I have to test the value from client to server using different protocols (Tcp , UDP , Sctp).
Please guide how it can be possible. Is there any way in windows to change the protocol or is there anyway to find it by using software like packet tracer .
Thanks
While the question is not entirely clear, it sounds as though your interested in seeing the information sent between the client and the server when each of those protocols is used.
Windows does not provide a built in utility to view packet data but it can be viewed using a packet analyser such as Wireshark.
In order to see the values sent by each protocol you must run a client for each of the protocols and use it to connect to the server for that protocol. If you don't have a server to connect to, you may need to run one on your local machine.
You can narrow down the data captured to just the protocol you're interested in using a filter in Wireshark If you don't know the protocol being used, you can filter by the port number used for that connection which can be established using the netstat command.
You may need to use netstat -b to show you which programs are using which ports.
If you just have to generate packets using different protocols then the tool like netcat can also help. It supports TCP and UDP and has been ported to windows .
Related
I have a Adafruit Huzzah32. I am using wifi as the transport.
I am trying to get the WebServer and WebSocket to work together. Is there any example of this?
I have tried a couple different libraries, but none of them seem to do both server pages and WS socket handling on the same port.
I can set them up separately, but then I have to use 2 different ports and I would like them to be on the same port.
What you're asking for doesn't make any sense.
Port numbers uniquely identify the service using the TCP connection. They determine how the connection's data is handled. You can't have two different things using one port because the port number is what's used to distinguish between them.
What is it that you're actually trying to accomplish by trying to use the same port number?
In Windows (Vista and later) is there a way, or a tool, that can aide in determining wether an existing, already established, outgoing TCP connection, was created with the SO_KEEPALIVE option.
On Unix platforms, this can usually be seen using netstat (ie. 'netstat -o' will show a separate column for KEEPALIVE).
Netstat on Windows does not have this feature. Nor does other Microsoft/SysInternals network tools I've tested.
I don't seem to be able to find a tool that can provide this information.
Scenario is: Applications running on a Windows 2008 R2 server needs to have TCP keepalive enabled on all connections it establishes. Some applications does not have the option to enable TCP keepalive, and I need some way of determining if it is enabled by default for these applications.
To be clear: I need some tool, or suggestions on how to program a tool, that shows wether existing winsock connections have TCP keepalive enabled or not. While there are other ways to determine this (such as sniffing the traffic and see if keepalive packets are sent), they all come with uncertainties. Also, we're talking about a lot of servers and a lot of applications.
Use WireShark to see the TCP Keepalive packets. If you need to check the loopback as I did use https://github.com/nmap/npcap
I am trying to find somw Windows based tools that can help me validate TCP and UDP connection on remote machines.
My Problem (just one use case):
At work, I manage many clustered servers that I run load tests against. In order to get a rich test, I use Jmeter-Plugins which provides a Server agent that opens a TCP socket on port 4444 on a target remote machine: http://code.google.com/p/jmeter-plugins/wiki/PerfMonAgent
There are many times when I setup a new load test farm, that either the network, or the server configuration, or the ServerAgent itself can have issues and thus not allowing a Load test client to access that TCP connection.
The issue I have is that I dont know what part of the system is broken.
What I think I need:
I would like to know how I can open a TCP (not HTTP with cUrl), connection to a remote server to validate that the network allows the connection, as well as the Server firewall allows the given TCP connection to be accessed remotely.
What I have looked:
These are some of the tools I have looked at so far:
Nmap http://nmap.org
Ncat http://sourceforge.net/projects/nmap-ncat/
TCP/IP Builder http://www.drk.com.ar
Zenmap 6.01 and nmap might do the job I want, but some machines where not accessible to Zenmap when I know 100% that the server was accessible via HTTP, so that was strange.
I have looked at many tools and either they:
Dont allow remote connections
Dont seem to want to connect to a TCP socket
Or I dont understand the tools to accomplish the validation I stated above.
I would greatly appreciate all comment and suggestions to help with this re-occurring problem I face.
Mick,
Firebind.com can do what you'd like to do. Firebind is an Internet based server that can listen on any of the 65535 UDP or TCP ports. It uses a java based client to send traffic to and from the server from your machine.
Carl
www.firebind.com
I discovered almost accidentally that my machine was sending and receiving UDP packets to a machine in Poland. Not that I have any problem with Poland, I just don't know why my laptop has the need to communicate with a server there. Reverse DNS shows just the ISP providing the address to some end user. Using Wireshark, I can monitor the messages, which were indecipherable as they were probably encrypted. All packets sent from my machine had the same source port, so clearly the application that sent them opened this UDP socket to use it. I am searching for ways to:
1) enumerate all current sockets open in the system, including the process that created it and, for both TCP and UDP, what ports and addresses they are current bound to.
2) because applications can open these sockets, use them, and close them right away, I would love to find (or perhaps even write) a program that once started would somehow get notification each time a socket gets created, or really more importantly when bound to a source and/or destination address and port. For UDP, I would love to also be able to monitor/keep track of the destination IP addresses and ports that socket has sent messages to.
I don't want to monitor the traffic itself, I have Wireshark if I want to view the traffic. I want to be able to then cross reference to discover what application is generating the packets. I want to know if it is from a process I trust, or if it is something I need to investigate further.
Does anybody know of any applications (for the Windows platform) that can do this? If not, any ideas about a .NET or Windows API that provides this capability, should I want to write it myself?
Edit:
After further research - looks like the APIs to use are GetExtendedUdpTable and GetExtendedTcpTable, CodeProject.com has some samples wrapping these in .NET (see http://www.codeproject.com/Articles/14423/Getting-the-active-TCP-UDP-connections-using-the-G). So a combination of this API and some sniffer code would be needed to monitor and keep track of what hosts at what ports using what protocol any particular application on your machine is talking to. If I ever get some free time, I'll consider creating this, if you know of an app that does all this, please let me know.
Try SysInternals TCPView. Despite its name, it handles UDP as well.
netstat -b to enumerate all ports along with the process names.
You can try using SysInternals' Process MOnitor (ProcMon.exe or ProcMon64.exe).
It allows for filtering of Processes by "UDP Send" Operation - and provides detailed UDP Connection data, including source and destination addresses(IP) and ports etc.
I have to make a windows based application for which captures network traffic per application where some of running application uses same port number for sending and receiving the packets.
I have used winpcap and successfully captured and filtered them port wise and destination wise but I dont know how to capture them application wise that means how to know application information from ip packets.
Is only winpcap can solve the problem or some other api's or library shoud be used.
Can we get the application information from which packet is generated from packet header?
**
Can anyone give me example that uses iphlpapi and winpcap in vc++ for capturing network traffic per application.
**
I don't think this is possible with winpcap.
Take a look at Windows Filtering Platform. It's not advanced at all.If you look in the samples you can find one which does exactly what you want.
winpcap doesn't have a good way to tell what process is sending what data.
But windows does.
try using
netstat -a -o
netstat is a program that tells you what ports are being used on your terminal.
-a switch says, "show me all the ports"
-o switch says, "show me the pid of the processes using this port"
you can't see what port your processes are sending on, but you can see what ports are receving on for udp packets.
for tcp packets you'll see all the info you could want, includeing the remote connections ip address.