• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 771
  • Last Modified:

Monitoring Ports

For give me for my poor english (the brazilian guy again)

How can I do to monitor tcp ports? I want to be notified before the port is open and, if possible, block the port if I want.
  • 2
1 Solution
Hi Noturno ...

You seem to be affectively writing a firewall. This is an extremely big task ! There are monitoring tools that will inform you of this, but programmatically this is a huge task.

For external monitoring tools see :-
and look for the TCPView and TDIMon utilities.

Writing a firewall is a complex process and has several options, of which I'll list a couple here :-

1) WinSock Hooking, or more preferrably a Layered Service Provider (LSP)>>
Whilst Winsock 1.0+ was commonly used, it was not uncommon for programmers to hook into this API for firewalling, tracing/logging, packet filtering, packet injection, etcetc. After Winsock 2.0 was produced, it is now preferred practice to create an LSP using the winsock2 Service Provider Interface (SPI). This will register your packet filtering, injection code with winsock itself, and allow many SPI's to co-exist. A study of Window's NT4/XP/2000 protocol Stack will show this SPI to be below Winsock.

2) Transport Driver Interface (TDI) Driver >>
A study of Window's NT4/XP/2000 protocol Stack will show the TDI layer below the Winsock SPI Layer. This involved writing a TDI driver, and registering this driver with the system. As with most drivers, it can then be interfaced with by an app or a service appropriately. For firewalling, this is preferred to the Winsock SPI, as it is lower down the protocol stack, and subsequently has less chance of being evaided.

3) Network Driver Interface Specification (NDIS) Driver >>
This is the lowest possible layer you will have access to, and subsequently is the best layer to evoke packet filtering  and firewalling processes.

NOTE : A good firewall will actually operate on all three layers, to prevent Denial of Service attacks and Internal Virus attacks.

There are also flavours of each type, and intermediate drivers to boot :-) just in case that wasn't enough already.

I don't wont to overload you with information, as this topic is huge, and certainly not one to master quickly (I'm still studying).

1) This site is great - Good overview, AND Details :

2) Good Description of the Drivers :

3) An excellant FAQ and resource site :

4) Example LSP Source Code

5) Example Driver Source Code / Tutorials to get you started :

6) Others

Apologies if I have put you off ;-) ... this can be great programmong fun !!!

Hope this gerts you started at least !
I forgot one :-) ...

There is a great Open Source Library for Packet Capture and Filtering where they do a lot of the work for you :-


This come highly recommended !!!

Wow, thanks, STeve... and Magdalena ;)

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now