I found an article on getting active tcp/udp connections on a machine.
http://www.codeproject.com/KB/IP/iphlpapi.aspx
My issue however is I need to be able to determine active connections remotely - to see if a particular port is running or listening without tampering with the machine.
Is this possible?
Doesn't seem like it natively, otherwise it could pose a security issue. The alternative would be to query a remoting service which could then make the necessary calls on the local machine.
Any thoughts?
Nmap is what you are looking for.
There is no way to know which ports are open without the remote computer knowing it. But you can determine the information without the program running on the port knowing it (i.e. without interfering with the program).
Use SYN scanning:
To establish a connection, TCP uses a three-way handshake. This can be exploited to find out if a port is open or not without the program knowing.
The handshake works as follows:
The client performs an active open by sending a SYN to the server.
The server replies with a SYN-ACK.
Normally, the client sends an ACK back to the server. But this step is skipped.
SYN scan is the most popular form of
TCP scanning. Rather than use the
operating system's network functions,
the port scanner generates raw IP
packets itself, and monitors for
responses. This scan type is also
known as "half-open scanning", because
it never actually opens a full TCP
connection. The port scanner generates
a SYN packet. If the target port is
open, it will respond with a SYN-ACK
packet. The scanner host responds with
a RST packet, closing the connection
before the handshake is completed.
The use of raw networking has several
advantages, giving the scanner full
control of the packets sent and the
timeout for responses, and allowing
detailed reporting of the responses.
There is debate over which scan is
less intrusive on the target host. SYN
scan has the advantage that the
individual services never actually
receive a connection while some
services can be crashed with a connect
scan. However, the RST during the
handshake can cause problems for some
network stacks, particularly simple
devices like printers. There are no
conclusive arguments either way.
Source Wikipedia
As is mentioned below, I think nmap can do SYN scanning.
Using sockets for TCP port scanning:
One way to determine which ports are open is to open a socket to that port. Or to a different port which finds out the information for you like you mentioned.
For example from command prompt or a terminal:
telnet google.com 80
UDP Port scanning:
if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. You can use this method to determine if a port is open or close. But the receiving program will know.
neouser99 (et al) has suggested NMAP. NMAP is very good if all you're trying to do is to detect ports that are open on the remote machine.
But from the sounds of your question you're actually trying to determine what ports are both open and connected on your remote machine. If you're after a general monitoring solution, including the connected ports, then you could install an snmp server on your remote machine. There are two MIBs that let you check for port status which are TCP-MIB::tcpConnectionTable and UDP-MIB::udpEndpointTable.
The daemon (server) supplied in net-snmp has most likely got support for these mibs.
Related
I'm working on a graphical windows application. So solutions on c++ and c# are prefered.
For my application, I need to get the remote address and port from active udp connection from a specific process.
I tried IP Helper API but the methods for UDP don't give remote address and port.
I've already see these posts Get Destination Ip/Port of active udp Connection? and Remote address of active UDP connections in Windows using IP Helper.
I understand why IP Helper can't do the job (udp is connectionless and need to capture packet) but I found nothing concrete how to accomplish that.
Have you a solution ready to use or something close to it?
As you have already discovered, UDP is connectionless, so the OS doesn't track remote party info, like it does for TCP. Unlike a TCP socket, a UDP socket can communicate with multiple remote parties at a time, where sendto() specifies a destination ip/port, and recvfrom() reports a sender's ip/port.
I understand why IP Helper can't do the job (udp is connectionless and need to capture packet) but I found nothing concrete how to accomplish that.
You need to use a packet capture library, such as libpcap, and manually keep track of the ips/ports of outgoing packets you see.
I've developed a basic console application that will work as server-client. My general workflow will be like, Server starts clients connect to server and once a client send something the server will receive it and send it to ALL clients. Currently I can do this with my codes but my question is when I send back I've tested Socket.RemoteEndPoint and I saw ports like 65xxx. Like my first client had 65020, second 65021 and so go on. I wonder why this happen since I connect with using 9001 port and listen to 9001 port on my computer. I've done a little bit research but couldn't find a solution to my question. Why do I get these port numbers when I use Socket.RemoteEndPoint? It's okay for me since I don't use firewall or anything while I'm testing to even if the clients connects from another ports it's fine by me as long as its works but what if I have a firewall and I open ONLY 9001 port? Will my client-server based programs work then?
