Solved

How to know which TCP ports are busy

Posted on 1998-10-09
10
613 Views
Last Modified: 2008-02-20
In TCP, How do I know which ports in my computer are busy or not available?
Socket API? "Dos" Command?
0
Comment
Question by:ronit051397
  • 5
  • 5
10 Comments
 
LVL 5

Expert Comment

by:inter
ID: 1342324
There is an snmp API for this, give your mail and I am going to post my conversion of netstat like project to you...
(sorry I can not retreive your mail because I can't enter shared effort)
regards, igor
0
 
LVL 5

Author Comment

by:ronit051397
ID: 1342325
Thanks,   ronith@cmr.co.il
0
 
LVL 5

Expert Comment

by:inter
ID: 1342326
did you receive the mail, I have some problems with server?
0
 
LVL 5

Author Comment

by:ronit051397
ID: 1342327
Thanks, I have got the mail. I am checking.
0
 
LVL 5

Author Comment

by:ronit051397
ID: 1342328
I have checked it. On a brief test it looks OK.
If you post as an answer the address of the site where this example can be downloaded, I'll grade your answer.

Thanks,
Ronit
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 5

Expert Comment

by:inter
ID: 1342329
I have translated the thing from 'C' with permission of the  Mark Russonovich
from www.ntinternals.com. Do you want me to put the source here? (I gets verry very bad but if you want so?)
0
 
LVL 5

Author Comment

by:ronit051397
ID: 1342330
Yes, If you don't mind, so the others can see the source if they pay points to see the answer.
0
 
LVL 5

Expert Comment

by:inter
ID: 1342331
Sure friend, but please wait a few minutes so I format the code that can be displayed without wrapping
0
 
LVL 5

Author Comment

by:ronit051397
ID: 1342332
OK, I am going now, I'll be back within few days, then I'll grade your answer.
0
 
LVL 5

Accepted Solution

by:
inter earned 200 total points
ID: 1342333
Here is the unit for monitorin TCP and UDP connections:
After including it you should call

