- Python Forensics Tutorial
- Home
- Introduction
- Installation of Python
- Overview of Python
- Basic Forensic Application
- Hash Function
- Cracking an Encryption
- Virtualization
- Network Forensics
- Python Modules
- Dshell and Scapy
- Searching
- Indexing
- Python Imaging Library
- Mobile Forensics
- Network Time Protocol
- Multiprocessing Support
- Memory & Forensics
- Forensics in Linux
- Indicators of Compromise
- Implementation of Cloud
- Python Forensics Useful Resources
- Python Forensics - Quick Guide
- Python Forensics - Useful Resources
- Python Forensics - Discussion
Python Forensics - Network Forensics
The scenario of modern network environments is such that investigating can be fraught due to a number of difficulties. This can happen whether you are responding to a breach support, investigating insider activities, performing assessments related to vulnerability, or validating a regulatory compliance.
Concept of Network Programming
The following definitions are used in network programming.
Client − Client is a part of client-server architecture of network programming which runs on a personal computer and workstation.
Server − The server is a part of client-server architecture that provides services to other computer programs in the same or other computers.
WebSockets − WebSockets provide a protocol between the client and the server, which runs over a persistent TCP connection. Through this, bi-directional messages can be sent between the TCP socket connection (simultaneously).
WebSockets come after many other technologies that allow the servers to send information to the client. Other than handshaking the Upgrade Header, WebSockets is independent from HTTP.
These protocols are used to validate the information which is sent or received by the third party users. As encryption is one of the methods used for securing messages, it is also important to secure the channel through which the messages have been transferred.
Consider the following Python program, which the client uses for handshaking.
Example
# client.py
import socket
# create a socket object
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# get local machine name
host = socket.gethostname()
port = 8080
# connection to hostname on the port.
s.connect((host, port))
# Receive no more than 1024 bytes
tm = s.recv(1024)
print("The client is waiting for connection")
s.close()
Output
It will produce the following output −
The server accepting the request for communication channel will include the following script.
# server.py
import socket
import time
# create a socket object
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# get local machine name
host = socket.gethostname()
port = 8080
# bind to the port
serversocket.bind((host, port))
# queue up to 5 requests
serversocket.listen(5)
while True:
# establish a connection
clientsocket,addr = serversocket.accept()
print("Got a connection from %s" % str(addr))
currentTime = time.ctime(time.time()) + "\r\n"
clientsocket.send(currentTime.encode('ascii'))
clientsocket.close()
The client and server created with the help of Python programming listen to the host number. Initially, the client sends a request to the server with respect to data sent in the host number and the server accepts the request and sends a response immediately. This way, we can have a secure channel of communication.