Clever Geek Handbook

Network subsystem in the OS

A useful article was prepared for future students of the "Network Engineer" course and everyone interested.



We also invite you to an open webinar on the topic "NAT is not a Firewall" . Participants of the webinar, together with an expert, will discuss NAT and its use, why NAT! = Firewall, as well as different types of configurations for different situations.





Windows Linux, . - , ; ; .





Disclamer: , , TCP/IP, .





:





  • Linux:





    • git;





    • Visual Stuio Code;





  • Windows:





    • strings.exe;





    • radare2;





    • hxD Editor;





    • Python;





    • Process Explorer.





, , . - , .





:





  1. ;





  2. . :





    • Windows dll, sys ;





    • Linux ;





, .





Linux

. , . . :





  1. :





    • , ;





    • .





  2. :





    • ;





    • ;





    • .





, ? . , " ". , . , . .





Linux

:





Linux. , . , . embeded



, Linux .





, , "net". , .





. core:





, . , bfp



. .





"net" . , - :





, netfilter



. , . , , - bridge. , bridge Linux .





? 4 , Linux, , . Windows.





Windows:

, Linux, . - . , . , Linux:





  • ;





  • ;





  • .





    , OSI. , .





OSI . "" "". :





  • - MAC LLC, :





    • MAC - miniportdriver , ;





    • LLC - protocol driver - , ;





  • - protocol driver - , ;





  • - protocol (transport) driver;





Windows Linux - . , , - , . ? , , Linux.





? Windows - ReactOS. . Windows.





:





. "%Windows%". Windows 7.





, .





- . strings.exe tcpip.sys



:





, . , . ?





Windows 2 : TDI WinSock. - NDIS. :





  • netio.sys





  • tcpip.sys





  • tdi.sys





  • ndis.sys





, . ? , Windows 7 , Windows. Windows 7 Windows Filtering Platform, , .





:





 Get-ChildItem "C:\WINDOWS\System32" FWPKCLNT.SYS -Recurse | Select-Object FullName
 Get-ChildItem "C:\WINDOWS\System32" wfplwf.sys -Recurse | Select-Object FullName

strings.exe FWPKCLNT.SYS



wfplwf.sys



:









, FWPKCLNT.sys



, wfplwf.sys



. ? , wfplwf.sys



, FWPKCLNT.sy



s:





:





  1. - %Windows%\System32\Drivers



    . - netio.sys, ndis.sys, tdi.sys.





  2. WFP: FWPKCLNT.sys



    , wfplwf.sys



    .





  3. , : tcpip.sys







Linux . - , Windows Callback`. . .





, -, . , , . :





import socket

HOST = '127.0.0.1'  
PORT = 10000        

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.bind((HOST, PORT))
    s.listen()
    conn, addr = s.accept()
    with conn:
        print('Connected by', addr)
        while True:
            data = conn.recv(1024)
            if not data:
                break
            conn.sendall(data)

, , Process Explorer. , , . :









, bind. - mswinsock.dll



(Win Sock 2 Service) WS2_32.dll



(Windows Socket 2). , Windows.





, , , Process Explorer`. , .





, — , , .





« ».



«NAT — Firewall».











More articles:


All Articles