Is there some sort of tools to debug bittorrent?
e.g. I wish to query tracker to get peer list.
I wish to check if I able to connect to certain peer.
I have odd behavior in my home network.
I wish to understand how it works and I can't find any tools to simulate torrent.
PS I already made a simple python app to check if I can receive UDP packets
import socket
port = 50000
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind(("", port))
print "waiting on port:", port
while 1:
data, addr = s.recvfrom(1024)
print data
and I can send ncat $IP $PORT -u -v
But now when I know I can send packet to certain port and it is opened.
I wish to check if I can talk with torrent app on that port.
One torrent client works and other don't I want to know what is wrong.
There is no "The Bittorrent Debugger", but you can use various tools to diagnose problems.
You can use nmap locally or web services providing a frontend to remote nmap instances to probe the reachability of ports.
You can use wireshark with the bittorrent dissector to debug the protocol itself, some understanding of the bittorrent protocol is required for that.
Some clients (e.g. vuze) provide very verbose logging, down to individual bittorrent messages which can help with diagnosing problems.
You can run a second client on a different port or on a virtual machine and have them talk to each other over the local network to exclude potential router/firewall issues.
What I have done to debug protocol issues in my own code is that I have various VMs/containers set up with 1 running a tracker (opentracker) and others running various clients and my host running my own client which I test regularly. Then I selectively start and stop the clients and make them talk to my client and the tracker and then I can easily analyze all the bittorrent traffic that's passing through between all the pieces with wireshark. You can easily extend the same setup to include multiple machines in a real network rather than VMs/containers and virtual networks.
To "make" the clients talk to each other, just create a torrent with one of the clients (most clients can make torrents from files you have) and add your own tracker to the torrent. Then add the torrent file to your other clients and they start talking to each other and distributing the data immediately.
At the end, you'll have something like this:
+-----------+
Debug client <----> | | <----> opentracker <--------> another client
^ | Wireshark | ^
| | | |
+------------> | | <-----------------------------------+
+-----------+
And you can precisely analyse the traffic you're getting through the bittorrent protocol. Wireshark even has dissectors for bittorrent TCP protocol, so you don't even have to decipher the cryptic bytes yourself.
Note that you'll have to know about the protocol itself:
Protocol and .torrent file spec
Tracker spec
Related
I am trying to find somw Windows based tools that can help me validate TCP and UDP connection on remote machines.
My Problem (just one use case):
At work, I manage many clustered servers that I run load tests against. In order to get a rich test, I use Jmeter-Plugins which provides a Server agent that opens a TCP socket on port 4444 on a target remote machine: http://code.google.com/p/jmeter-plugins/wiki/PerfMonAgent
There are many times when I setup a new load test farm, that either the network, or the server configuration, or the ServerAgent itself can have issues and thus not allowing a Load test client to access that TCP connection.
The issue I have is that I dont know what part of the system is broken.
What I think I need:
I would like to know how I can open a TCP (not HTTP with cUrl), connection to a remote server to validate that the network allows the connection, as well as the Server firewall allows the given TCP connection to be accessed remotely.
What I have looked:
These are some of the tools I have looked at so far:
Nmap http://nmap.org
Ncat http://sourceforge.net/projects/nmap-ncat/
TCP/IP Builder http://www.drk.com.ar
Zenmap 6.01 and nmap might do the job I want, but some machines where not accessible to Zenmap when I know 100% that the server was accessible via HTTP, so that was strange.
I have looked at many tools and either they:
Dont allow remote connections
Dont seem to want to connect to a TCP socket
Or I dont understand the tools to accomplish the validation I stated above.
I would greatly appreciate all comment and suggestions to help with this re-occurring problem I face.
Mick,
Firebind.com can do what you'd like to do. Firebind is an Internet based server that can listen on any of the 65535 UDP or TCP ports. It uses a java based client to send traffic to and from the server from your machine.
Carl
www.firebind.com
I discovered almost accidentally that my machine was sending and receiving UDP packets to a machine in Poland. Not that I have any problem with Poland, I just don't know why my laptop has the need to communicate with a server there. Reverse DNS shows just the ISP providing the address to some end user. Using Wireshark, I can monitor the messages, which were indecipherable as they were probably encrypted. All packets sent from my machine had the same source port, so clearly the application that sent them opened this UDP socket to use it. I am searching for ways to:
1) enumerate all current sockets open in the system, including the process that created it and, for both TCP and UDP, what ports and addresses they are current bound to.
2) because applications can open these sockets, use them, and close them right away, I would love to find (or perhaps even write) a program that once started would somehow get notification each time a socket gets created, or really more importantly when bound to a source and/or destination address and port. For UDP, I would love to also be able to monitor/keep track of the destination IP addresses and ports that socket has sent messages to.
I don't want to monitor the traffic itself, I have Wireshark if I want to view the traffic. I want to be able to then cross reference to discover what application is generating the packets. I want to know if it is from a process I trust, or if it is something I need to investigate further.
