TCP/UDP Packets (2 easy questions)
-
Hi All, Q1: Any one have (simple) sample code on establishing a TCP Connection??? Q2: I need to capture some TCP/UDP Packet data (to see what a client sends to a virus server when a virus if found). I have a sniffer and the data is coming out unreadable (portions of it)?? Project Explination: I need to find out what data is being sent to a virus server which reports the virus. Once I have that, create a program that will test the reporting on all of the Virus Servers (50+). Basically send TCP/UDP message to each Server...who ever doesn't report the virus is having reporting problems. Help is much appreciated Thanks in advance, Dan
-
Hi All, Q1: Any one have (simple) sample code on establishing a TCP Connection??? Q2: I need to capture some TCP/UDP Packet data (to see what a client sends to a virus server when a virus if found). I have a sniffer and the data is coming out unreadable (portions of it)?? Project Explination: I need to find out what data is being sent to a virus server which reports the virus. Once I have that, create a program that will test the reporting on all of the Virus Servers (50+). Basically send TCP/UDP message to each Server...who ever doesn't report the virus is having reporting problems. Help is much appreciated Thanks in advance, Dan
Ok - so basically your prog is a kind of 'yes I'm here' type thing that you can run periodically to see that all hands are reporting. The real killer would be if the packets are encrypted by the reporting program - then your only hope is binary dup and pray you fool the server. But the first problem is getting the data. You will probably be looking for UDP packets arriving from the clients on the server. (Just a guess). Next, there will probably be a port number you can identify (the servers listen or 'recievefrom' sockets local port). Once you have that info, you can filter the packets accordingly and see whats being sent. Just a suggestion though - except for the fact that you'll see the virus server respond, all your testing is that the wire's not cut. You could probably write simple clients on both ends to test that. (yes even a one socket client can do some 'listening' if you don't overload it). Hmmm... surely this has been done before... hmmm... need coffee... hmmm... where's the 'sleepy' emoticon...
-
Ok - so basically your prog is a kind of 'yes I'm here' type thing that you can run periodically to see that all hands are reporting. The real killer would be if the packets are encrypted by the reporting program - then your only hope is binary dup and pray you fool the server. But the first problem is getting the data. You will probably be looking for UDP packets arriving from the clients on the server. (Just a guess). Next, there will probably be a port number you can identify (the servers listen or 'recievefrom' sockets local port). Once you have that info, you can filter the packets accordingly and see whats being sent. Just a suggestion though - except for the fact that you'll see the virus server respond, all your testing is that the wire's not cut. You could probably write simple clients on both ends to test that. (yes even a one socket client can do some 'listening' if you don't overload it). Hmmm... surely this has been done before... hmmm... need coffee... hmmm... where's the 'sleepy' emoticon...
Thanks for the info Tim. I have created a server component that will monitor a port (139 - TCP) used by the reporting Server. After I perform some tests, I'll let you know hao it turns out. Seeing that this is not anything that my firm will not have a problem with me posting the code for others to use that need to perform simular tests. Thanks in advance, Dan