So far as the server/firewall on that machine is concerned, what normally matters is the server port. You wouldn't normally apply any filtering based on the client's port, which as I said in a comment, will normally be an ephemeral port. Under most circumstances, client code will make no effort to specify the local port or IP address and will let the OS pick appropriate values.
The Socket class's LocalEndPoint and RemoteEndPoint use "local" and "remote" to mean "from the perspective of the machine on which this code is running", not "who initiated the connection vs who was connected to".
So on the server, LocalEndPoint will give you information about the server end of the connection and RemoteEndPoint will give you information about the client end of the connection. Irrespective of who initiated the connection.
I have a server that i use to run game servers on for my friends and me, and some of the servers are "attack-able" (monsters can destroy our base) so i want the server to be shut down when not in use. Then i was wondering if there was a way to detect if there was an incoming signal (trying to connect to the server) on the given port, so the server can be turned on?
Raw question:
Is there a way to detect, if someone is trying to send a message (or connect) through a specific port in c# (or another language better suited for this action)?
Yes, you have to create a server to listen on that port. The problem you will face is that the server you create to detect incoming connections will need to be shut down so the game server can be turned on. They can't listen on the same port unless they're coded to work together and that likely isn't going to be the case with your game server.
If you want to see if there is any connections in use you can try to list all current TCP connections (assuming server using TCP) and find if there is any alive connection to specific port.
Resmon does this in his "Network" tab, so there must be a way to access it programmatically.
Here is answer describing how to get active TCP connections.
How can I get all the the active TCP connections using .NET Framework (no unmanaged PE import!)?
You probably should monitor server with some intervals because player might lose and reestablish connection, so sample it every 10 seconds or so and if there is no connection for more than few samples - shut down the server.
I have a device connected to a host computer through cradle usb. Now, I'm just wondering if I could use C# sockets to communicate with the device (ie device sending data, host computer processing it then replying back to the device). How can I accomplish this? by that, what ip address etc etc.. do I have to change so that it would connect cause I have the sockets working on wireless. If not, then is there a way to connect to the device, open and read a file (a text document to be more specific) from the device to my host application.. any ideas?
Thanks! :)
Depending on your target device, when you connect via ActiveSync it likely makes a local RNDIS network connection between teh two devices. You can resolve "ppp_peer" as the partner's network name instead of trying to use a hard-coded IP address (IIRC the IP is different on XP than on Vista).
Be aware that it's not a full connection. TCP packets gets passed through, but things like ICMP do not.
Of course, this just gives you a socket connection, just like if you were to connect between two PCs. It's not going to allow you to do file system operations unless you have an app on the other side listening for commands. If you want that type of thing, Microsoft provides the Remote API (RAPI) interface (wrapped in managed code here)for a lot of basic commands, and it can be extended (with C) to do anything you'd like.
In my company we use small application called IPMsg, a messenger kind of tool to pass messages and file to other fellows in company, even it allows to multicast the message.
And also it lists the user name, host name and IP addresses of users.
How can it do that? There is no server present for message routing and when checked through netstat command in CMD it does not show any details like what protocol and port it is using to communicate.
There is source code also available on the same site which is in VC++. I didn't understand a line of code... (I'm a C# guy)
Can anyone explain me how it can do that?
One simple way would be to let the application listen on a certain network port, and when you start your instance of it, it tries to connect to that port on each computer on the same network. If that other computer has that port open, and answers correctly, then you have found another instance of the application.
IPMsg probably multicasts a request for all clients to report their user and host details.
A similar mechanism is used when Windows Explorer attempts to find other machines on a network. A good description of this type of multicasting discovery is described here.
IPMsg is a daemon which listens to incoming connections on a specific port which is the connection port. You can find out which port it used by using Wireshark.
Start wireshark, start listening on the interface where you have connected to LAN and then start sending any message, wireshark will show you the message on the screen with the port number also.
The application is a peer-to-peer software and doesn't require a central server software to route messages. it only has a small daemon which accepts incoming connections. This is the way Jabber Instant messaging protocol also works.
As you said it lists username, hostname and ip address of users, do you mean it pings the network and finds it? If yes, then it is actually possible to find the IP addresses of computers on the Local Network which requires you to know the subnet on which you are connected.
You can use ARP/ICMP Ping to know the hosts present on your network provided you enter the correct subnet information
Multicasting a message is also nothing special. It is a feature provided with all Networking Stacks.
If you want mutlicasting in .NET, it is allowed. Check this page on Code Project which gives a nice example