Does anybody know of any applications (for the Windows platform) that can do this? If not, any ideas about a .NET or Windows API that provides this capability, should I want to write it myself?
Edit:
After further research - looks like the APIs to use are GetExtendedUdpTable and GetExtendedTcpTable, CodeProject.com has some samples wrapping these in .NET (see http://www.codeproject.com/Articles/14423/Getting-the-active-TCP-UDP-connections-using-the-G). So a combination of this API and some sniffer code would be needed to monitor and keep track of what hosts at what ports using what protocol any particular application on your machine is talking to. If I ever get some free time, I'll consider creating this, if you know of an app that does all this, please let me know.
Try SysInternals TCPView. Despite its name, it handles UDP as well.
netstat -b to enumerate all ports along with the process names.
You can try using SysInternals' Process MOnitor (ProcMon.exe or ProcMon64.exe).
It allows for filtering of Processes by "UDP Send" Operation - and provides detailed UDP Connection data, including source and destination addresses(IP) and ports etc.
I have to test the value from client to server using different protocols (Tcp , UDP , Sctp).
Please guide how it can be possible. Is there any way in windows to change the protocol or is there anyway to find it by using software like packet tracer .
Thanks
While the question is not entirely clear, it sounds as though your interested in seeing the information sent between the client and the server when each of those protocols is used.
Windows does not provide a built in utility to view packet data but it can be viewed using a packet analyser such as Wireshark.
In order to see the values sent by each protocol you must run a client for each of the protocols and use it to connect to the server for that protocol. If you don't have a server to connect to, you may need to run one on your local machine.
You can narrow down the data captured to just the protocol you're interested in using a filter in Wireshark If you don't know the protocol being used, you can filter by the port number used for that connection which can be established using the netstat command.
You may need to use netstat -b to show you which programs are using which ports.
If you just have to generate packets using different protocols then the tool like netcat can also help. It supports TCP and UDP and has been ported to windows .
I have to make a windows based application for which captures network traffic per application where some of running application uses same port number for sending and receiving the packets.
I have used winpcap and successfully captured and filtered them port wise and destination wise but I dont know how to capture them application wise that means how to know application information from ip packets.
Is only winpcap can solve the problem or some other api's or library shoud be used.
Can we get the application information from which packet is generated from packet header?
**
Can anyone give me example that uses iphlpapi and winpcap in vc++ for capturing network traffic per application.
**
I don't think this is possible with winpcap.
Take a look at Windows Filtering Platform. It's not advanced at all.If you look in the samples you can find one which does exactly what you want.
winpcap doesn't have a good way to tell what process is sending what data.
But windows does.
try using
netstat -a -o
netstat is a program that tells you what ports are being used on your terminal.
-a switch says, "show me all the ports"
-o switch says, "show me the pid of the processes using this port"
you can't see what port your processes are sending on, but you can see what ports are receving on for udp packets.
for tcp packets you'll see all the info you could want, includeing the remote connections ip address.
Is it possible to track XWindow protocol with a tool? I thought wireshark would be a good framework to host such an idea but there seems no support. What should be done to achieve this goal?
Wireshark does have the ability to dissect the X-Window protocol.
However: You first have to be able to capture the actual X-Window traffic between an X-client (app) and an X-Server before Wireshark can dissect it.
X-Windows traffic between an app (X-Windows client) and an X-Windows Server both running on your local machine probably uses "Unix Domain sockets" to do direct interprocess communication (IPC) between the client and the server. There's no underlying network protocol used and thus the traffic is (AFAIK) not capturable for dissection by Wireshark).
It's been a while since I've dealt with X but I think basically what is needed is that an X-Server be running on a box such that the server is listening for (and willing to accept) network connections. If an Xclient app on a remote node (or local node ?) then connects to the XServer over the network, you will then be able to capture that traffic for dissection by Wireshark.
X is complicated; If you're not familiar with the details of running X, you'll need to do some reading or ask for additional info. I've long since blanked out details related to X.
It is possible in principle to capture X-Window protocol that goes through Unix socket using strace. Then it is possible to wrap this packet for Wireshark using text2pcap.
Example:
capture X-window protocol frames that goes to X-server with pid 1998 on unix socket with file descriptor 41:
bash$ sudo strace -e trace=read,write -e read=41 -p 1998 2>&1 | grep '^[ ]|' >/tmp/xdata.log
prepare the captured data for wireshark:
bash$ text2pcap -T 1234,6000 /tmp/xdata.log /tmp/xdata.dump
Now one can use wireshark on /tmp/xdata.dump.
Back in the '80s, there was an open source Xwindow proxy program that would be placed between the Server and the client. It was written in 'C' and easily modifiable to count types of messages, or volume of data passing in each direction. It also recognized malformed Xprotocol that would result when folks used the wrong functions in interrupt handlers.
I can't remember the name, but maybe searching on "Xwindow proxy" might help...
I'm not sure what the XWindow protocol is, but you could make a Lua Dissector for Wireshark:
http://wiki.wireshark.org/Lua