Announcement

Collapse
No announcement yet.

What ports am i listening on?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • What ports am i listening on?

    I am hoping somebody can point me in the right direction... there is apparently no documented way of doing this. What i need to do is find out what TCP & UDP ports (if any) my program is listening on. There is a program called Inzider (www.ntsecurity.nu) that can find the ports attached to all processes - i only need to find out the ones that my program is attached to though so it should be just a little bit easier than that... i think it may be via SetWindowsHookEx(), but i am not sure - it doesnt appear to use any winsock APIs...
    does anyone have any ideas about this???


    ------------------
    -

  • #2
    Wayne

    I'm not clear about what you mean: by definition if your program
    is listening for incoming connections it obviously know what ports
    it's listening on.

    Please explain what you mean in greater detail.

    Cheers

    Florent

    ------------------

    Comment


    • #3
      Florent, Inzider has two exported functions in its main dll - inject, and eject... what goes on in the middle im not sure, but it is able to produce a result like this:
      Code:
       Found UDP port  2903 bound at 127.0.0.1 by C:\Program Files\Microsoft Internet\iexplore.exe (PID=316) [UDP Client]
       Found UDP port  3340 bound at 127.0.0.1 by C:\Program Files\Microsoft Internet\iexplore.exe (PID=316) [UDP Client]
      Typically my program would know what sockets it is listening on just by querying the local port property of the socket, easy... but in this case I cant, and there may be sockets bound to my program that I cant 'read'. Hard to explain, but _why_ is irrelevant - does anybody know _how_?
      The main URL for Inzider is http://www.ntsecurity.nu/toolbox/inzider/
      the author doesnt seem willing to respond to email :|
      I basically need to do exactly what Inzider does, but just for my process - that's all ... apparently these values are all stored away for easy access under 'nix, but not under Windows
      Any thoughts are very much appreciated

      ------------------
      -

      Comment


      • #4
        What you say does not make real sense: what you want is a port
        scanner but you just want to scan the ports opened by your own
        process?

        I don't really care why you need this functionality - I can tell
        you though that there are MANY different ways if which a port
        scanner may be written.

        The author of the program at the link you posted says that
        "[...]moment I haven't seen any other program that does what
        inzider does" although this does not mean that the way he
        did it is the only way.

        One of the simplest forms of port scanning is literally to try to
        connect to every port on a system; you can also do ping (icmp) sweeps),
        etc...

        If you want to get some ideas about how you could implement such
        a beast I'd recommend you have a look for "nmap": I believe it comes
        with source and although it's a Linux program you'll probably be
        able to glean many usefule techniques.

        Cheers

        Florent

        ------------------

        Comment


        • #5
          Wayne

          I just re-read your post and now see that I probably didn't realise
          what it is that you actually want. You are probably injecting your
          program into another process and you'd like to find out what ports
          if any the process is bound to or listening on.

          An interesting challenge. Here's a tip: files, sockets, processes, etc
          all have handles.

          Cheers

          Florent

          ------------------

          Comment


          • #6
            Florent, I think you get where im getting at now - I am going to have to inject my program (using AttachThreadProcess perhaps - although Inzider doesnt use that)... I agree it will be an interesting challenge. Handles handles handles... hmm... if I could somehow enumerate all the handles that a program was using, i could get somewhere...

            I know this is uncharted territory and I probably wont have much luck in succeeding, but its a good challenge...

