Sniffing a port

hi all,
i am facing a problem regarding the listening on port. i want to listen the same port at which my web server is listening port no 80. how can i do this to java????
the problem is that the port is already opened and by using the datgram socket class i can not read the packets at the specified port without opening it. that is i have to open the port at which the exception comes that
java.net.bindException coz the port is already OPENED
can anybody help me
thanks

SO_REUSEADDRHow would that help when it comes to listening on the
same (tcp) port as another application is aldready
bound to?Is it another application or the same application? If it's the same application and it forks and executes a child process SO_REUSEADDR allows you to listen on the same port.

Similar Messages

  • PPPD on a serial bluetooth port

    Hello!
    My Palm can't connect to a pppd, which was bound to a serial bluetooth port. I set it up by
    "sudo /usr/sbin/pppd /dev/cu.serialport-1 115200 debug asyncmap 0" and watch the system log. How can i force OS X to redirect ppp data to that port? It worked fine a few days ago. Also tried it on my iBook without any problems. But my G5 refuses.
    THX

    Just another spying serial port utility
    http://www.hhdsoftware.com/sermon.html
    you'll find some other useful utilities at
    http://www.hhdsoftware.com
    I'm not the beneficiary
    just use the trial versions and change your machine's date when needed
    I think this is more complete and user friendly than portmon
    sorry to say that I also don't know any way to build a sniffing srial port application by LV.

  • AD SSO "unknown user" error

    Hi all,
    I've been having trouble with AD SSO on NAC deployed in L2 OOB VG mode.
    Users are getting a message that says:
    Unknown user
    Please contact your administrator if the problem persists.
    I check the event logs in the NAC Manager and it says "Unknown user via ADSSO, [MAC_ADDRESS ## IP_ADDRESS] user@DOMAIN"
    The AS SSO service is shown as "started" for the NAC Server however, running the command "netstat -a | grep 8910" at the terminal returns nothing.
    I also try an auth test to see if there was a problem with the agent but that shows up with the same "unknown user" error.
    I tried creating an LDAP authentication server with the same options as the LDAP lookup server for AD SSO and I get the same error.
    The AD SSO was working a few days ago and the System Admin says he hasn't changed anything in the domain controller. I haven't changed anything else in the NAC config except I started rolling it out to more users.
    Anyone have any idea what the problem could be?

    Hi huicab,
    The problem was that the LDAP user in the AD was in the wrong OU. I'm not the sys admin so I'm just telling you what he told me lol.
    We sniffed the port of the AD server and he realised that the credentials were being denied by AD even though no failed login attempts were logged in the system (weird =/). So he did some stuff on the user, double checked the password and all the other values and it started working. I have no clue how come it stopped working though. Now that you mention it, it was probably a security patch in the domain controller that stops users in a certian OU or outside of a certain OU from doing certain stuff. I dunno I'm really not a Windows guy but I'd recommend using Wireshark to sniff the Domain Controller's NIC at the time of the AD SSO login attempts to see what packets it gets and what reply it sends out, then you can take action from there.
    Hope this helps!
    ~ Xavier

  • DLSW and the MAC that won't bridge....

    I'm trying to migrate from a CIP attached router (7204) to an OSA card on our mainframe for our SNA connectivity. I've run into a bit of an odd problem.
    It seems I can make a connection to the MAC on the OSA card from a subnet within my data center (I've tried several), but I can't make one work from a remote location via DLSW. The same connections work to the CIP attached router. To me, it looks like I have a problem with bridging, but I'm not 100% sure. I'm tring to connect to 00096b1ade31 on SAP 4.
    I have a DLSW tunnel up and running from my remote location directly to my core switch (6509). The MAC in question is attached directly to the same core switch. I have bridging enabled on the VLAN, but I don't see the MAC in the bridge table. I do however see the MAC in the MAC address table.
    WPG6509-A#SH DLSW REA
    DLSw Local MAC address reachability cache list
    Mac Addr status Loc. port rif
    0000.836c.4278 FOUND LOCAL TBridge-001 --no rif--
    0000.c1a2.e717 FOUND LOCAL TBridge-001 --no rif--
    0002.319c.6194 FOUND LOCAL TBridge-001 --no rif--
    0002.31b8.1483 FOUND LOCAL TBridge-001 --no rif--
    0002.31b8.1576 FOUND LOCAL TBridge-001 --no rif--
    0002.31b8.20e0 FOUND LOCAL TBridge-001 --no rif--
    0002.31c6.39c7 FOUND LOCAL TBridge-001 --no rif--
    0009.6b1a.de31 SEARCHING LOCAL
    0020.00a4.5a28 FOUND LOCAL TBridge-001 --no rif--
    0070.3006.5d03 FOUND LOCAL TBridge-001 --no rif--
    4000.2216.3002 FOUND LOCAL TBridge-001 --no rif--
    4080.0000.0000 FOUND LOCAL TBridge-001 --no rif--
    DLSw Remote MAC address reachability cache list
    Mac Addr status Loc. peer
    0002.31b8.1483 FOUND REMOTE 10.89.1.2(2065)
    0009.6b1a.de31 SEARCHING REMOTE
    4000.0255.1091 SEARCHING REMOTE
    WPG6509-A#sh mac-address-table | include de31
    * 300 0009.6b1a.de31 dynamic Yes 0 Gi2/1
    WPG6509-A#
    WPG6509-A#sh run int vlan 300
    Building configuration...
    Current configuration : 282 bytes
    interface Vlan300
    description Mainframe VLAN
    ip address 10.3.1.2 255.255.255.0
    no ip redirects
    ip directed-broadcast 176
    ip route-cache flow
    ip ospf network broadcast
    standby 3 ip 10.3.1.1
    standby 3 priority 125
    standby 3 preempt
    bridge-group 1
    hold-queue 1000 in
    end
    WPG6509-A#sh run int gig 2/12
    Building configuration...
    Current configuration : 92 bytes
    interface GigabitEthernet2/12
    switchport
    switchport access vlan 300
    no ip address
    end
    Other config tidbits:
    bridge 1 protocol vlan-bridge
    WPG6509-A#sh run | include dlsw
    dlsw local-peer peer-id 10.3.4.1
    dlsw remote-peer 0 tcp 10.123.1.1
    dlsw remote-peer 0 tcp 10.89.1.2
    dlsw remote-peer 0 tcp 10.149.2.1
    dlsw icanreach sap 0 4
    dlsw bridge-group 1
    Ideas welcome!

