Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sniffing an established port
Special Forums IP Networking Sniffing an established port Post 74593 by kapslock on Friday 10th of June 2005 03:41:28 PM
Old 06-10-2005
I guess the setup is like this:

There's a client running on a solaris box, and is receiving data.

Please note that servers specify ports they send the data on. Client don't necessarily specify the port they want to listen to the server data on.

So you may or may not know the port on which this client is receiving data.

You may want to use a portscanner like ngrep or a packet capture utility like tcpdump or ethereal to know the port on which this client is receiving data.

Although you can "see" the data using your packet capture tools, to write your own application to read that data isn't that straightforward. This however might be necessary if you want to do some special processing on the data (decrypt it, for example).

In that case, you can
1. See if you can open a socket to the actual source from which the solaris box A is receiving data.
2. See if you can write a small server program that allows you to write a client to get this data. The server program would get data from this A:B client.

Kapil Sharma
 

9 More Discussions You Might Find Interesting

1. Programming

Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know? Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies

2. Shell Programming and Scripting

Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know? Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies

3. What is on Your Mind?

Wired keyboard sniffing

Are we safe using the everyday wired keyboard? Although this concept is old, I had never seen an actual implementation on the matter until a few days ago. (Four ways of sniffing the electromagnetic emanations of wired keyboards currently on the market in up to 20 meters.) Check the videos at:... (2 Replies)
Discussion started by: redoubtable
2 Replies

4. Programming

Memory sniffing in linux

I am trying to create an application that will be able to sniff memory of other applications. I am not completely new to systems programming but I am not sure how to go about this task. I understand that accomplishing this mainly require these steps. 1: Get a list of processes 2: Find the... (2 Replies)
Discussion started by: mosey
2 Replies

5. HP-UX

[HP-UX] Established ports although LAN is disconnected.

Hi, I have a few questions. There is a CORBA connection between 2 HP-UX 11.11i hosts. Then the LAN of the 2nd host is pulled. On the 1st host all connections disappear, as expected. But on the 2nd host all connections still are present, as established. With lsof one can see that the... (2 Replies)
Discussion started by: ejdv
2 Replies

6. Solaris

Established connections causing lag?

I'm not to sure how to go about this questions, so I will just ask it and then get criticized. How many Established connections should a V440 be able to support? (4 Replies)
Discussion started by: adelsin
4 Replies

7. IP Networking

ESTABLISHED web process??

I put lsof -i -P -n into the terminal and this is the output. I believe i am being hacked?? lsof -i -P -n COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME SystemUIS 1578 melodysneed 9u IPv4 0x07d608ec 0t0 UDP *:* SystemUIS 1578 melodysneed 11u IPv4 0x0ba68810... (5 Replies)
Discussion started by: melodysneed
5 Replies

8. Red Hat

Help: Find established conn source

Hi Friends, On one of my server which having direct connection to internet without firewall ..am seeing a established connection with SSH .. am not getting how ..there no login but I can see this established connection . ## have hidden original IPs with below notations for security concerns .... (0 Replies)
Discussion started by: Shirishlnx
0 Replies

9. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

LEARN ABOUT DEBIAN

xpaset

xpaset(3)							SAORD Documentation							 xpaset(3)

NAME

       XPASet -  send data to one or more XPA servers

SYNOPSIS

	 #include <xpa.h>

	 int XPASet(XPA xpa,
		    char *template, char *paramlist, char *mode,
		    char *buf, int len, char **names, char **messages,
		    int n);

DESCRIPTION

       Send data to one or more XPA servers whose class:name identifier matches the specified template.

       A template of the form "class1:name1" is sent to the XPA name server, which returns a list of at most n matching XPA servers.  A connection
       is established with each of these servers and the paramlist string is passed to the server as the data transfer request is initiated. If an
       XPA struct is passed to the call, the persistent connections are updated as described above. Otherwise, temporary connections are made to
       the servers (which will be closed when the call completes).

       The XPASet() routine transfers data from buf to the XPA servers.  The length of buf (in bytes) should be placed in the len variable.

       A string containing the class:name and ip:port of each of these server is returned in the name array.  If a given server returned an error
       or the server callback sends a message back to the client, then the message will be stored in the associated element of the messages array.
       NB: if specified, the name and messages arrays must be of size n or greater.

       The returned message string will be of the form:

	 XPA$ERROR   [error] (class:name ip:port)

       or

	 XPA$MESSAGE [message] (class:name ip:port)

       The return value will contain the actual number of servers that were processed.	This value thus will hold the number of valid entries in
       the names and messages arrays, and can be used to loop through these arrays.  In names and/or messages is NULL, no information is passed
       back in that particular array.

       The mode string is of the form: "key1=value1,key2=value2,..."  The following keywords are recognized:

	 key	       value	       default	       explanation
	 ------        --------        --------        -----------
	 ack	       true/false      true	       if false, don't wait for ack from server (after callback completes)
	 verify        true/false      false	       send buf from XPASet[Fd] to stdout
	 doxpa	       true/false      true	       client processes xpa requests

       The ack keyword is useful in cases where one does not want to wait for the server to complete, e.g. if a lot of processing needs to be done
       by the server on the passed data or when the success of the server operation is not relevant to the client.

       Normally, an XPA client will process incoming XPA server requests while awaiting the completion of the client request.  Setting this vari-
       able to "false" will prevent XPA server requests from being processed by the client.

       Example -

	 #include <xpa.h>

	 #define NXPA 10
	 int  i, got;
	 int  len;
	 char *buf;
	 char *names[NXPA];
	 char *messages[NXPA];
	 ...
	 [fill buf with data and set len to the length, in bytes, of the data]
	 ...
	 /* send data to all access points */
	 got = XPASet(NULL, "ds9", "fits", NULL, buf, len, names, messages, NXPA);
	 /* error processing */
	 for(i=0; i<got; i++){
	   if( messages[i] ){
	     fprintf(stderr, "ERROR: %s (%s)
", messages[i], names[i]);
	   }
	   if( names[i] )    free(names[i]);
	   if( messages[i] ) free(messages[i]);
	 }

SEE ALSO

       See xpa(7) for a list of XPA help pages

version 2.1.14							   June 7, 2012 							 xpaset(3)
All times are GMT -4. The time now is 07:03 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy