One of the great strengths of VNS3 has always been the ease with which you can look at your network traffic, a necessity for troubleshooting connectivity issues or attesting to correct packet flow. With our release of VNS3 5.0 we have added some big functional improvements that make our network sniffer even better.
An intro to Internet Protocol Security
IPsec: Internet Protocol Security
Internet Protocol Security ( IPsec ) is a set of protocols defined by the IETF, to provide IP security at the network layer. IPsec uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data-origin authentication, data integrity, data confidentiality (encryption), and replay protection.
You can use IPsec to protect data between:
- a pair of hosts (host-to-host),
- a pair of security gateways (network-to-network),
- a security gateway and a host (network-to-host).
IPsec is end-to-end, operating at Layer 3 (Network). Only IPsec protects all application traffic over an IP network. Using IPsec networks can ultimately secure applications from the IP layer. For comparison, other Internet security systems operate in the upper layers: Transport Layer Security (TLS) operates at Layer 4 (Transport Layer) and Secure Shell (SSH) at Layer 7 (Application layer).
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It’s the network protocol used to deliver virtually all files and other data ( called resources) on the Web. HTTP takes place through TCP/IP sockets.
A browser is an HTTP client because it sends requests to an HTTP server (Web server), which then sends responses back to the client. The standard (and default) port for HTTP servers to listen on is 80, though they can use any port.
What are “Resources”?
HTTP is used to transmit resources, not just files. A resource is some chunk of information that can be identified by a URL (it’s the R in URL). The most common kind of resource is a file, but a resource may also be a dynamically-generated query result, the output of a CGI script, a document that is available in several languages, or something else.
Structure of HTTP Transactions
Like most network protocols, HTTP uses the client-server model: An HTTP client opens a connection and sends a request message to an HTTP server; the server then returns a response message, usually containing the resource that was requested. After delivering the response, the server closes the connection (making HTTP a stateless protocol, i.e. not maintaining any connection information between transactions).
The format of the request and response messages are similar, and English-oriented. Both kinds of messages consist of:
- an initial line
- zero or more header lines
- a blank line (i.e. a CRLF by itself)
- and an optional message body (e.g. a file, or query data, or query output).
Put another way, the format of an HTTP message is:
<initial line, different for request vs. response>
<optional message body goes here, like file contents or query data;
it can be many lines long, or even binary data $&*%@!^$@>