1.3.3 SOCKS Connections

The SOCKS proxy is an internet standard as described in SOCKS Protocol Version 5 [RFC1928]. SOCKS is designed to be a general purpose application proxy which is also known as a circuit level proxy. SOCKS uses its own binary protocol, which is not based on HTTP. The SOCKS protocol allows any application that supports the SOCKS protocol to negotiate proxy connections. A SOCKS connection works similar to a Secure Tunnel Connection, where there is a proxy negotiation handshake followed by the application data stream. From this point forward the SOCKS proxy transfers the application data stream between the client and server. The following figure shows this connection.

The SOCKS Protocol is designed to provide an application neutral proxy protocol for firewall and proxy traversal. SOCKS provides a proxy traversal handshake so tunneled application protocols can negotiate and authenticate with SOCKS proxies. SOCKS connections are NOT used for direct end-to-end communications. Rather, they are used for proxy traversal only. The application data stream following the SOCKS handshake is application defined; in this specification the application data is the SSTP data stream. During the SOCKS handshake, the client specifies the server’s FQDN and the SSTP well known port 2492/TCP on the SOCKS Connect request [RFC1928], section 4. Using the connection information that is provided, the SOCKS proxy establishes an SSTP connection with the target server on the well-known port 2492/TCP. This is shown in the following figure.

Figure 11: Relationship of SSTP connections/sessions and SOCKS handshake

The target server does not take part in the SOCKS handshake as the handshake is carried out only between the client and SOCK proxy. SOCKS connections persist for the life of the encapsulated protocol connection.