Monitoring Ports

For give me for my poor english (the brazilian guy again)

How can I do to monitor tcp ports? I want to be notified before the port is open and, if possible, block the port if I want.
LVL 1
NoturnoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

steve_hskCommented:
Hi Noturno ...

You seem to be affectively writing a firewall. This is an extremely big task ! There are monitoring tools that will inform you of this, but programmatically this is a huge task.

For external monitoring tools see :-
http://www.sysinternals.com/ntw2k/utilities.shtml
and look for the TCPView and TDIMon utilities.

Writing a firewall is a complex process and has several options, of which I'll list a couple here :-

1) WinSock Hooking, or more preferrably a Layered Service Provider (LSP)>>
Whilst Winsock 1.0+ was commonly used, it was not uncommon for programmers to hook into this API for firewalling, tracing/logging, packet filtering, packet injection, etcetc. After Winsock 2.0 was produced, it is now preferred practice to create an LSP using the winsock2 Service Provider Interface (SPI). This will register your packet filtering, injection code with winsock itself, and allow many SPI's to co-exist. A study of Window's NT4/XP/2000 protocol Stack will show this SPI to be below Winsock.

2) Transport Driver Interface (TDI) Driver >>
A study of Window's NT4/XP/2000 protocol Stack will show the TDI layer below the Winsock SPI Layer. This involved writing a TDI driver, and registering this driver with the system. As with most drivers, it can then be interfaced with by an app or a service appropriately. For firewalling, this is preferred to the Winsock SPI, as it is lower down the protocol stack, and subsequently has less chance of being evaided.

3) Network Driver Interface Specification (NDIS) Driver >>
This is the lowest possible layer you will have access to, and subsequently is the best layer to evoke packet filtering  and firewalling processes.

NOTE : A good firewall will actually operate on all three layers, to prevent Denial of Service attacks and Internal Virus attacks.

There are also flavours of each type, and intermediate drivers to boot :-) just in case that wasn't enough already.

I don't wont to overload you with information, as this topic is huge, and certainly not one to master quickly (I'm still studying).

1) This site is great - Good overview, AND Details :
http://www.ndis.com/papers/winpktfilter.htm

2) Good Description of the Drivers :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/network/hh/network/304tovw_9vxj.asp

3) An excellant FAQ and resource site :
http://www.pcausa.com/resources/ndisfaq.htm

4) Example LSP Source Code
http://www.microsoft.com/msj/defaultframe.asp?page=/msj/0599/layeredservice/layeredservice.htm&nav=/msj/0599/newnav.htm

5) Example Driver Source Code / Tutorials to get you started :
http://ntdev.h1.ru/tdi_fw.html
http://www.codeproject.com/useritems/DrvFltIp.asp
http://opensource.lineo.com/cgi-bin/cvsweb/winpool/Client/win9x/driver/mattsock.c?annotate=1.1&sortby=file

6) Others
http://www.ntkernel.com/articles.shtml
http://www.microsoft.com/hwdev/tech/network/ndis5.asp
http://www.csie.nctu.edu.tw/~chjong/2/school_project/www.atage.com/

Apologies if I have put you off ;-) ... this can be great programmong fun !!!

Hope this gerts you started at least !
STeve
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
steve_hskCommented:
I forgot one :-) ...

There is a great Open Source Library for Packet Capture and Filtering where they do a lot of the work for you :-

http://winpcap.polito.it/

This come highly recommended !!!

STeve
0
LukA_YJKCommented:
Wow, thanks, STeve... and Magdalena ;)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Delphi

From novice to tech pro — start learning today.