Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sniffing an established port
Special Forums IP Networking Sniffing an established port Post 74593 by kapslock on Friday 10th of June 2005 03:41:28 PM
Old 06-10-2005
I guess the setup is like this:

There's a client running on a solaris box, and is receiving data.

Please note that servers specify ports they send the data on. Client don't necessarily specify the port they want to listen to the server data on.

So you may or may not know the port on which this client is receiving data.

You may want to use a portscanner like ngrep or a packet capture utility like tcpdump or ethereal to know the port on which this client is receiving data.

Although you can "see" the data using your packet capture tools, to write your own application to read that data isn't that straightforward. This however might be necessary if you want to do some special processing on the data (decrypt it, for example).

In that case, you can
1. See if you can open a socket to the actual source from which the solaris box A is receiving data.
2. See if you can write a small server program that allows you to write a client to get this data. The server program would get data from this A:B client.

Kapil Sharma
 

9 More Discussions You Might Find Interesting

1. Programming

Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know? Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies

2. Shell Programming and Scripting

Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know? Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies

3. What is on Your Mind?

Wired keyboard sniffing

Are we safe using the everyday wired keyboard? Although this concept is old, I had never seen an actual implementation on the matter until a few days ago. (Four ways of sniffing the electromagnetic emanations of wired keyboards currently on the market in up to 20 meters.) Check the videos at:... (2 Replies)
Discussion started by: redoubtable
2 Replies

4. Programming

Memory sniffing in linux

I am trying to create an application that will be able to sniff memory of other applications. I am not completely new to systems programming but I am not sure how to go about this task. I understand that accomplishing this mainly require these steps. 1: Get a list of processes 2: Find the... (2 Replies)
Discussion started by: mosey
2 Replies

5. HP-UX

[HP-UX] Established ports although LAN is disconnected.

Hi, I have a few questions. There is a CORBA connection between 2 HP-UX 11.11i hosts. Then the LAN of the 2nd host is pulled. On the 1st host all connections disappear, as expected. But on the 2nd host all connections still are present, as established. With lsof one can see that the... (2 Replies)
Discussion started by: ejdv
2 Replies

6. Solaris

Established connections causing lag?

I'm not to sure how to go about this questions, so I will just ask it and then get criticized. How many Established connections should a V440 be able to support? (4 Replies)
Discussion started by: adelsin
4 Replies

7. IP Networking

ESTABLISHED web process??

I put lsof -i -P -n into the terminal and this is the output. I believe i am being hacked?? lsof -i -P -n COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME SystemUIS 1578 melodysneed 9u IPv4 0x07d608ec 0t0 UDP *:* SystemUIS 1578 melodysneed 11u IPv4 0x0ba68810... (5 Replies)
Discussion started by: melodysneed
5 Replies

8. Red Hat

Help: Find established conn source

Hi Friends, On one of my server which having direct connection to internet without firewall ..am seeing a established connection with SSH .. am not getting how ..there no login but I can see this established connection . ## have hidden original IPs with below notations for security concerns .... (0 Replies)
Discussion started by: Shirishlnx
0 Replies

9. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

LEARN ABOUT DEBIAN

gems-client

GEMS-CLIENT(1)							gems documentation						    GEMS-CLIENT(1)

NAME

       gems-client - Show data transmitted by gems-server (1)

SYNOPSIS

       gems-client [-i] host [port]

       gems-client -h | -v

DESCRIPTION

       Connects to a computer running gems-server(1) to show in the local terminal the data transmitted, in real time.

OPTIONS

       host   Hostname or IP address where the server is running.

       port   TCP port used by the server. Default: 6666.

       -i     Ignore  server  terminal size. If this option is not supplied, gems-client disconnects itself whenever the local terminal is smaller
	      than the terminal associated to the server.

       -h     Show a short help message.

       -v     Show version information.

FUNCTION KEYS

       While gems-client is running, some keys have special functions:

       q      Quit.

       a      Enable/disable alarm blocking. When active, if the server transmits an alarm character ('a'), the client ignores it, so	the  alarm
	      does not play. This is specially useful when many clients are present in the same room, to avoid the annoying simultaneous beeps.

AUTHORS

       Diego Essaya <dessaya@fi.uba.ar>

       Emiliano Castagnari <ecastag@fi.uba.ar>

SEE ALSO

       gems-server(1), script(1)

gems								    AUGUST 2004 						    GEMS-CLIENT(1)
All times are GMT -4. The time now is 07:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy