this:

        raw_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        raw_socket.connect((self.hostname, self.port_number))

        self.raw_socket = raw_socket
        sock_addr = raw_socket.getsockname()
        print(f'connected to: {self.hostname}:{self.port_number} --> {sock_addr[0]}:{sock_addr[1]}')

then in other function I do this for creating ssl context on socket:

        # Create SSL context
        ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
        ssl_context.check_hostname = False
        ssl_context.verify_mode = ssl.CERT_NONE
        ssl_context.set_alpn_protocols(['h2'])

        # Wrap the raw socket with SSL/TLS
        ssl_socket = ssl_context.wrap_socket(self.raw_socket, server_hostname=self.hostname)
        self.tls_socket = ssl_socket
        print('TLS connection established')

How can I get the symmetric keys here like SSLKEYLOGFILE format in browsers. I could not get the keys with setting the SSKEYLOGFILE env variable.

the format for LOGFILEKEY that wireshark uses is like this:

CLIENT_HANDSHAKE_TRAFFIC_SECRET d64ca46ac763ec65fba8efdb5fa88842b7e37796f5b4312985739af37a572cea dfa5f6e1c83d6f0e6f8b80411d84318ae4af8e56e0beb83faea6d76396501daf
SERVER_HANDSHAKE_TRAFFIC_SECRET d64ca46ac763ec65fba8efdb5fa88842b7e37796f5b4312985739af37a572cea 4c81cfd56f7e7bd4fd929bf059d29e2e230eb13039a22405cb5eeccf47e36a54
CLIENT_RANDOM 2da4c0fa3cae4d19fe4306b166e0c452cd49686d35da63cec5e112efb1ec2151 ae2c318e7e3a08f57398c28fb73da11f2feb50c5a8997330a6183b9ab75bdcd37fb2030eb921dc797d314e964c7a71c1

idk read openssl docs

I thought private keys change each session

You can read about decrypting captured TLS packets in Wireshark here: https://wiki.wireshark.org/TLS

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED]

I used a python package called python-certifi-win32 to fix this issue, but when I make an executable and run the file I am getting this error again. I also referred from another post and directly imported certifi-win32 package into my program and it worked except I am getting the same error in another part of my project.

This is the fix I got from another post.

if sys.platform == 'win32':
    import certifi_win32
    os.environ['REQUESTS_CA_BUNDLE'] = certifi_win32.wincerts.where()
    certifi_win32.generate_pem()

This is the error I am getting after trying these fixes:

Exception in Tkinter callback
Traceback (most recent call last):
  File "tkinter\__init__.py", line 1948, in __call__
  File "customtkinter\windows\widgets\ctk_button.py", line 554, in _clicked
    self._command()
  File "src\app\frontend\main_ui.py", line 51, in run_orm_google_sheets
    status = orm.run_google_sheets_save(drive_folder_id)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "src\app\backend\oscilloscope_report_maker.py", line 219, in run_google_sheets_save
    spreadsheet_id = gs.create("Report")
                     ^^^^^^^^^^^^^^^^^^^
  File "src\app\backend\google_sheets_api_methods.py", line 41, in create
    .execute()
     ^^^^^^^^^
  File "googleapiclient\_helpers.py", line 130, in positional_wrapper
  File "googleapiclient\http.py", line 923, in execute
  File "googleapiclient\http.py", line 222, in _retry_request
  File "googleapiclient\http.py", line 191, in _retry_request
  File "google_auth_httplib2.py", line 218, in request
  File "httplib2\__init__.py", line 1724, in request
  File "httplib2\__init__.py", line 1444, in _request
  File "httplib2\__init__.py", line 1366, in _conn_request
  File "httplib2\__init__.py", line 1158, in connect
  File "ssl.py", line 517, in wrap_socket
  File "ssl.py", line 1075, in _create
  File "ssl.py", line 1346, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)

I hope this is the right channel to ask this question.

@hot helm is there anything wrong with the default context created by ssl.create_default_context?

what vpns do is they encrypt your request and send it to the vpn's server

i think

Im not really knowledgeable in this area, I am a student, what do you mean by that exactly?

All ik is that, the company in which I am doing the internship in uses self signed certificates, and they didn't work in the beginning and later I tried the fixes as I mentioned above which worked well but didnt hold up after making an executable.

Im sorry if I sound like a noob 😭.

The context created by the ssl.create_default_context function has access to CA stores with trusted authorities for everything I've ever tried connecting to

This error means the handshake which verifies a secure connection failed

Oh okay

Could be due to not having a trusted authority in the CA chain, or by not having verified the host during a handshake

I think it's due to not having a trusted authority.

I'm assuming you're using a service which uses TLS, right?

