?
Solved

Monitoring Ports

Posted on 2003-03-14
3
Medium Priority
?
755 Views
Last Modified: 2010-04-04
For give me for my poor english (the brazilian guy again)

How can I do to monitor tcp ports? I want to be notified before the port is open and, if possible, block the port if I want.
0
Comment
Question by:Noturno
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
steve_hsk earned 200 total points
ID: 8137999
Hi Noturno ...

You seem to be affectively writing a firewall. This is an extremely big task ! There are monitoring tools that will inform you of this, but programmatically this is a huge task.

For external monitoring tools see :-
http://www.sysinternals.com/ntw2k/utilities.shtml
and look for the TCPView and TDIMon utilities.

Writing a firewall is a complex process and has several options, of which I'll list a couple here :-

1) WinSock Hooking, or more preferrably a Layered Service Provider (LSP)>>
Whilst Winsock 1.0+ was commonly used, it was not uncommon for programmers to hook into this API for firewalling, tracing/logging, packet filtering, packet injection, etcetc. After Winsock 2.0 was produced, it is now preferred practice to create an LSP using the winsock2 Service Provider Interface (SPI). This will register your packet filtering, injection code with winsock itself, and allow many SPI's to co-exist. A study of Window's NT4/XP/2000 protocol Stack will show this SPI to be below Winsock.

2) Transport Driver Interface (TDI) Driver >>
A study of Window's NT4/XP/2000 protocol Stack will show the TDI layer below the Winsock SPI Layer. This involved writing a TDI driver, and registering this driver with the system. As with most drivers, it can then be interfaced with by an app or a service appropriately. For firewalling, this is preferred to the Winsock SPI, as it is lower down the protocol stack, and subsequently has less chance of being evaided.

3) Network Driver Interface Specification (NDIS) Driver >>
This is the lowest possible layer you will have access to, and subsequently is the best layer to evoke packet filtering  and firewalling processes.

NOTE : A good firewall will actually operate on all three layers, to prevent Denial of Service attacks and Internal Virus attacks.

There are also flavours of each type, and intermediate drivers to boot :-) just in case that wasn't enough already.

I don't wont to overload you with information, as this topic is huge, and certainly not one to master quickly (I'm still studying).

1) This site is great - Good overview, AND Details :
http://www.ndis.com/papers/winpktfilter.htm

2) Good Description of the Drivers :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/network/hh/network/304tovw_9vxj.asp

3) An excellant FAQ and resource site :
http://www.pcausa.com/resources/ndisfaq.htm

4) Example LSP Source Code
http://www.microsoft.com/msj/defaultframe.asp?page=/msj/0599/layeredservice/layeredservice.htm&nav=/msj/0599/newnav.htm

5) Example Driver Source Code / Tutorials to get you started :
http://ntdev.h1.ru/tdi_fw.html
http://www.codeproject.com/useritems/DrvFltIp.asp
http://opensource.lineo.com/cgi-bin/cvsweb/winpool/Client/win9x/driver/mattsock.c?annotate=1.1&sortby=file

6) Others
http://www.ntkernel.com/articles.shtml
http://www.microsoft.com/hwdev/tech/network/ndis5.asp
http://www.csie.nctu.edu.tw/~chjong/2/school_project/www.atage.com/

Apologies if I have put you off ;-) ... this can be great programmong fun !!!

Hope this gerts you started at least !
STeve
0
 
LVL 2

Expert Comment

by:steve_hsk
ID: 8138124
I forgot one :-) ...

There is a great Open Source Library for Packet Capture and Filtering where they do a lot of the work for you :-

http://winpcap.polito.it/

This come highly recommended !!!

STeve
0
 
LVL 3

Expert Comment

by:LukA_YJK
ID: 8141648
Wow, thanks, STeve... and Magdalena ;)
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question