   NetStat(ListBox1.Items);  //or any compatible TStrings

//---------------------------------------------------------------------
//   NETSTAT translation with permission of the  Mark Russonovich
//   from www.ntinternals.com
//   simply add this unit to your uses clause and call it as
//     NetStat(listbox1.items)
//   you can see the details below
//---------------------------------------------------------------------
unit snmp;
interface
uses
  Classes,Windows, WinSock, SysUtils, Dialogs;
// export to other units
function NetStat(const T : TStrings):boolean;
// ---------------------
type
  LONG = longint;
  PIntArray = ^TIntArray;
  TIntArray = array[0..16384] of UINT;
// --------------
// PARTIAL SNMP.H TRANSLATION REQUIRED HERE
const
  ASN_CONSTRUCTOR = $20;
  ASN_CONTEXTSPECIFIC = $80;
  ASN_RFC1157_GETNEXTREQUEST = (ASN_CONTEXTSPECIFIC or ASN_CONSTRUCTOR or $01);
type
  AsnObjectIdentifier = packed record
    idLength : UINT;   // number of integers in oid
    ids      : ^UINT;        // pointer to integer stream
  end;
  AsnOctetString = packed record
      stream : ^BYTE;  // pointer to octet stream
      length : UINT;   // number of octets in stream
      _dynamic : BOOL; // true if octets must be freed
    end;
  AsnInteger = LONG;
  AsnCounter = DWORD;
  AsnGauge = DWORD;
  AsnTimeticks = DWORD;
  AsnSequence = AsnOctetString;
  AsnImplicitSequence = AsnOctetString;
  AsnIPAddress = AsnOctetString;
  AsnDisplayString = AsnOctetString;
  AsnOpaque = AsnOctetString;
  AsnObjectName = AsnObjectIdentifier;
  AsnNetworkAddress = AsnIPAddress;
  AsnAny = record
      asnType : BYTE;
      asnValue : packed record
          case Integer of
            1 : ( number : AsnInteger);
            2 : ( _string : AsnOctetString);
            3 : ( _object : AsnObjectIdentifier);
            4 : ( sequence : AsnSequence);
            5 : ( address : AsnIPAddress);
            6 : ( counter : AsnCounter);
            7 : ( gauge : AsnGauge);
            8 : ( ticks : AsnTimeticks);
            9 : ( arbitrary : AsnOpaque);
      end;
    end;
  AsnObjectSyntax = AsnAny;
  RFC1157VarBind = packed record
    name : AsnObjectName;      // variable's object identifer
    value: AsnObjectSyntax;     // variable's value (in asn terms)
  end;
  RFC1157VarBindList = packed record
    list : ^RFC1157VarBind;      // array of variable bindings
    len  : UINT;        // number of bindings in array
  end;
// SNMP DEFS END
// ----------------
const
  HOSTNAMELEN = 256;
  PORTNAMELEN = 256;
  ADDRESSLEN  = HOSTNAMELEN+PORTNAMELEN;
type
  PTCPINFO = ^TTCPINFO;
  TTCPINFO = packed record
      prev, next : PTCPINFO;
      state,
      localip,
      localport,
      remoteip,
      remoteport : UINT;
  end;
type
  TSnmpExtensionInit = function (
    dwTimeZeroReference : DWORD;
    var hPollForTrapEvent : THandle;
    var supportedView : AsnObjectIdentifier ) : BOOL; stdcall;
  TSnmpExtensionQuery = function (
    requestType : byte;
    var variableBindings : RFC1157VarBindList;
    var errorStatus : AsnInteger;
    var errorIndex : AsnInteger) : BOOL; stdcall;
//
// Possible TCP endpoint states
//
const
  TcpState : array[0..11] of string = (
      '???',
      'CLOSED',
      'LISTENING',
      'SYN_SENT',
      'SEN_RECEIVED',
      'ESTABLISHED',
      'FIN_WAIT',
      'FIN_WAIT2',
      'CLOSE_WAIT',
      'CLOSING',
      'LAST_ACK',
      'TIME_WAIT');
//
// Lists of endpoints
//
var
  TcpInfoTable,
  UdpInfoTable : TTCPINFO;
  SnmpExtensionInit : TSnmpExtensionInit;
  SnmpExtensionQuery: TSnmpExtensionQuery;
implementation
//------------------------------------------------------------
//
// GetPortName
//
// Translate port numbers into their text equivalent if
// there is one
//
//------------------------------------------------------------

function GetPortName(port: UINT; proto, name: PChar; namelen: integer): PChar;
var
  psrvent: Pservent;
begin
  psrvent := getservbyport(htons(port), proto);
  if (psrvent <> nil) then
    StrCopy(name, psrvent^.s_name)
  else
    StrCopy(name, PChar(Format('%d', [port])));
  Result := name;
end;
//------------------------------------------------------------
//
// GetIpHostName
//
// Translate IP addresses into their name-resolved form
// if possible.
//
//------------------------------------------------------------

function GetIpHostName(local: BOOL; ipaddr: UINT; name: PChar; namelen: integer): PChar;
var
  _phostent: PHostEnt;
  nipaddr: UINT;
begin
  nipaddr := htonl(ipaddr);
  if (ipaddr <> 0) then
  begin
    if (local) then
    begin
      StrCopy(name, PChar(Format('%d.%d.%d.%d', [
        (nipaddr shr 24) and $FF,
          (nipaddr shr 16) and $FF,
          (nipaddr shr 8) and $FF,
          (nipaddr) and $FF])));
    end
    else
    begin
      gethostname(name, namelen);
    end
  end else if (ipaddr = $0100007F) then
  begin
    if (local) then
    begin
      gethostname(name, namelen);
    end
    else
    begin
      StrCopy(name, 'localhost');
    end
  end else begin
    _phostent := gethostbyaddr(@ipaddr, sizeof(nipaddr), PF_INET);
    if (_phostent <> nil) then
    begin
      strcopy(name, _phostent^.h_name);
    end else
    begin
      StrCopy(name, PChar(Format('%d.%d.%d.%d', [
        (nipaddr shr 24) and $FF,
          (nipaddr shr 16) and $FF,
          (nipaddr shr 8) and $FF,
          (nipaddr) and $FF])));
    end
  end;
  Result := name;
end;
//------------------------------------------------------------
//
// LoadInetMibEntryPoints
//
// Load the TCP/IP SNMP extension DLL and locate the entry
// points we will use.
//
//------------------------------------------------------------