            This API may be used?
            Code:
            DWORD GetFileType(
              HANDLE hFile   // handle to file
            );
            returns:
            FILE_TYPE_UNKNOWN The type of the specified file is unknown. 
            FILE_TYPE_DISK The specified file is a disk file. 
            FILE_TYPE_CHAR The specified file is a character file, typically an LPT device or a console. 
            FILE_TYPE_PIPE The specified file is either a named or anonymous pipe.
            Here's a dump of the API calls from inz.dll:
            Code:
            GetModuleFileNameA
            GetCurrentProcessId
            KERNEL32.dll
            CallNextHookEx,SetWindowsHookExA,UnhookWindowsHookEx
            USER32.dll
            RegQueryValueExA,RegOpenKeyExA
            ADVAPI32.dll
            WSOCK32.dll
            GetCommandLineA,GetProcAddress,GetModuleHandleA,GetVersion,
            InitializeCriticalSection,DeleteCriticalSection,EnterCriticalSection,
            LeaveCriticalSection,ExitProcess,HeapFree,GetLastError,CloseHandle,
            GetCurrentThreadId,TlsSetValue,TlsAlloc,TlsFree,SetLastError,TlsGetValue,
            HeapCreate,HeapDestroy,SetHandleCount,GetFileType,GetStdHandle,
            GetStartupInfoA,GetCPInfo,GetACP,GetOEMCP,FreeEnvironmentStringsA,
            GetEnvironmentStrings,FreeEnvironmentStringsW,GetEnvironmentStringsW,
            WideCharToMultiByte,WriteFile,HeapAlloc,SetStdHandle,FlushFileBuffers,
            SetFilePointer,CreateFileA,LoadLibraryA,SetEndOfFile,ReadFile
            Ill start at GetModuleFileNameA and work my way down... msdn and a slab of coke here I come ...


            [This message has been edited by Wayne Diamond (edited October 05, 2000).]
            -

            Comment


            • #7
              From yer local NT administrator (That's me *Grin*)

              Netstat -a from a command prompt will give you what you want.
              Pipe it into a file if it goes too fast....

              Netstat -a > c:\Net.txt

              Or something like that.

              You will see anything from LISTENING, ESTABLISHED, TIME_WAIT etc etc..


              Scott

              ------------------
              Scott
              mailto:[email protected][email protected]</A>
              Scott Turchin
              MCSE, MCP+I
              http://www.tngbbs.com
              ----------------------
              True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

              Comment


              • #8
                Wayne

                if all you want is to monitor winsock calls, i.e, monitor TCP/UDP
                traffic based on the winsock stack: instead of injecting of injecting
                your program into another's space there is a much better way of
                doing it.

                It's called winsock hooking which is basically a winsock layered
                service provider. Look it up but note that as far as I know it'll
                only work withe winsock 2.x not 1.0

                Cheers

                Florent

                ------------------

                Comment


                • #9
                  Scottie, unfortunately I cant use netstat because it doesn't tell me which ports are my programs, and which are used by other programs...

                  Florent, I think I may have to look into the 'socket hooking' youve described, I dont know if it will help or not but it sounds like a blast anyway




                  ------------------
                  -

                  Comment


                  • #10
                    Originally posted by Wayne Diamond:
                    Scottie, unfortunately I cant use netstat because it doesn't tell me which ports are my programs, and which are used by other programs...
                    Wayne,

                    talking about NETSTAT, I just remebered this one:
                    2)See all open winsock connections - API replacement for Netstat!

                    Category: Windows API Call/ Explanation
                    Level: Advanced

                    Description: This is a complete API call replacement for the dos Netstat
                    command. The example will show all open connections, and the API calls are
                    encapsulated in a Class module that can also retrieve all listening ports on
                    the local computer.
                    This module and demonstration project also allow you to kill TCP
                    connections - in the demonstration right click on a current connection...
                    Includes caching DNS lookup code to get the domain names of the servers you
                    are connecting to! Credit to Michael Tutty for the original DNS client code.

                    Complete source code is at:
                    http://www.planet-source-code.com/vb...11834&lngWId=1
                    Knuth

                    ------------------
                    http://www.softAware.de

                    Comment


                    • #11
                      Knuth,
                      I saw that sample the other day - killing connections is a cute feature, but unfortunately I don't think the solution to this problem has anything to do with Winsock or SNMP (which netstat uses) ... there are no API calls in Inzider that relate to either Winsock or SNMP, so I believe that Florent may be on the right track with handles ... there are various Handle API calls that it uses
                      The plot thickens ...



                      ------------------
                      -

                      Comment

                      Working...
                      X