Listening to and identifying tcp port

**rekcus** · Dec 20th, 2000, 04:38 AM

Let's say we have a foreign EXE running on TCP/IP.

Anybody know of a way to find the port it's running on?
And how can we capture the messages being sent by this EXE?

Thanks,

Dec 20th, 2000, 06:48 AM

I guess you'd be trying to write a firewall. There was a discussion here sometime ago, we had concluded that VB by itself isn't capable of such low level code...though we could have been wrong.

Sunny

**ccoder** · Dec 20th, 2000, 09:44 AM

If all you need to do is see what connections exist, run NETSTAT from a DOS prompt. NETSTAT will list every connection, showing the local port, foreign address

ort and connection state.

As for viewing the messages, you will need a sniffer.

**Chris** · Dec 20th, 2000, 11:02 AM

ccoder, but the NETSTAT did not specified the port is open by with application rite.

**ccoder** · Dec 20th, 2000, 06:50 PM

Chris,

I'm sorry, but I have no idea what you are trying to say.

IF you are trying to say that NETSTAT does not tell you which app has which port open, that is true, but you can still identify some of the apps by the port in use.

I was merely trying to tell rekcus of a way to see what is going on connection wise. Once you have ruled out the well known ports (http on 80, etc.) and ports connected to other nodes on your network, then you only have to worry about those that are connected to truely foreign ports.

If you want to stop unauthorized outgoing messages, then you might want to look into a software firewall like ZoneAlarm. It will ask you if such&such app can access the internet. You have the option to answer everytime, or tell ZoneAlarm to remember your answer.

**rekcus** · Dec 20th, 2000, 08:36 PM

Thanks for all the info, guys. I had initially wanted to
write something that can help look after the security of
my own PC when connected to the Internet.

Tried out Netstat. It tells us what tcp ports are in use
and also the apps running the ports. Could be useful, but..
Any clues on APIs that can grab all this info, guys?

ccoder,
Thanks for your comments, I have been using ZoneAlarm for
sometime now, but I sometimes do think about protecting
myself against ZoneAlarm.

Can we write a sniffer with VB?

**ccoder** · Dec 20th, 2000, 10:15 PM

reckus,

The sniffers that I am familiar with are hardware. I have never used one myself, but when I worked for one of the RBOCs, they were commonly used to check out comm problems.

I just called a friend/former co-worker who has used sniffers and he mentioned that they now have software versions for the PC. He thinks they require a card. He will send me some info tomorrow when he gets into the office and I will post it if you are interested.

As for personal PC security, I would recommend getting a hardware router. I have cable access to the internet and I have a UMAX router between the cable modem and the switch on my lan. There are ISDN and V.90 modem/routers for those who don't have cable or DSL.

The routers will vary in the protection that they provide. The only UMAX port visible to Gibson Research's ShieldsUp! probe is port 113 and that is closed. I have a backup router/5 port hub (from Compex) and ShieldsUp! found a number of open ports. And the docs don't show any way of closing them.

**rekcus** · Dec 21st, 2000, 11:09 PM

Thanks for the tips, ccoder.
I am more geared towards the software version of the
firewall, but do post the information here for the
benefit of all.

Thread: Listening to and identifying tcp port

Thread Tools

Display

firewall?

Yes, a firewall now that you mentioned it...

Posting Permissions