    Hi Tom,
    The OSA has to be set up in non-QDIO mode.
    Here is a link to an IBM redbook that should help, see Chapter 7.
    http://www.redbooks.ibm.com/abstracts/sg245948.html?Open
    I assume that you have an XCA and a Switched Major Node defined for this and both are active. When you see the MAC seraching, at the router local to the OSA, there is a test frame being sent out to the OSA. If the OSA answers test, then from the "show dlsw reach", it will change to "found".
    We did have a problem where voice discovery caused a problem for the OSA, but this would prevent the link from connecting, see Bug ID CSCea90470. Sounds like this is not the case here.
    I suggest sniffing the port where the OSA is connected to see if the test frame is going out to the OSA. If so and the OSA is not answering the test, then you may have to enlist IBM support at that point.
    Jim

  • How can calculate Bandwidth for ACS packet

    Dear All !
    My network : AS5400 at remote site sent ACS information (only VoIP Accounting information: CDR-Call detail record) to Center site via IP WAN link (512k).
    How can I know how much Bandwidth need for ACS packets/ 1 call ?
    Anyone help me some idea to calculate this BW
    Thansk so much

    Hi ,
    There are many bandwidth monitor available that you can set up on acs sever. This will give you idea how much traffic is received by acs during the particular call.
    Also you can try sniffing acs port to get an rough idea about the traffic generated.
    Regards,
    ~JG

  • Oracle notification type

    Hi All,
    We have a 10.2.0.4 RAC database in linux.
    How do we know oracle notification type (database server ) support STMP or snmp?
    Thanks
    Jin

    user589812 wrote:
    Thanks for your help
    How do I know SNMP is in use on DB? as I got news that linux server support SMTP for pl/sql codes.
    Edited by: user589812 on Jun 7, 2011 8:07 AM
    >Thanks for your help
    How do I know SNMP is in use on DB?
    do packet sniffing on ports 161 & 162 to see source & destination of SNMP packets.
    as I got news that linux server support SMTP for pl/sql codes.do packet sniffing on ports 25 to see source & destination of SMTP packets.

  • Open port issues with Direct Print functionality

    Hi, I have been fighting with HP call support about the Photosmart 7525 printer.
    Originally I setup and had performed all the functions to enable both web support and WIFI.
    Within an hour the printer would not respond to wireless communication, though it had its wireless indecator showing it was connected.
    I was told by HP support that the issue will be resolved in March, as there will be a firmware update to fix the issue.
    Now that I had the printer install the new firmware I still get the issue.
    Though I found through some sniffing, that there are a number of ports enabled and open that are over and beyond print requirements.
    Funny thing I can send my printer into instant lockup with all lights flashing with a simple UDP ping sniff. I would think I can do this with other new HP printers using Eprint functions. I will find HP web based printers that are open for public printing and test my theory that HP Eprinters are open to hacking and denyal of service attempts.  My Hp print app on andriod list three in my area, and one is at my local Walmart. This would be cool to find this, as I am usually not the first to point such matters out.
    I assume some are for Apple devices to print.
    Here is my sniffing report:
    Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 07:57 Central Daylight TimeNSE: Loaded 110 scripts for scanning.NSE: Script Pre-scanning.Initiating ARP Ping Scan at 07:57Scanning 192.168.223.1 [1 port]Completed ARP Ping Scan at 07:57, 0.23s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 07:57Completed Parallel DNS resolution of 1 host. at 07:58, 16.50s elapsedInitiating SYN Stealth Scan at 07:58Scanning 192.168.223.1 [1000 ports]Discovered open port 445/tcp on 192.168.223.1Discovered open port 139/tcp on 192.168.223.1Discovered open port 80/tcp on 192.168.223.1Discovered open port 443/tcp on 192.168.223.1Discovered open port 8080/tcp on 192.168.223.1Discovered open port 9220/tcp on 192.168.223.1Discovered open port 6839/tcp on 192.168.223.1Discovered open port 631/tcp on 192.168.223.1Discovered open port 7435/tcp on 192.168.223.1Discovered open port 8089/tcp on 192.168.223.1Discovered open port 9100/tcp on 192.168.223.1Completed SYN Stealth Scan at 07:58, 1.71s elapsed (1000 total ports)Initiating UDP Scan at 07:58Scanning 192.168.223.1 [1000 ports]Discovered open port 5353/udp on 192.168.223.1Completed UDP Scan at 07:58, 1.82s elapsed (1000 total ports)Initiating Service scan at 07:58Scanning 20 services on 192.168.223.1Discovered open port 161/udp on 192.168.223.1Discovered open|filtered port 161/udp on 192.168.223.1 is actually open
    Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 07:51 Central Daylight TimeNmap scan report for 192.168.223.1Host is up (0.0025s latency).Not shown: 93 closed portsPORT     STATE SERVICE     VERSION80/tcp   open  http        HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)139/tcp  open  tcpwrapped443/tcp  open  ssl/http    HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)445/tcp  open  netbios-ssn631/tcp  open  http        HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)8080/tcp open  http        HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)9100/tcp open  jetdirect?MAC Address: A03:C1:BD:C8:34 (Unknown)Device type: printer|general purposeRunning: HP embedded, Wind River VxWorksOS CPE: cpe:/h:hp:laserjet_cm1415fnw cpe:/h:hp:laserjet_cp1525nw cpe:/h:hp:laserjet_1536dnf cpe:/o:windriver:vxworksOS details: HP LaserJet CM1415fnw, CP1525nw, or 1536dnf printer, VxWorksNetwork Distance: 1 hopService Info: Device: printer; CPE: cpe:/h:hphotosmart_7520OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 34.11 seconds

    OK now I am able to run a full scan on TCP ports without causing a lock up of the printer.
    I found that having the printer connect to a router that has been setup to use channel 5, 6 or 7 will cause port scanning issues with the printer.
    It is obvious that there are 18 ports that are seen as open, whether they are used or not. Two of which are active but have no service connected to them. Some are just dead like port 25, but over half are active enough to recieve data and lock network connectivity within the printer.
    As the firmware states some other laser jets may be affected depending on how the configuration can be set.
    I moved my routers channel to channel 1 as it is the only other option I have in a highly congested location. It is not as good as channel 6, but the printer seems to have channel 6 locked in for direct printing.
    Here is the latest full scan with UDP enabled, it is the furthest and most complete scan I am able to complete, with UDP ports enabled. The TCP port scan has a bit more and I have placed a simple list below the information given here:
    Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 13:27 Central Daylight Time
    NSE: Loaded 110 scripts for scanning.
    NSE: Script Pre-scanning.
    Initiating ARP Ping Scan at 13:27
    Scanning 192.168.1.211 [1 port]
    Completed ARP Ping Scan at 13:27, 0.44s elapsed (1 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 13:27
    Completed Parallel DNS resolution of 1 host. at 13:27, 0.03s elapsed
    Initiating SYN Stealth Scan at 13:27
    Scanning 192.168.1.211 [1000 ports]
    Discovered open port 443/tcp on 192.168.1.211
    Discovered open port 80/tcp on 192.168.1.211
    Discovered open port 139/tcp on 192.168.1.211
    Discovered open port 8080/tcp on 192.168.1.211
    Discovered open port 445/tcp on 192.168.1.211
    Discovered open port 631/tcp on 192.168.1.211
    Discovered open port 9100/tcp on 192.168.1.211
    Discovered open port 7435/tcp on 192.168.1.211
    Discovered open port 9220/tcp on 192.168.1.211
    Discovered open port 6839/tcp on 192.168.1.211
    Completed SYN Stealth Scan at 13:27, 5.25s elapsed (1000 total ports)
    Initiating UDP Scan at 13:27
    Scanning 192.168.1.211 [1000 ports]
    Discovered open port 137/udp on 192.168.1.211
    Completed UDP Scan at 13:27, 4.46s elapsed (1000 total ports)
    Initiating Service scan at 13:27
    Scanning 16 services on 192.168.1.211
    Discovered open port 161/udp on 192.168.1.211
    Discovered open|filtered port 161/udp on 192.168.1.211 is actually open
    Completed Service scan at 13:29, 82.51s elapsed (17 services on 1 host)
    Initiating OS detection (try #1) against 192.168.1.211
    NSE: Script scanning 192.168.1.211.
    Initiating NSE at 13:29
    Completed NSE at 13:30, 82.29s elapsed
    Nmap scan report for 192.168.1.211
    Host is up (0.023s latency).
    Not shown: 1983 closed ports
    PORT     STATE         SERVICE      VERSION
    80/tcp   open          http         HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
    |_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
    | http-methods: GET POST PUT DELETE
    | Potentially risky methods: PUT DELETE
    |_See http://nmap.org/nsedoc/scripts/http-methods.html
    |_http-title: Site doesn't have a title (text/html).
    139/tcp  open          tcpwrapped
    443/tcp  open          ssl/http     HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
    |_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
    | http-methods: GET POST PUT DELETE
    | Potentially risky methods: PUT DELETE
    |_See http://nmap.org/nsedoc/scripts/http-methods.html
    |_http-title: Site doesn't have a title (text/html).
    | ssl-cert: Subject: commonName=HPPS7525/organizationName=HP/stateOrProvinceName=Washington/countryName=US
    | Issuer: commonName=HPPS7525/organizationName=HP/stateOrProvinceName=Washington/countryName=US
    | Public Key type: rsa
    | Public Key bits: 1024
    | Not valid before: 2014-02-25T10:12:24+00:00
    | Not valid after:  2034-02-20T10:12:24+00:00
    | MD5:   9144 ca3b 557e 09cc aba0 8387 2732 2375
    |_SHA-1: a6b2 95c0 b72a 7201 578c 32de 662a e6fe b082 48ca
    |_ssl-date: 2014-03-21T13:30:09+00:00; -4h59m12s from local time.
    445/tcp  open          netbios-ssn
    631/tcp  open          http         HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
    | http-methods: GET POST PUT DELETE
    | Potentially risky methods: PUT DELETE
    |_See http://nmap.org/nsedoc/scripts/http-methods.html
    6839/tcp open          tcpwrapped
    7435/tcp open          tcpwrapped
    8080/tcp open          http         HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
    |_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
    | http-methods: GET POST PUT DELETE
    | Potentially risky methods: PUT DELETE
    |_See http://nmap.org/nsedoc/scripts/http-methods.html
    |_http-title: Site doesn't have a title (text/html).
    9100/tcp open          jetdirect?
    9220/tcp open          hp-gsg       HP Generic Scan Gateway 1.0
    137/udp  open          netbios-ns   Samba nmbd (workgroup: HPPS7525)
    138/udp  open|filtered netbios-dgm
    161/udp  open          snmp         SNMPv1 server (public)
    | snmp-hh3c-logins:
    |_  baseoid: 1.3.6.1.4.1.25506.2.12.1.1.1
    | snmp-interfaces:
    |   Wifi0
    |     IP address: 192.168.1.211  Netmask: 255.255.255.0
    |     MAC address: a0:d3:c1:bd:c8:32 (Unknown)
    |     Type: ethernetCsmacd  Speed: 10 Mbps
    |     Status: up
    |_    Traffic stats: 6.16 Mb sent, 3.43 Mb received
    | snmp-netstat:
    |   TCP  0.0.0.0:7435         0.0.0.0:0
    |   TCP  192.168.1.211:56076  15.201.145.52:5222
    |   UDP  0.0.0.0:3702         *:*
    |   UDP  127.0.0.1:666        *:*
    |_  UDP  192.168.223.1:67     *:*
    | snmp-sysdescr: HP ETHERNET MULTI-ENVIRONMENT
    |_  System uptime: 0 days, 3:34:23.28 (1286328 timeticks)
    | snmp-win32-shares:
    |_  baseoid: 1.3.6.1.4.1.77.1.2.27
    1022/udp open|filtered exp2
    1023/udp open|filtered unknown
    3702/udp open|filtered ws-discovery
    5355/udp open|filtered llmnr
    MAC Address: A03:C1:BD:C8:32 (Unknown)
    Device type: general purpose
    Running: Wind River VxWorks
    OS CPE: cpe:/o:windriver:vxworks
    OS details: VxWorks
    Uptime guess: 0.150 days (since Fri Mar 21 09:55:04 2014)
    Network Distance: 1 hop
    TCP Sequence Prediction: Difficulty=255 (Good luck!)
    IP ID Sequence Generation: Busy server or unknown class
    Service Info: Hosts: HPA0D3C1BDC832, HPPS7525; Device: printer; CPE: cpe:/h:hphotosmart_7520
    Host script results:
    | nbstat:
    |   NetBIOS name: HPA0D3C1BDC832, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
    |   Names
    |     HPA0D3C1BDC832<00>   Flags: <unique><active><permanent>
    |     MSHOME<00>           Flags: <group><active><permanent>
    |     HPA0D3C1BDC832<20>   Flags: <unique><active><permanent>
    |     HPPS7525<00>         Flags: <unique><active><permanent>
    |_    HPPS7525<20>         Flags: <unique><active><permanent>
    | smb-security-mode:
    |   Account that was used for smb scripts: guest
    |   User-level authentication
    |   SMB Security: Challenge/response passwords supported
    |_  Message signing disabled (dangerous, but default)
    TRACEROUTE
    HOP RTT      ADDRESS
    1   23.26 ms 192.168.1.211
    NSE: Script Post-scanning.
    Read data files from: F:\Progs\Nmap
    OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 180.90 seconds
               Raw packets sent: 2030 (74.829KB) | Rcvd: 2921 (149.377KB)
    +++++++++++++++++++++++++++++++++++++++++++++++++++++===
    Full TCP port scan without UDP scanning of all ports, showing up as open... * designates open and active.
    192.168.223.1Discovered open port 25/tcp on
    *192.168.223.1Discovered open port 80/tcp on
    *192.168.223.1Discovered open port 110/tcp on
    *192.168.223.1Discovered open port 119/tcp on
    *192.168.223.1Discovered open port 139/tcp on
    192.168.223.1Discovered open port 143/tcp on
    *192.168.223.1Discovered open port 443/tcp on
    *192.168.223.1Discovered open port 445/tcp on
    192.168.223.1Discovered open port 465/tcp on
    192.168.223.1Discovered open port 563/tcp on
    192.168.223.1Discovered open port 587/tcp on
    *192.168.223.1Discovered open port 631/tcp on
    192.168.223.1Discovered open port 993/tcp on
    192.168.223.1Discovered open port 995/tcp on
    *192.168.223.1Discovered open port 7435/tcp on
    *192.168.223.1Discovered open port 6839/tcp on
    *192.168.223.1Discovered open port 8080/tcp on
    192.168.223.1Discovered open port 8089/tcp on
    *192.168.223.1Discovered open port 9100/tcp on
    *192.168.223.1Discovered open port 9220/tcp on

  • Can you configure a static port to use with certsrv.msc?

    I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
    I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
    http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
    The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall
    showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
    I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port?  I am trying to avoid having tens of thousands of network ports wide open going to my
    CA...  Thanks in advance!

    Hi Steve,
    I am sorry that I wasn’t able to find references about restricting certificate services only use one port in the random port range.
    However, we can configure RPC dynamic ports allocation to restrict port range. In the meantime, we should keep at least 100 ports open to keep necessary system services running.
    More information for you:
    How to configure RPC dynamic port allocation to work with firewalls
    http://support.microsoft.com/kb/154596/en-us
    Service overview and network port requirements for Windows
    http://support.microsoft.com/kb/832017/en-au
    Firewall Rules for Active Directory Certificate Services
    http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
    Best Regards,
    Amy Wang

  • Help with connecting to NIST NTP server on port 123

    I can get NIST time in Daytime format using the rt_nist_date_time.llb example posted on ni.com, but I cannot connect to NIST NTP format time data using port 123.  I freely admit to being over my head with this stuff, and have spent much of this Thanksgiving holiday reading about UDP and TCP.
    The attached vi summarizes what I've tried so far.  The UDP case is what I thought would work, but I can't come up with a network address that the UDP-open vi likes.  Can anyone out there help this n00b tell the time?
    The attached file is supposed to be in 8.0 format, although I'm working in 9.0
    Here is a link discussing the time formats: http://tf.nist.gov/service/its.htm 
    Jeff 
    Solved!
    Go to Solution.
    Attachments:
    UDP.vi ‏17 KB

    jstevens wrote:
    THANK YOU!!!  I don't think I ever would have come up with connecting the web address to a Read or Write UDP rather than the Open UDP block.  Not to mention starting by opening port zero.
    Unlike TCP, UDP is a connectionless protocol. Here's a quick explanation in different words.
    A udp packet travels from a [sourceIP, sourcePort] to a [DestinationIP, destinationPort].
    UDP open basically reserves a local port used for sending (soucePort) and receiving (incoming packet with that same destinationPort). Since some local ports are always in use, you would generate an error if you would accidentally pick a used port. Picking zero is useful for requests (as in this case!), because the OS will pick an unused ephemeral port. The actual source port number does not matter because the NTP server will just send the reply packet back to whatever port it came from. (If you would write your own NTP server in LabVIEW, you would of course need to set the local port to 123, and would get a conflict if another NTP server is already running on your rig). Writing an NTP server in LabVIEW would be a trivial modification to the current code, try it! . Simply listen for packets on port 123, form a response packet based on the timestamp, and send it to whatever IP/Port it came from (that info is available from udp read) and then go back to listen for new requests.).
    UDP write sends a packet to the server using the above opened local port as source port. You can use the same connectionID to write to several other servers and ports, because UDP is connectionless. (TCP is connection based, so a TCP connection involves a defined source/destination pair)
    UDP read listens for incoming packets from all over the world at that same local port. It is very unlikely, but theoretically possible that other UDP packets will arrive at that same port, so you could even filter to make sure to read incoming packets until they match the port and IP of the original request. The current code is somewhat vulnerable to a DOS (denial of service) attack for example as follows: Imagine the guy in the next cubicle had means of sniffing your network traffic. He could write a small program that looks for your NTP requests and then immediately starts flooding your IP with meaningless UDP packets to the sourcePort you just used. The current program only reads one packet and thus will never see the return packet from the NTP server.
    UDP close frees up the local port and the computer is now no longer listening for packets on that port. Of course you could keep the port open for the duration of the program, especially if you intend to send UDP request once in a while during execution.
    Makes sense?
    LabVIEW Champion . Do more with less code and in less time .

  • ACE VIP OK HTTP, NOK other TCP port

    Hi,
    we are having issues in configuring load balancing for a TCP port. For HTTP it's working without issues and we have the ACE also balancing for other TCP ports.
    Here goes the relevant config:
    probe http PROBE-HTTP
      interval 5
      passdetect interval 2
      passdetect count 1
      request method get url /idc/
      expect status 200 200
    probe tcp PROBE-TCP
      port 4444
      interval 5
      passdetect interval 10
    rserver host PRD1
      ip address 10.10.10.1
      inservice
    rserver host PRD2
      ip address 10.10.10.2
      inservice
    serverfarm host SF-HTTP
      probe PROBE-HTTP
      rserver PRD1 80
        inservice
      rserver PRD2 80
        inservice
    serverfarm host SF-TCP
      probe PROBE-TCP
      rserver PRD1 4444
        inservice
      rserver PRD2 4444
        inservice
    sticky ip-netmask 255.255.255.255 address source SC-IP-PRD-HTTP
      timeout 10
      serverfarm SF-HTTP
    class-map match-all NAT-VIP-HTTP
      2 match virtual-address 10.10.35.1 any
    class-map match-all NAT-VIP-TCP
      2 match virtual-address 10.10.35.1 tcp eq 4444
    policy-map type loadbalance first-match LB-VIP-HTTP
      class class-default
        sticky-serverfarm SC-IP-PRD-HTTP
        insert-http x-forward header-value "%is"
    policy-map type loadbalance first-match LB-NAT-VIP-TCP
      class class-default
        serverfarm SF-TCP
    policy-map multi-match POLICY-RSERVER-VIP
      class NAT-VIP-TCP
        loadbalance vip inservice
        loadbalance policy LB-NAT-VIP-TCP
        loadbalance vip icmp-reply active
        nat dynamic 1 vlan 200
      class NAT-VIP-HTTP
        loadbalance vip inservice
        loadbalance policy LB-VIP-HTTP
        loadbalance vip icmp-reply active
        nat dynamic 1 vlan 200
    interface vlan 200
      description SERVER-SIDE
      ip address 10.10.14.2 255.255.255.0
      alias 10.10.14.1 255.255.255.0
      peer ip address 10.10.14.3 255.255.255.0
      access-group input EVERYONE
      nat-pool 1 10.10.4.6 10.10.4.6 netmask 255.255.255.255 pat
      service-policy input AllowICMP
      service-policy input POLICY-RSERVER-VIP
      no shutdown
    The probe are OK, but nothing seems to get to the VIP:
    ACE/CTX# show probe PROBE-TCP
    probe       : PROBE-TCP
    type        : TCP
    state       : ACTIVE
       port      : 4444    address     : 0.0.0.0         addr type  : -
       interval  : 5       pass intvl  : 10              pass count : 3
       fail count: 3       recv timeout: 10
                           --------------------- probe results --------------------
       probe association   probed-address  probes     failed     passed     health
       ------------------- ---------------+----------+----------+----------+-------
       serverfarm  : SF-TCP
         real      : PRD1[4444]
                           10.10.10.1     8853       1          8852       SUCCESS
         real      : PRD2[4444]
                           10.10.10.2     8853       1          8852       SUCCESS
    ACE/CTX# show serverfarm SF-TCP detail
    serverfarm     : SF-TCP, type: HOST
    total rservers : 2
    active rservers: 2
    description    : -
    state          : ACTIVE
    predictor      : ROUNDROBIN
    failaction     : -
    back-inservice    : 0
    partial-threshold : 0
    num times failover       : 0
    num times back inservice : 1
    total conn-dropcount : 0
    Probe(s) :
        PROBE-TCP,  type = TCP
                                                    ----------connections-----------
           real                  weight state        current    total      failures
       ---+---------------------+------+------------+----------+----------+---------
       rserver: PRD1
           10.10.10.1:4444      8      OPERATIONAL  0          0          0
             max-conns            : -         , out-of-rotation count : -
             min-conns            : -
             conn-rate-limit      : -         , out-of-rotation count : -
             bandwidth-rate-limit : -         , out-of-rotation count : -
             retcode out-of-rotation count : -
             load value           : 0
       rserver: PRD2
           10.10.10.2:4444      8      OPERATIONAL  0          0          0
             max-conns            : -         , out-of-rotation count : -
             min-conns            : -
             conn-rate-limit      : -         , out-of-rotation count : -
             bandwidth-rate-limit : -         , out-of-rotation count : -
             retcode out-of-rotation count : -
             load value           : 0
    ACE/CTX# show service-policy POLICY-RSERVER-VIP
    Status     : ACTIVE
    Interface: vlan 1 200
      service-policy: POLICY-RSERVER-VIP
        class: NAT-VIP-TCP
          nat:
            nat dynamic 1 vlan 200
            curr conns       : 0         , hit count        : 0
            dropped conns    : 0
            client pkt count : 0         , client byte count: 0
            server pkt count : 0         , server byte count: 0
            conn-rate-limit      : 0         , drop-count : 0
            bandwidth-rate-limit : 0         , drop-count : 0
          loadbalance:
            L7 loadbalance policy: LB-NAT-VIP-TCP
            VIP ICMP Reply       : ENABLED-WHEN-ACTIVE
            VIP State: INSERVICE
            curr conns       : 0         , hit count        : 0
            dropped conns    : 0
            client pkt count : 0         , client byte count: 0
            server pkt count : 0         , server byte count: 0
            conn-rate-limit      : 0         , drop-count : 0
            bandwidth-rate-limit : 0         , drop-count : 0
          compression:
            bytes_in  : 0
            bytes_out : 0
    I see a lot of this messages in the logging of the ACE:
    show logging | i 4444
    22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
    22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
    22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
    22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
    22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
    22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
    show logging | i 4444
    22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
    22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
    22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
    22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
    22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
    22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
    The client request it's going trough an ASA, in the ASA side I see that the TCP connection it' half-open with SAaB flags. It seems that the VIP never replies with SYN+ACK to the ASA...
    Thank you.
    Best regards

    Hi Norberto,
    The log messages you are getting are most probably the probe connections and not a failure, looking to them you will see your ACE is establishing TCP connection on 4444 then it will teardown the connection with FIN which is expected since you are using TCP keepalives.
    I would recommend to go back and define the problem exactly, what are you exteriancing when you try to telnet on port 4444 toward the VIP from the client?
    Run sniffing software on the client, the server and enable capture on ACE and ASA will give you exact idea what you are experiencing.
    Note: The ASA and the ACE has great capture feature which will show you exactly the packet flows.
    Note: Since you are applying NAT on the client requests, you should see the NATed IP address on the server capture.
    Note: With L4 load balancing the ACE is not spoofing the clients' request, it just forward the SYN, SYN+ACK and ACK between the server and the client.
    Let me know if you have any other questions.
    Best regards,
    Ahmad

  • Node redirects to self with incorrect port

    Hi!
    Here is a RAC (11.2.0), with 3 SCAN IP addresses (A1, A2, A3) and nodes N1 and N2. Node n1 is mapped to A1 and A2, while N2 to A3.
    When connecting to the SCAN hostname (or any of the addresses directly), most of the times everything is ok. But sometimes as I see in sniffing, I get a TNS Redirect to a new HOST+PORT.
    Now, what is interesting, that from N1 the redirection is to N1:XYZ (yes, the same machine), and from N2 to N2:DEF. After listing open ports, I can see that
    N1:DEF is bound by the process ora_d000 on TCP, while N2:XYZ is also bound by the process on the other machine.
    That is, in the redirect I somehow get redirected to the wrong machine, since the IP and the PORT of the instances are mixed. Some questions:
    1) Is it normal to redirect to a port non-1521? DEF and XYZ are high ports, seemingly random.
    2) What controls if I get redirected or not? Is this connection load balancing?
    3) What could cause the symptom? What config options should I look into and where to resolve the correct machines/ports on redirect?
    Pretty new to Oracle, so please don't assume much knowledge. Thanks!
    Ron

    After taking tcpdump both on client and the nodes, I discovered the following:
    When connecting to N1, the redirect message it sends, captured:
    - On the server-side: HOST:PORT=N2:<port for N2>
    - On the client-side: HOST:PORT=<ip-address of N1>:<port of N2>
    Maybe there is an application-level firewall sitting between the node and the client, which mis-translates the message?

  • Mail SMTP port problems.

    This is driving me nuts.
    Send an email, it fails and Mail pops up a question on which SMTP server to use.  I choose "Edit SMTP Server List". 
    Select "Advanced".  My port is already using "Use Custom Port" set to 25.  Yes, I know that is offered in the default, but it won't work.  I select the default and close.  Try to send the mail and it fails as before.  I then set it back to custom port 25 and it works.  ARRRGHH!!!!
    I've deleted and reinstalled the SMTP server multiple times and I get a month or so of peace before this BS starts all over.
    This all started when my ISP (Mountain Cable) got bought out by Shaw.  That may be a coincidence or the problem. 
    Any ideas?
    A solution to this will earn my eternal grattitude and reams of good kharma.

    I wish it was just a matter of the right settings in the mail client. However, I was working with another NOC engineer and one of our IP admins for hours, testing every possible setting in Mac Mail, Entourage and Thunderbird. Using SSL, Password authentication, SPA off, port 537, it works on Outlook Express and Thunderbird for Windows. Using the exact same settings, no mail client works on the Mac. That's why we reached the point of creating a custom configuration file on a modem, packet sniffing at each point in the connection and monitoring the SMTP logs... to make sure there wasn't something on our network that was interfering with Mac's that would not affect Windows.
    It's not just a matter of getting the mail client settings correct, otherwise the exact same settings that work for OE would work in Entourage, and the exact same settings that work for Thunderbird for Windows would work in Thunderbird for Mac.
    Thunderbird for Mac was the most helpful in trying to track this down, because it said that the server did not accept the authentication request. However, the SMTP server shows that no attempt for authentication from a Mac even reached the server, and as far as we can tell, the attempt at password authentication on port 537 never even left the Mac and reached the router or modem, for any mail client used.

  • How to search/Scan Vlan of cisco switch ports

    Can any one tell me how i can scan/search vlans of cisco switch port through any monitoring tool (orion/solarwinds).
    Consider this scenario as i have no access to switch and i want to know below things:
    1-Vlans created on switch?
    2-which switch port belongs to which vlan id?
    Thanks

    Hi,
    You can do it only with hub in between and also please note that when sniffing with Wireshark on Windows the OS would remove VLAN tag so you may need to use Linux machine.
    Regards,
    Aleksandra

  • Binding two outgoing sockets to same local port

    I need to bind two outgoing socket connections to the same local port.
    I cannot figure out how to do this. I know it can be done in C.
    Ex:
    Socket s = new Socket(host,1080,inetaddr,20);
    Socket s2 = new Socket(host,1081,inetaddr,20);
    Java does not seem to allow this. This however is required by the FTP protocol. The FTP server must bind all outgoing connections in response to a PORT command to the servers own local port 20. Some firewalls require this unless you add a bunch of manual rules.
    Packet sniffing verifies that C++ FTP servers are doing this...so how can this be done in Java?

