I am looking at creating a network monitoring system for Windows 7/8. My process needs to be able to monitor events e.g. Addition of a new ARP Entry, Network Up/Down on different interfaces, DHCP success/renew etc.
Is there a way by which a program can register to get all these system wide events without having to Poll using the standard APIs? I definitely do not want to sleep and keep reading the ARP table to check if a new entry is added.
I am coding in Visual C++.
Related
I do have two computers which are used to control an industrial plant. One of them controls the plant, the other is used as a failsafe. They are directly connected over ethernet, and the inactive" one just mirrors the display of the main controller.
I did capture the network traffic between the two and when i open it up in wireshark i see its all X11 traffic. It does include the initial connection request and also includes all the "draw calls" in plain text.
I now want to "replay" this captured stream and recreate the screen content from it. Is there any program available which can do so? Ideally directly from the wireshark capture file
My thoughts so far:
I can easily replay the network data itself and send it to some socket, but the communication is specific to the session, e.g. some commands refer to specific handle values set up earlier. Its unlikely a new session would work with the same values so i cant just pipe it into some program
What you see from your connection is only your connection requests + events relevant to the windows created by you ( or other's client windows where your connection sets an event mask ), and because of that quite a lot is lost. I'm not aware of the programs that can reconstruct best possible version of the screen from one client traffic but it's certainly not possible to have 100% accurate copy of the screen and best possible model will be far away from real screen (unless your connection periodically polls for backing store content of each mapped window).
Windows has SENS API which applications can use to get notified about logon/logoff and display lock/unlock events. Is there anything similar for X11/X.org or generally available interfaces and APIs in Linux desktops? I basically want something that would allow me to react to that within the user session.
Logind (which not all distros use) has an object on the system DBus. The signals of this object are available to any program and are documented as:
The SessionNew(), SessionRemoved(), UserNew(), UserRemoved(), SeatNew(), SeatRemoved() signals are sent each time a session is created or removed, a user logs in or out, or a seat is added or removed.
https://www.freedesktop.org/wiki/Software/systemd/logind/
If logind is not in use, PAM might be your next best option, as sanjeev suggested. He links to https://unix.stackexchange.com/questions/162783/how-can-i-detect-a-user-login-programmatically. However, note that this requires changing the system configuration and cannot be just subscribed to by any program.
Interacting with the screensaver is even less portable. For example, GNOME exposes a screensaver object on the user DBus instance. It is also possible to get events from the X11 server via the "SCREEN-SAVER" extension, but of course this is not available with Wayland.
https://people.gnome.org/~mccann/gnome-screensaver/docs/gnome-screensaver.html (Random Google result)
https://www.x.org/releases/X11R7.7/doc/scrnsaverproto/saver.html#Events
Is there a way to monitor netns creation/deletion in the kernel?
iproute2 provides means to monitor this but it does by using inotify, looking for creation/deletion of a netns fd in /var/run/netns.
Often times a netns is created without an entry in /var/run/netns.
Ideally a netns creation/deletion notification should be available via netlink message from the kernel but it does not seem to be the case.
Watching for /proc/<pid> creation and then stat(ing) /proc/<pid>/ns/net does not seem like a feasible option.
I have a device that sends data to Hyperterminal. What I want is that when a certain piece of text appears is to get an alert, either audible or visual. Is there any software/scripts etc available that might of that functionality?
You'd probably be as well using vb .net or similar and listen to the device using the comms port directly. You can then trigger an event based on the returned data.
There's some useful info here:
How to access serial and parallel ports by using Visual Basic .NET
I've been given a task to write some code to notify administrators if the device sends a trap. Also I'd like to be able to check upon the device as well.
I'm not so sure where to begin. Is there a test server online where I can test if I setup the device correctly? (Whether it send traps according to the condition I set?)
If I were to write code to monitor this device, I think I should learn how the snmp and mib files work exactly. Is there good summary and reference for me?
Is there some simple example code for snmp?
download any trial based S/W to receive traps on your system like LoriotProV6 or SolarWids.
In windows based sys open run evntwin.exe n select ur preferred options to generate traps like SNMP.
Here you need to check for Trapping column if it says "Yes" then only select it..
or else it wont mean any thing.
then click add run ur SNMP services.
To rum SNMP services go to control panel-> Add/Remove -> Add/Remove Windows component -> check Management & Monitoring click on details n check SNMP & WMI options.
now go to control panel-> Administrator tools -> Services -> search SNMP services n& start it.
You can consider 2 basic ways to check whether the device of interest generating/sending out SNMP traps.
You can just run wireshark on the device (if possible) or on the target server (where the traps supposed to arrive). Then you can filter the traffic using default SNMP ports. For example it could be one of the following: 161, 162, 10161, 10162.
You can install a MIB browser on the target server and see if any traps arrive. There are number of available free applications on the web.