Tunneling

In Network security, we often come across a term known as ‘Tunneling’, which is explained below.

Tunneling (also known as ‘Port Forwarding’) is a process in which data is sent using unsupported protocol over the network through encapsulation. For instance, let us say we want send data using protocol X, whereas the network supports protocol Y. To accommodate protocol X, we can encapsulate the protocol X data packets and send them over the network using Protocol Y. At the receiving end, the server would retrieve the data packets and decode the data to retrieve the protocol X data packets.

The tunneling protocol works by using the data portion of a packet (the payload) to carry the packets that actually provide the service. Tunneling uses a layered protocol model such as those of the OSI or TCP/IP protocol suite, but usually violates the layering when using the payload. The payload is made to carry a service not normally provided by the network. Typically, the delivery protocol operates at an equal or higher level in the layered model than the payload protocol.

As a practical illustration, the most common form of tunneling is Virtual Private Networks (VPN). Let us say, we want to connect to a corporate network through VPN and try to get access to a server through SSH protocol in the corporate network. The SSH protocol data packets get encapsulated in the network layer protocol and are sent to the VPN server. The VPN server would decode the data packets, decrypt the message, retrieve the actual data packets and route it to the actual server through SSH protocol. The above diagram illustrates this process.

Using Tunneling to get across firewalls:

We can use tunneling to pass requests through firewalls and snoop into the servers. This could be done by using protocols which are generally blocked by the firewalls, by wrapping the requests into say Http protocol which are not blocked by the firewalls.