    Below is a packet sniff from two servers. I used serve-u vs. my own CrushFTP. Serve-u isn't the only server to do this though. I don't really want to argue about whether this is the proper thing in the FTP protocol or not. I just want to know if I can do the equivalent that a "C" server is doing. Notice the lines in bold. They show the directory listing connection for both servers. Serve-u attaches the connection from its local ftp_data (20) port. CrushFTP does not (obviously since I am asking how to do it). I can bind one...but the next one will fail until the previous socket has closed. Other FTP servers work the same way such as wu-ftpd.
    Is it possible to bind multiple sockets to the same port 20 as a source port?
    Serve-U
    [TCPPacket: 192.168.2.33.51723 -> 192.168.2.73.ftp ack[0xa1836c94] psh l=32,26]
    PORT 192,168,2,33,202,19
    [TCPPacket: 192.168.2.73.ftp -> 192.168.2.33.51723 ack[0x56da32f5] psh l=32,21]
    200 PORT Command OK
    [TCPPacket: 192.168.2.33.51723 -> 192.168.2.73.ftp ack[0xa1836ca9] psh l=32,6]
    LIST
    [TCPPacket: 192.168.2.73.ftp_data -> 192.168.2.33.51731 syn[0xa19db871] l=28,0]
    [TCPPacket: 192.168.2.73.ftp -> 192.168.2.33.51723 ack[0x56da32fb] psh l=32,29]
    150 Opening data connection
    [TCPPacket: 192.168.2.33.51731 -> 192.168.2.73.ftp_data ack[0xa19db872] syn[0x61b8b2f4] l=24,0]
    [TCPPacket: 192.168.2.73.ftp_data -> 192.168.2.33.51731 ack[0x61b8b2f5] l=20,0]
    [TCPPacket: 192.168.2.73.ftp_data -> 192.168.2.33.51731 ack[0x61b8b2f5] psh l=20,262]
    total 4
    drwxr-xr-x 1 User Group 0 Jan 23 2004 bridged
    -rwxr-xr-x 1 User Group 3282 Feb 2 08:48 e_boa.txt
    drwxr-xr-x 1 User Group 0 Jan 24 14:57 log
    drwxr-xr-x 1 User Group 0 Jan 23 2004 report
    [TCPPacket: 192.168.2.73.ftp_data -> 192.168.2.33.51731 ack[0x61b8b2f5] fin l=20,0]
    [TCPPacket: 192.168.2.33.51731 -> 192.168.2.73.ftp_data ack[0xa19db979] l=20,0]
    [TCPPacket: 192.168.2.33.51731 -> 192.168.2.73.ftp_data ack[0xa19db979] fin l=20,0]
    [TCPPacket: 192.168.2.73.ftp_data -> 192.168.2.33.51731 ack[0x61b8b2f6] l=20,0]
    [TCPPacket: 192.168.2.33.51723 -> 192.168.2.73.ftp ack[0xa1836cc6] l=32,0]
    [TCPPacket: 192.168.2.73.ftp -> 192.168.2.33.51723 ack[0x56da32fb] psh l=32,23]
    226 Transfer complete
    CrushFTP
    [TCPPacket: 192.168.2.33.51771 -> 192.168.2.73.ftp ack[0xa60c614a] psh l=32,26]
    PORT 192,168,2,33,202,60
    [TCPPacket: 192.168.2.73.ftp -> 192.168.2.33.51771 ack[0x17e2592a] psh l=32,50]
    200 PORT command successful. 192.168.2.33:51772.
    [TCPPacket: 192.168.2.33.51771 -> 192.168.2.73.ftp ack[0xa60c617c] psh l=32,6]
    LIST
    [TCPPacket: 192.168.2.73.ftp -> 192.168.2.33.51771 ack[0x17e25930] l=32,0]
    [TCPPacket: 192.168.2.73.4606 -> 192.168.2.33.51772 syn[0xa613d0a8] l=28,0]
    [TCPPacket: 192.168.2.33.51772 -> 192.168.2.73.4606 ack[0xa613d0a9] syn[0x31c7b037] l=24,0]
    [TCPPacket: 192.168.2.73.4606 -> 192.168.2.33.51772 ack[0x31c7b038] l=20,0]
    [TCPPacket: 192.168.2.73.ftp -> 192.168.2.33.51771 ack[0x17e25930] psh l=32,44]
    150 Opening data connection for file list.
    [TCPPacket: 192.168.2.73.4606 -> 192.168.2.33.51772 ack[0x31c7b038] psh l=20,199]
    drwxrwxrwx 1 user group 0 Feb 04 07:46 LOYALTY
    drwxrwxrwx 1 user group 0 Feb 04 07:46 ATS
    drwxrwxrwx 1 user group 0 Feb 04 07:46 C:\
    [TCPPacket: 192.168.2.73.4606 -> 192.168.2.33.51772 ack[0x31c7b038] fin l=20,0]
    [TCPPacket: 192.168.2.33.51771 -> 192.168.2.73.ftp ack[0xa60c61a8] l=32,0]
    [TCPPacket: 192.168.2.73.ftp -> 192.168.2.33.51771 ack[0x17e25930] psh l=32,34]
    226 Directory transfer complete.

  • How to force dg4msql to use a specific port

    I've configured an Oracle Database Gateway (Linux RHEL 5) to connect to my SQL Server boxes, but have a host based firewall (on the Linux box) in between them. Sniffing shows that the communication to port 1433 comes from a range of port numbers on the Linux box. Is there a way to force 'dg4msql' to only use a specific port?
    Removing the host based firewall is not an option, nor is opening up total communication between the two machines. Hopefully 'dg4msql' can be configured to use a specific port.

    Hi,
    It isn't possible to configure the gateway to onlyuse specific ports.
    This is not just a gateway issue but the way that SQL*Net works and you should see the same problem connecting from one Oracle database to another through a firewall.
    The only workround is to use a firewall which is SQL*Net compliant or a firewall which will limit the number of ports to a certain application.
    You could also review this note -
    Oracle and Firewalls: Answers to Frequently Asked Questions (Doc ID 2084440.6)
    Regards,
    Mike
    Edited by: mkirtley on Mar 2, 2010 8:45 AM

Maybe you are looking for

  • How to change default contact in iCloud?

    For a long time my wife and I shared an Apple account. The account was linked to my contact details. I have since started using my own Apple account so that my contacts and calendars can be separate from hers. When I set up my own Apple account and i

  • Edit in transactional screen

    In my .jspx page i am using master form and detail form ( forms data control palette as master-detail ---->master form detail form ) As my requirment is when i am giving the entry in master form then only it should fetch the all the data from DB (mas

  • Why is every phone call messed up with speaker or mute buttons?

    Every time I get a phone call on my white iPhone 4, I hit with my cheek the mute or speaker button. Can anyone help me before I return this phone?

  • How to register InfoView licenses as the incremental purchase?

    Hi all, I am in charge of the report development for an internal project by Business Object XIR2 for the company and get confused about how to register the product keys for more InfoView users. There are a number of InfoView users for the next releas

  • Component Hierarchy RSA9 and DataSources RSA5

    Hi Gurus, I'm a little confused about configuration of source system... In development ERP I have activated Component Hierarchy using RSA9 and also installed Business Content Extractors - RSA5 - All works fine. But Now I want to transfer this setting