Python Forensics - Network Forensics

Neha Kumawat

9 months ago

The scenario of modern network environments is such that investigating can be fraught due to a number of difficulties. This can happen whether you are responding to breach support, investigating insider activities, performing assessments related to vulnerability, or validating regulatory compliance.

Concept of Network Programming

The following definitions are used in network programming.
  • Client − Client is a part of the client-server architecture of network programming which runs on a personal computer and workstation.
  • Server − The server is a part of the client-server architecture that provides services to other computer programs in the same or other computers.
  • WebSockets − WebSockets provide a protocol between the client and the server, which runs over a persistent TCP connection. Through this, bi-directional messages can be sent between the TCP socket connection (simultaneously).
WebSockets comes after many other technologies that allow the servers to send information to the client. Other than handshaking the Upgrade Header, WebSockets is independent of HTTP.
These protocols are used to validate the information which is sent or received by the third party users. As encryption is one of the methods used for securing messages, it is also important to secure the channel through which the messages have been transferred.
Consider the following Python program, which the client uses for handshaking.


import socket

# create a socket object
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# get local machine name
host = socket.gethostname()
port = 8080

# connection to hostname on the port.
s.connect((host, port))

# Receive no more than 1024 bytes
tm = s.recv(1024)
print("The client is waiting for connection")


It will produce the following output −
output | Insideaiml
output | Insideaiml
The server accepting the request for communication channel will include the following script.
import socket
import time

# create a socket object
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# get local machine name 
host = socket.gethostname()
port = 8080

# bind to the port
serversocket.bind((host, port))

# queue up to 5 requests 

while true:
   # establish a connection 
   clientsocket,addr = serversocket.accept()
   print("Got a connection from %s" % str(addr))
   currentTime = time.ctime(time.time()) + "\r\n"
The client and server created with the help of Python programming listen to the host number. Initially, the client sends a request to the server with respect to data sent in the host number and the server accepts the request and sends a response immediately. This way, we can have a secure channel of communication. To learn more about python, visit the InsideAIML page.
I hope you enjoyed reading this article and finally, you came to know about Python Forensics - Network Forensics
For more such blogs/courses on data science, machine learning, artificial intelligence and emerging new technologies do visit us at InsideAIML.
Thanks for reading…
Happy Learning…

Submit Review