Yeah

Have you worked with Google's Python API? I am using trying to connect to Google sheets using that. That's where the error comes.

Ik there is a fix by disabling the verification (I read abt it somewhere) but I also read it is not recommended to do so.

Does using a default context as created by ssl.create_default_context fail? Is that the reason you need to use other certificates?

That's a security setting you do not need to compromise on

You would be exploitable by man in the middle attacks

I never thought of that really, its just that it's always used the other certificate.

I dont think I have control over what certificates I use. I dont have access to things like this. (As I mentioned I am intern)

Does the Python library for Google API not have a parameter to set a TLS/SSL context?

It needs one one way or another

Maybe the library uses its own certificates, but that means you wouldn't get this error unless they messed it up. Maybe the library is outdated or doesn't request new certificates after they expire automatically

Can you view the context's check_hostname value? If it's True, the problem is that Google APIs trusts none of your organization's certificates. If it's False, try enabling it so the verification process happens

By the way, you totally do if you think setting the environment variable named REQUESTS_CA_BUNDLE is a path to a CA chain. You're literally setting it to the value of certifi_win32.wincerts.where(), which I assume contains a path to the self signed CA chain which Google doesn't trust

It seems as though controlling which CA chain to use is possible, so just get one which Google API trusts

You can get default paths from: https://docs.python.org/3/library/ssl.html#ssl.get_default_verify_paths

Try use those

Ah alright, ill try these. Thank you

I am trying to send requests to a (Linux+docker) server that is on my network (different PC).
It works for the first few requests but then it cannot resolve the hostname. I'm not sure why this would be. Full error and additional info can be found in this help post

#1166366591403962450 message

Anyone here familiar with aioxmpp? I'm running into a host-unknown error message when trying to open an XMPP connection.

import asyncio
import aioxmpp

loop_policy = asyncio.WindowsSelectorEventLoopPolicy()
asyncio.set_event_loop_policy(loop_policy)

async def main():
    username = '...'
    password = '...'
    resource = '...'
    domain = '...'

    client = aioxmpp.PresenceManagedClient(
        aioxmpp.JID(username, domain, resource),
        aioxmpp.make_security_layer(password)
    )
    async with client.connected() as stream:
        ...

asyncio.run(main())

I have verified that domain exists with socket.getaddrinfo. Am I doing something wrong when trying to connect?
Traceback here.

I know how to decrypt packets in wireshark with the keys.
I do not know how to get the keys in python code

hi all just got a quick question, I was trying to go a simple get request via python requests but the site kept returning an error while it worked on curl so I tried http.client and voila it worked, so this led me to question why didn't the requests module work? I assume the site's blocked the python requests module fingerprint but am not so sure, would like to hear what do you guys think?

they blocked python requests module fingerprint

If you'd gotten responses for requests you sent with the requests module, it might've been caused by sending too many requests and the server not liking it. http.client might be using a different user agent that might be all the server has to go off for blocking clients

There may be better ways than automating a GUI program to get content which is displayed through it. If it doesn't have a CLI, then better options include using scapy or generally other tools which sniff packets and let you work with them nicely. If you're on Windows, there's pktmon under System32 which is on PATH by default. It produces .etl files which can be turned into .pcap files in case you know either file formats enough to be able to get the decryption keys, the etl2txt produces .txt files which don't include payload as far as I know

Ahh my requests do contain custom headers and the same was used for curl and http.client as well

yep that's what I thought

Im not sure if this is the right channel, but i started trying to code for the fgirst time yesterday and didnt know what to code so i tried to code a "friend" for fun, but it is so confuesing, if any1 wanna help please dm me. And yes i know it sounds like im lonely... im not..

#ot0-psvm’s-eternal-disapproval wrong channel

please read the description of the channel before sending any messages

Olau thanks

is there a way to carry out a “ping” command without using os.system or some other equivalent

because its OS dependent

however i’m pretty sure icmp requires root privileges so i’m not sure how that would go

i figure the only alternative is to carry out a tcp ping using sockets

I googled it for you: https://pypi.org/project/icmplib/

Does anyone know how to make a minecraft bot that joins servers in python?

Lots of people do

How can that be legal

We all know that mobile phones can transmit electromagnetic waves then why can we access the hardware that does it with python or any other language

what

also wrong channel

phones run on operating systems, operating systems determine when to send a wave, operating systems expose apis to interact with them, languages use those apis to do stuff

might look a little into the OSI model to get a feel for how those relate

Hello everyone! I recentlyi installed python 3.11.6 on wsl throught pyenv . I then ran python -m test test_socket to check whether this module is installed properly. But the test stucked and remained stucked for hours. I attemped multiple times but it remained stuck. Here is an output of one of my attempts:

0:00:00 load avg: 0.00 Run tests sequentially
0:00:00 load avg: 0.00 [1/1] test_socket
^C

== Tests result: INTERRUPTED ==
Test suite interrupted by signal SIGINT.

