SOCKS stands for Socket Secure. It exchanges data packets between client and server via proxy. It operates on the Session Layer of the OSI model. It allows users to surf on the Internet anonymously. More than that It gives you accessibility of applications only one secure port connection. In this post, I will implement fundamental usage of SOCKS. On the client side we just need open-ssh client and tsocks. open-ssh client exists all Linux distributions. So We only need tsocks. tsocks is a library to implement SOCKS.

Install tsocks(client)

gns3@gns3:~/Programs$ sudo apt-get install tsocks

Configure tsocks(client) Open /etc/tsocks.conf and add lines below at the end of the line.

server =
server_port = 1080

Initiate Connection(client) Initiate connection between client and SOCKS proxy. -D option is the most important argument for this purpose. It tells that whenever connection is made port 1080, connection is forwarded to the host istanbul over ssh. For more information. $ man ssh

gns3@gns3:~$ ssh -ND 1080 username@istanbul
-N Do not execute a remote command. This is useful for just forwarding ports.

-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the
local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is
forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the
remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root
can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.

SOCKS server side Only thing we need is on SOCKS server side is permission for the ssh connection and ssh server up and running. Diagram: It is depicted below diagram to leverage to SOCKS service. /natro/SOCKS_diagram.png            


Most excited part of this post. First scenario I will request connection to the via firefox without leveraging tsocks. And Second Scenario I will request the same url with tsocks. Scenario 1: Without tsocks.

gns3@gns3:~$ firefox


Scenario 2: With tsocks

gns3@gns3:~$ tsocks firefox

/natro/tsocks2.png             Happy anonymity. :)