function LoadInetMibEntryPoints: boolean;
var
  hInetLib: THandle;
begin
  hInetLib := LoadLibrary('inetmib1.dll');
  if (hInetLib = 0) then
  begin
    Result := FALSE;
    Exit;
  end;
  @SnmpExtensionInit := GetProcAddress(hInetLib, 'SnmpExtensionInit');
  if (@SnmpExtensionInit = nil) then
  begin
    Result := FALSE;
    Exit;
  end;
  @SnmpExtensionQuery := GetProcAddress(hInetLib, 'SnmpExtensionQuery');
  if (@SnmpExtensionQuery = nil) then
  begin
    Result := FALSE;
    Exit;
  end;
  Result := true;
end;
//------------------------------------------------------------
//
// Main
//
// Do it all. Load and initialize the SNMP extension DLL and
// then build a table of TCP endpoints and UDP endpoints. After
// each table is built resolve addresses to names and print
// out the information
//
//------------------------------------------------------------

function NetStat(const T: TStrings): boolean;
var
  hTrapEvent: THandle;
  hIdentifier: AsnObjectIdentifier;
  bindList: RFC1157VarBindList;
  bindEntry: RFC1157VarBind;
  errorStatus, errorIndex: AsnInteger;
  currentEntry, newEntry: PTCPINFO;
  currentIndex: UINT;
  wVersionRequested: WORD;
  wsaData: TWSADATA;
  localname, remotename: array[0..HOSTNAMELEN] of char;
  remoteport, localport: array[0..PORTNAMELEN] of char;
  localaddr, remoteaddr: array[0..ADDRESSLEN] of char;
const
  tcpidentifiers: array[0..9] of UINT = (1, 3, 6, 1, 2, 1, 6, 13, 1, 1);
  udpidentifiers: array[0..9] of UINT = (1, 3, 6, 1, 2, 1, 7, 5, 1, 1);
begin
  Result := false;
  FillChar(bindEntry, sizeof(bindEntry), 0);
  try
 //
 // Initialize winsock
 //
    wVersionRequested := $0101;
    if (WSAStartup(wVersionRequested, wsaData) <> 0) then
    begin
      ShowMessage('Could not initialize Winsock.');
      Exit;
    end;
 //
 // Locate and initialize INETMIB1
 //
    if (not LoadInetMibEntryPoints) then
    begin
      ShowMessage('Could not load extension DLL.');
      Exit;
    end;
    if (not SnmpExtensionInit(GetCurrentTime, hTrapEvent, hIdentifier)) then
    begin
      ShowMessage('Could not initialize extension DLL.');
      Exit;
    end;
 //
 // Initialize the query structure once
 //
    bindEntry.name.idLength := $A;
    bindEntry.name.ids := @tcpidentifiers[0];
    bindList.list := @bindEntry;
    bindList.len := 1;
    TcpInfoTable.prev := @TcpInfoTable;
    TcpInfoTable.next := @TcpInfoTable;
 //
 // Roll through TCP connections
 //
    currentIndex := 1;
    currentEntry := @TcpInfoTable;
    while (true) do
    begin
      if (not SnmpExtensionQuery(ASN_RFC1157_GETNEXTREQUEST,
        bindList, errorStatus, errorIndex)) then
      begin
        Exit;
      end;
  //
  // Terminate when we're no longer seeing TCP information
  //
      if (bindEntry.name.idLength < $A) then break;
  //
  // Go back to start of table if we're reading info
  // about the next byte
  //
      if (currentIndex <> PIntArray(bindEntry.name.ids)^[9]) then
      begin
        currentEntry := TcpInfoTable.next;
        currentIndex := PIntArray(bindEntry.name.ids)^[9];
      end;
  //
  // Build our TCP information table
  //
      case PIntArray(bindEntry.name.ids)^[9] of
        1: begin
   //
   // Always allocate a new structure
   //
            new(newEntry);
            newEntry^.prev := currentEntry;
            newEntry^.next := @TcpInfoTable;
            currentEntry^.next := newEntry;
            currentEntry := newEntry;
            currentEntry^.state := bindEntry.value.asnValue.number;
          end;
        2: begin
            currentEntry^.localip :=
              PIntArray(bindEntry.value.asnValue.address.stream)^[0];
            currentEntry := currentEntry^.next;
          end;
        3: begin
            currentEntry^.localport :=
              bindEntry.value.asnValue.number;
            currentEntry := currentEntry^.next;
          end;
        4: begin
            currentEntry^.remoteip :=
              PIntArray(@bindEntry.value.asnValue.address.stream)^[0];
            currentEntry := currentEntry^.next;
          end;
        5: begin
            currentEntry^.remoteport :=
              bindEntry.value.asnValue.number;
            currentEntry := currentEntry^.next;
          end;
      end;
    end;
 //
 // Now print the connection information
 //
    T.Add(Format('%7s %-30s %-30s %s', ['Proto', 'Local', 'Remote', 'State']));
    currentEntry := TcpInfoTable.next;
    while (currentEntry <> @TcpInfoTable) do
    begin
      StrCopy(localaddr, PChar(Format('%s:%s', [
        GetIpHostName(TRUE, currentEntry^.localip, localname, HOSTNAMELEN),
          GetPortName(currentEntry^.localport, 'tcp', localport, PORTNAMELEN)])));
      if currentEntry^.remoteip = 0 then
        remoteport := '0'
      else
        GetPortName(currentEntry^.remoteport, 'tcp', remoteport, PORTNAMELEN);
      StrCopy(remoteaddr, PChar(Format('%s:%s', [
        GetIpHostName(FALSE, currentEntry^.remoteip, remotename, HOSTNAMELEN),
          remoteport])));
      T.Add(Format('%7s %-30s %-30s %s', ['TCP',
        localaddr, remoteaddr,
          TcpState[currentEntry^.state]]));
      currentEntry := currentEntry^.next;
    end;
 //
 // Initialize the query structure once
 //
    bindEntry.name.idLength := $A;
    bindEntry.name.ids := @udpidentifiers;
    bindList.list := @bindEntry;
    bindList.len := 1;
    UdpInfoTable.prev := @UdpInfoTable;
    UdpInfoTable.next := @UdpInfoTable;
 //
 // Roll through UDP endpoints
 //
    currentIndex := 1;
    currentEntry := @UdpInfoTable;
    while (true) do
    begin
      if not SnmpExtensionQuery(ASN_RFC1157_GETNEXTREQUEST,
        bindList, errorStatus, errorIndex) then
      begin
        Exit;
      end;
  //
  // Terminate when we're no longer seeing TCP information
  //
      if (bindEntry.name.idLength < $A) then break;
  //
  // Go back to start of table if we're reading info
  // about the next byte
  //
      if (currentIndex <> PIntArray(bindEntry.name.ids)^[9]) then
      begin
        currentEntry := UdpInfoTable.next;
        currentIndex := PIntArray(bindEntry.name.ids)^[9];
      end;
  //
  // Build our TCP information table
  //
      case PIntArray(bindEntry.name.ids)^[9] of
        1: begin
   //
   // Always allocate a new structure
   //
            new(newEntry);
            newEntry^.prev := currentEntry;
            newEntry^.next := @UdpInfoTable;
            currentEntry^.next := newEntry;
            currentEntry := newEntry;
            currentEntry^.localip :=
              PIntArray(@bindEntry.value.asnValue.address.stream)^[0];
          end;
        2: begin
            currentEntry^.localport :=
              bindEntry.value.asnValue.number;
            currentEntry := currentEntry^.next;
          end;
      end;
    end;
 //
 // Now print the connection information
 //
    currentEntry := UdpInfoTable.next;
    while (currentEntry <> @UdpInfoTable) do
    begin
      T.Add(Format('%7s %s:%s', ['UDP',
        GetIpHostName(TRUE, currentEntry^.localip, localname, HOSTNAMELEN),
          GetPortName(currentEntry^.localport, 'udp', localport, PORTNAMELEN)]));
      currentEntry := currentEntry^.next;
    end;
    Result := true;
  finally
    WSACleanup;
  end;
end;

end.

regards, igor
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now