How can I effectively trace the raw data sent to my socket server listening on a win32 machine? I want the trace to be specific to the port my server is listening on, so I can monitor only that traffic.
I want to see how the data exchange works on the wire.
You could use:
Microsoft Network Monitor
or
Ethereal
or
Wireshark
They all come with rich filtering capabilities so filtering on a single port / address or protocol should be quite easy.
Related:
Free Network Monitor
How to Debug/Monitor SMTP Communications?
ETW can do it. ETW is built in to windows you don't need external tools. Here is blog post on that from technet.
Related
I have a concox GT06 device from which I want to send tracking data to my AWS Server.
The coding protocol manual that comes with it only explains the data structure and protocol.
How does my server receive the GPS data collected by my tracker?
Verify if your server allows you to open sockets, which most low cost solutions do NOT allow for security reasons (i recommend using an Amazon EC2 virtual machine as your platform).
Choose a port on which your application will listen to incoming data, verify if it is open (if not open it) and code your application (i use C++) to listen to that port.
Compile and run your application on the server (and make sure that it stays alive).
Configure your tracker (usually by sending an sms to it) to send data to your server's IP and to the port which your application is listening to.
If you are, as i suspect you are, just beginning, consider that you will invest 2 to 3 weeks to develop this solution from scratch. You might also consider looking for a predeveloped tracking platform, which may or may not be acceptable in terms of data security.
You can find examples and tutorials online. I am usually very open with my coding and would gladly send a copy of the socket server, but, in this case, for security reasons, i cannot do so.
Instead of direct parsing of TCP or UDP packets you may use simplified solution putting in-between middleware backends specialized in data parsing e.g. flespi.
In such approach you may use HTTP REST API to fetch each new portion of data from trackers sent to you dedicated IP:port (called channel) or even send standardized commands with HTTP REST to connected devices.
At the same time it is possible to open MQTT connection using standard libraries and receive converted into JSON messages from devices as MQTT in real time, which is even better then REST due to almost zero latency.
If you are using python you may take a look at open-source flespi_receiver library. In this approach with 10 lines of code you may have on your EC2 whole parsed into JSON messages from Concox GT06.
What tool you suggest for logging network activity(traffic) for certain windows service?
It's windows service written in C#. Service is connecting to Mysql server in a given time intervals.
I would like to log for some period (24h) and analyse how it behaves.
Windows Resource Monitor does the job but i need it logged to file.
Datetime stamp with send and receive values will be enough.
What do you suggest?
Wireshark can log network traffic to a file, but it will not be tied to a specific Windows Service. Though you can filter so that it will record only traffic involved in a specific conversation. So, you could filter for traffic between the server and the MySql server as well as the specific port that conversation is happening on.
Wireshark is available for Windows, Linux and macOS. It is free in all senses of the word.
You can get Wireshark here: http://wireshark.org/
I'm trying to send http Post requests from a embedded device.
Is there any service I can use to send test POSTs to and see what my requests look like? Or is there any "test-webserver" I can install on my PC that dumps Http posts in a raw format?
Thanks!
Requestbin does exactly what you need.
I would say that one of the best ways of doing this would be setting up an ad-hoc wireless network and then track the traffic via Wireshark or Fiddler. You can connect the phone to the shared network and then specifically "sniff" the wireless traffic (given that the PC is connected to a wired network).
Example for Windows Phone 7:
http://dennisdel.com/?p=611
You could also try PutsReq. It is similar to RequestBin, but it is open source and you can also simulate responses and forward requests.
Debug HTTP is easy, you have all sort of tools to do it (like Fiddler). What about SMTP?
How to Debug SMTP Communications?
My target system is Windows.
Suggested tools:
Ethereal
tcpdump
Microsoft Network Monitor
For the two people who responded with Ethereal: We renamed the project to Wireshark (http://www.wireshark.org) back in 2006 due to trademark issues. I strongly recommend upgrading.
Depending on your exact issue, Wireshark's Follow TCP Stream feature is pretty useful for debugging Internet Message protocols, including SMTP.
How to capture emails with Wireshark:
Get wireshark -> Install
Into filter enter smtp click Apply
When you get filtered lines click right mouse button on one of them and select 'Follow TCP stream'.
You should get window like following
(OPTIONAL) If you want to inspect contents of email that are base64 encoded
Copy part that looks like gibberish into one of base64 to text converters, there are plenty online. You should get readable text that was sent.
Hope this saves you some time.
smtp-cli is good for this. From the homepage:
smtp-cli is a powerful SMTP command line client with a support
for advanced features, such as STARTTLS, SMTP-AUTH, or IPv6
In addition to being a full-featured client, its --verbose option makes it
the tool I think you're looking for to track down SMTP issues (like, for instance,
why a server is rejecting a given to: address, which is how I found the tool :-) )
Again from the homepage:
It's also a convenient tool for testing and debugging SMTP servers' setups.
Even the hardcore mail admins used to typing the SMTP protocol over telnet
need a specialised tool when it comes to verifying encryption settings of
their TLS enabled server with a subsequent user authentication. Such things
are pretty hard to type into a telnet session by hand :-)
Try Ethereal - its a free network protocol analyzer.
The SMTP protocol is all ascii, so once you see whats inside the TCP connection, you should be good to go.
It will take a bit of work learning how to use Ethereal.
You can use a SMTP development server, like Neptune or Antix. Both work the same way: they create a "fake" SMTP server in your machine so you can test your e-mail sending methods, without actually sending the messages they receive.
Use tools like ethereal (www.ethereal.com) or tcpdump (www.tcpdump.org), if you want to see the SMTP traffic.
If you like to check your server for compliance with relaying standards, do a
telnet relay-test.mail-abuse.org
from your SMTP server and it checks your server for relaying vulnerabilities.
F
Is there a way to monitor the FTP port so that I can know what commands my FTP application is sending to a FTP server?
I am using a closed-source FTP client application, which is not working with a closed-source FTP application server. The client and the server are not communicating well with each other, and I would like to find out why. I wish to reverse-engineer the client to see what commends the client are sending to the sever. I used a web test tool before that allowed me to monitor the content transferring through HTTP, but I can't seem to find such tool for FTP. I appreciate it if you can help me out, thanks.
Sounds like you need a packet sniffer - assuming your network admins/company policy allows it...I have used wireshark fairly successfully before.
The core FTP commands should be visible in the packets.
You can use the Wireshark application: http://www.wireshark.org/
It should have decent parsing capabilities for FTP as well as other protocols.
Can you configure a proxy with the client? Then you could install an ftp proxy server using the logging on that to see what's going on?
There's a proxy server for Linux here: http://frox.sourceforge.net/doc/FAQ.html
Paul.
Do you have access to ftp-server logs? Its likely those commands would be logged there.
If they aren't, your next option would be to configure the server to log them, if you have access.
If thats not an option or server does not log such things, then you have to go to either packet sniffer or a proxy, as suggested by previous posters.
On Unix, tcpdump might be your friend. Maybe you should first state which OS you're targeting, though.
If you have the ability (often requiring root access) to use a packet sniffer, tcpflow sniffing the TCP control channel will show you the commands and responses going back and forth in an easy-to-read format.
If you don't have such access, tools such as ktrace and strace will allow you to see all data read and written on the socket for this connection, though it will be a little work to extract it.
If you could tell us just what tool you were using for HTTP traffic, that would allow us to look for something similar for FTP traffic.