Im trying to catch all open UDP connections. Unfortunately Netstat seems it only works with TCP. Can anyone help me find some source or give me some API's that I might be able to work with? Thanks :wave:
Printable View
Im trying to catch all open UDP connections. Unfortunately Netstat seems it only works with TCP. Can anyone help me find some source or give me some API's that I might be able to work with? Thanks :wave:
netstat -p udp should show UDP connections.
http://microsoft.com/resources/docum...s/netstat.mspx
Thanks but it isnt working for me :ehh:
Im trying to see if a packet is being sent from a program, and once its sent I want to send the game a packet. I can see the packets with a program called ethereal, but not with netstat. Any clues or what I might be doing wrong?
netstat -p UDP
-p udpv6
?
edit: doesn't seem to be working for me either :confused:
Yeah :confused:
Very weird. Not sure how to do this then. Thanks for all your help penagate, I bet we are just missing something.
I just use netstat -ano
Edit: If you dont have any udp connections then it will only print out the header for the table.
Now thats more like it! Let me see if that catches it!
Edit*
Dang. That doesnt work either. The thing thats sending the packets sends to 255.255.255.255 which I guess is your broadcast IP? I dont know, but the port is always different and thats what I am trying to find out. Do you have any other ideas for me :eek2: ?
Sounds more like a Subnet vs an IP.
Well I dont know what that means so :lol:
The free program ethereal can catch those packets, so I guess it is possible someway or another.
Is it a constant transmission? Maybe its sending it and closing the port before you run netstat?
No it isnt constant, its 2 packets in a row. But I have a loop running every like half second to catch any packets, and I dont see any from 255.255.255.255.
How about catching the PID of the program sending the packets? -ano gives you the PID so maybe you can see what port its connected to?
Dang rob, I thought you hit the nail on the head 2 times now. And you would have if it wasnt for 255.255.255.255 :lol:
Anywho, I got the PID - 3896, and I printed out the return of that -ano thing repeatedly. I didnt find a single instance of 3896 anywhere :mad:
Thanks so much for the help, its appreciated :wave:
How could it be that the PID of the program doesnt show in the netstat listing. Thats weird. What program is this that your trying to catch the connections for?
Try using either of these free tools...
FPort:
http://www.foundstone.com/index.htm?...desc/fport.htm
Scanline:
http://www.foundstone.com/index.htm?...desc/fport.htm
See if they bring up more info or can find the used UDP.
Unfortunately, those dont work either :S
how can a sender have that ip address?Quote:
Originally Posted by |2eM!x
Its sending packets to LAN
ethereal is open source... check its code to see how it's done.
you need a solution thats memory resident, or similar to that of a software firewall... shelling netstat (or another non tsr solution) and looping shell call won't work.
I just downloaded the source..Geez I wish I could understand what I was doing. :mad:
Anybody else got any ideas? Ive been lost and trying for like a whole week now with no movement at all...If anyones got any clues to seeing which ports are being used now by UDP, then I would be very happy to hear them :lol:
There's a few posts in this forum asking this question, has anyone ever figured out a way to find the UDP destination IP's for a running program, without resorting to packet sniffer techniques (low level drivers?)?
I'm doing it for an xfire type program (www.xfire.com ) written for a small gaming community (TRON 2.0) that xfire doesn't support, plus gives gamers a bit more fun in-game stuff by knowing which gaming server they are on (which unfortunately doesn't get stored anywhere I can find in the game files/registry).
Thanks!!!