1 test omitted:
    test_socket

Total duration: 5 min 22 sec
Tests result: INTERRUPTED

Should I care about it? How to fix it? Will the socket module work properly?
Thanks..

hmm, for me (Linux) this test takes ~30s and works on 3.10, 3.11, 3.12.
Googling a little, it seems it's a known bug in WSL: https://discuss.python.org/t/unit-test-test-test-socket-threadedvsocksocketstreamtest-teststream-hangs-on-wsl2-ubuntu-22-04-with-python-3-12-0a4/23017/6

Okay, it seems a wsl2 issue. How much does this test for socket module matters? Will I be able to use this module or packages that depend on this module properly?
Thanks for the response.

The thread claims it's an issue with support for VSOCK. I don't know offhand what this even does (it's for communication between a host and virtual machines running on it, apparently), so you'd want to wait for someone else who does to know for sure - but I doubt it's important; people'd know by now if networking in WSL was broken in an important way.

I am a beginner and aspiring to learn python. I was only trying to verify my python install using python -m test. Then I came across this issue. Will this issue affect my learning process? I As far as I know several libraries like requests depend on socket module for their work. Will it work? I know it is a noob question but I was just frustated so I asked it here. 😫
Thanks again.

It's an issue with one particular obscure protocol - I wouldn't expect it to extend to anything people actually use often.

Thanks

I do

can u teach me from dm please I very need it

please please

at the same time I am studying 💀

no

!rule 5

oh ok

isn't illegal??

I am just learning???

also its not for hack or for spam bot

how do I know

just I need mine bot

why I do this?

ill rob a bank to learn

ill keep the money but it is for learning purposes

if you want to do stuff that breaks tos or rules, don't ask people to be part of it

I didn't break rules

because you don't know how to

if u don't believe isn't my problem

I don't believe, that's true

but the problem is yours

ok

please stop asking for stuff that breaks rules or tos

there are 2 thing and one break rule
spam bot its break
mining/place bot don't break

There is not channel called low level hardware interaction with python and networking was the closest channel where I could get my answer

there is a channel called #ot0-psvm’s-eternal-disapproval and #python-discussion

hey guys what is _crsf?

can you give more context please?

do you mean CSRF (Cross-Site Request Forgery)? if so, #web-development or #cybersecurity might be a better channel to answer any questions you might have about it

speaking of questions, I have a question

is it possible for a process to listen as well as connect on the same socket or with the same address?
I was trying to implement a P2P system using TCP hole-punching and I've read through the code of a Python-based BitTorrent client to see how it can be done, but unfortunately it only implemented the leeching (client) part
if anyone has any example code or repos that implement this (if it's even possible), that'd be helpful

You could listen on a socket, say 8080, and still connect to remote sockets on 8080.
Is that what you mean? If not, please provide more context on what you're trying to achieve

They mean listening on port X and connecting to a peer who is listening on port X on their end simultaneously

I have no idea how TCP sockets handle handshaking this way

Even if it worked

Since they send SEQs and all

Huh. I see.

Hello im networking

I imagine VSOCK is part of KVM (the Linux virtualization architecture), while WSL2 is built on top of Microsoft Hyper-V, which is why it doesn’t work.

Tip: if you want to learn proper Linuxy stuff, learn it on a proper Linux installation.

Just found out that the “micro-CA” mode in OpenSSL 3 defaults to creating certs with “CA:true” in basicConstraints. I wrote this example https://gitlab.com/ldo/ssl_try_python/ of how to do two-way TLS authentication+encryption a few months ago, and I have amended the setup instructions to turn the CA option off.

listening on port 8080 and sending to remotes with the local port as 8080 as well

sorry, I went to sleep shortly after posting the question

no, that's actually doable with bind and then connect

it's the bind then listen and connect that's not… happening

I know

I feel like it's because the listener plays an important role in the TCP handshaking

This ability is not standard between NATs anyway as far as I know

even if I remove NAT from the equation, it still doesn't work with, say, the loopback interface

It would be too confusing for the loopback interface as the same address will be attributed to two sockets

This has to be done on different interfaces

right, as in, it can't be done

Have you tried running peers from different interfaces?

hiii

i dont rlly like nix tbh

but anyways wrong channel

Im running a server on my local network. When I run my code on a different machine it is able to send and receive data from the server. After X requests (generally between 10-20) it will no longer "be able to resolve hostname" even with a while loop trying over and over for 3 min. If I restart my code it immediately works for another X requests. I am doing nothing special just using a basic requests call to send and receive, no special arguments or anything.

