TCP Proxy

The TCP Proxy plugin serves as an essential tool for inspecting data exchanged between two TCP nodes. Functioning as a man-in-the-middle, it offers a seamless way to monitor and log TCP communication, addressing common limitations encountered with traditional sniffing tools like the Pcap Sniffer plugin.

Capabilities

Required

org.jancy.io.server
 Required for accepting network connections.

Optional

org.jancy.io.ip6
 Required for establishing IPv6 connections.

Basic Setup

  1. In IO Ninja, click the “New Session” dropdown and select “TCP Proxy”.
_images/tcp-proxy-new-session.png
  1. Set the target address, adapter and port.
_images/tcp-proxy-getting-started-2.png

For example, if you wanted to route IPv4 traffic on port 2000 to example.com, then you would set the target address to “example.com”, the adapter to “All IPv4 adapters” and the port to “2000”.

  1. Click the “Listen” button to start intercepting traffic.
_images/tcp-proxy-getting-started-3.png
  1. After initating connections to the proxy, intercepted traffic will show in the TCP Proxy window.
_images/tcp-proxy-getting-started-4.png
  1. Adjust settings as needed via the “Settings” button (see “Settings” section below for details).

Settings

_images/tcp-proxy-settings.png
Setting Description Default
Adapter Local network adapter to bind to. Pick one from the list of installed network adapters (or bind to all installed IP4 or all IP6 adapters at once). All IPv4 adapters
Local port Local port to bind to. Setting this to 0 auto-selects an available port. 8080
Reuse address Allow multiple sockets to share the same local address. Maps to the SO_REUSEADDR socket option. Please note, the support and details of implementation for this option are highly platform-specific. False
Remote address Remote address to connect to. Can be specified via IPv4 (127.0.0.1), IPv6 (::1), or a domain name (localhost). Remote address can be suffixed with the remote port after a colon, e.g. ioninja.com:443.  
Remote port (default) Remote port to connect to in cases when a port is not explicitly specified in Remote address. 80
TCP Nagle algorithm Delay transmission to reduce the number of small TCP packets. Maps to the TCP_NODELAY socket option. False
TCP reset Drop TCP connections abruptly with a TCP RST packet. Maps to the SO_LINGER socket option. False
TCP keep-alives Detect connection loss with TCP keep-alive probes. Maps to the TCP_KEEPALIVE socket option. False
Read parallelism
(Windows-only)
 Maximum number of read requests to issue in parallel. Having more than one pending read at a time helps with increasing read throughput when incoming data arrives in rapid streams (after filling one user buffer, the kernel can immediately switch to the next one without any waiting). Increasing this number beyond 4 usually won’t yield any extra performance gains. 4
Read block size (B) The size of each individual read block submitted to the underlying transport. 4KB
RX buffer size (B) The full size of the incoming data (RX) buffer. Affects read throughput. 16KB
TX buffer size (B) The full size of the outbound data (TX) buffer. Affects write throughput. 16KB
Keep read block size Don’t merge read blocks in RX buffer. Incoming data blocks coming in quick succession can be merged together so that IO Ninja writes them to log as a whole. When this option is set to True, blocks are written to the log without merging, i.e., exactly as they are received from the underlying transport. False
Keep write block size Don’t merge write blocks in TX buffer. Outbound data blocks sent in quick succession can be merged together before submission to the underlying transport. When this option is set to True, blocks are submitted to the transport without merging, i.e., exactly as they are sent by the Transmit or Script panes. False
RX buffer full notifications Toggle warnings in log about the incoming data (RX) buffer getting full. False

Note

An example of an adapter dropdown on a typical Windows laptop is shown below:

_images/tcp-proxy-adapters.png