address. When the connection gets granted I am getting a response from the socks server: (hex data of the tcp payload)
0x05 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00
Regarding to the SOCKS specification this means that the request is granted. But I don't understand the 0x01 in byte no 4. It means IPv4 address in the SOCKS specification, but the following part of the destination address and port (the following 0x00's) are empty. So what does that 0x01 mean?
Can someone explain me that?
Hi,
What you see is the reply to a CONNECT command.
From: https://www.ietf.org/rfc/rfc1928.txt
<snip>
CONNECT
In the reply to a CONNECT, BND.PORT contains the port number that the server assigned to connect to the target host, while BND.ADDR contains the associated IP address. The supplied BND.ADDR is often different from the IP address that the client uses to reach the SOCKS server, since such servers are often multi-homed. It is expected that the SOCKS server will use DST.ADDR and DST.PORT, and the client-side source address and port in evaluating the CONNECT request.
</snip>
So, the SOCKS protocol supports redirection to another SOCKS server. An all-zero address/port simply means: use the server/port that you are currently connected to.