I've run peers as containers, but with one listening socket and a socket per peer
that's not hole-punching though

maybe having 2 docker networks and a simple forwarding on the docker host is a better test scenario

don't know if docker NAT is suitable for hole punching, though

if docker doesn't simulate the actual behaviour, I might have to find actual machines behind a NAT ¯_(ツ)_/¯

or... virtual machines
as a last resource you could use openwrt as nat router

Hello

Is this the Neral network chat

Is it possible to build ai whitch only python built in modules

this question would be better placed over here: https://discord.com/channels/267624335836053506/366673247892275221

Hmm. Perhaps buffering? you could try start the server or client with python3 -u or set the env variable export PYTHONUNBUFFERED=1

sounds odd though like the host name is reassigned by dhcp to another device and they both want to own that ip.

@gloomy geyser send your question here, i dont take dms

Network A advertises its routes via provider B. The link between network A and provider B was changing status (flapping) at the following times:

13:30, 13:40, 13:50, 14:00, 14:10, 14:20, 14:30, 14:40
The problem was resolved at 14:45 and after that, there were no more status changes of the link. Initially, the Penalty for network A was 0. With each flap, the routes receive a Penalty of 200. When there is no flapping, the Penalty decreases at a constant rate of 100 every 10 minutes (regardless of the current value of the Penalty).

If the Suppress limit is 650, and the reuse limit is 300, from when to when was route A not advertised over the Internet?

Note: Show the complete solution on paper, and in the text box, enter the time of the cessation of advertising and the time of recommencement of advertising, separated by a comma (without spaces), in the following format:

HH:MM,HH:MM

This was my attempt to solve this, however the correct solution is :

14:20,15:40

What concept am I missing? Thanks

client already had this. Added to the server with no effect.
I noticed that now the ping request will sometimes fail as it could not find the hostname. However this is much less frequent than the program failing.

And then immediately works on the following try

Are both machines using dhcp or Is one static ip?

I think both use dhcp

Unfortunately I have to go for a bit, thank you for your help so far (I did not excpect such a quick response)

Is it allowed to ask a question here about an internet issue that's not related to python at all? I'm at a loss for what to try to figure this out and I know there are some smart people here.

I might've been able to answer it if you had asked it

If you don't want to ask here, ask in an off-topic channel

just ask

@trail bridge 2 in a row

!pban 1168338667169923083

:incoming_envelope: :ok_hand: applied ban to @marble pivot permanently.

you're on fire

ty

I'm getting no help in the official Wyze discord, and I've hit a dead end with my efforts. Anyone have any tips on how to troubleshoot this? Here's what I said on their discord:

I'm having a really weird issue. A bit over a week ago I bought and installed two Wyze Wireless Video Doorbell Pro cameras and subscribed to cam plus. Immediately after I started running into issues with my internet dropping out. My internet has basically never gone out in the 2ish years I've lived here, rock solid, run a dozen game servers 24/7. I didn't really make the connection at first, my gf started blaming the cameras, but it just seemed like a reach to me... but to appease her and just to see I unplugged both chimes and powered down both cameras for a couple of days and started running network monitoring software. Well, no internet drops at all during that time! So I put them back into service and started testing. So it seems like she can open the app on her iPhone and view the cameras without causing any issues but as soon as I even open the app to the screen where it lists my devices (on my Android) the internet goes out. It's not my wifi, it's not my pfsense box, it's actually the DSL modem completely crapping out. When the issue happens I can't even access the modem's IP address, it's like it reboots or something! Anyone else experience anything like this?

Hi Guys!
I hope i'm in the right text channel. I have not so much experience at ble programming with python and i have a problem with my project:
https://stackoverflow.com/questions/77415750/problem-at-connecting-of-two-devices-using-python-and-ble

Do can someone help me?
thx very much!

hey, you're in the right place.
did you think about what is your server supposed to do?

I suggest a simple plain flask app

flask can return json pretty easily and is one of the simplest http frameworks out there, very well documented also

for the client you can use just python requests also widely used

flask does support asyncio: https://flask.palletsprojects.com/en/2.3.x/async-await/

it's not obligatory though. and it's far from one of the fastest web frameworks in python.
you could also look up fastAPI, it's pretty popular too.

and deals with json marvelously.

Here or i create a thread ? With my secured chat project i have errors and my errors are The JSONDecodeError on client side and OperationalError on server side, i have a error with database but i don't know how to fix it, i'm not sure if i can send my codes here because it's like 250 ligns and there's no blatant errors but just i dont really know how to fix it

This is for everyone, not only for one person

!paste