hello, everyone.
wishes you happy holiday.
Several Internet protocols has their own default ports. ie:
HTTP uses port 80 (decimal)
FTP uses port 21 (decimal).
Telnet uses port 23(decimal) (win98)
in windows xp:
Telnet uses port ???(decimal)
regards
As you said, Telnet uses port 23(decimal). Windows version has nothing to do with
what port is used for a particular protocol.
thanks anon.
ok, That's right.
:U
here, there has a proc that I learned how kill a Ip connection. It downloaded from www.madwizard.com. but after ran. I have used a sniffer soft to find that Ip connection is existing. what's error with my usage?
;@echo off
;goto make
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, STDCALL
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include \masm32\include\windows.inc
include \masm32\include\masm32.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
include \masm32\include\m_iphlpapi\iphlpapi.inc
includelib \masm32\lib\m_iphlpapi\iphlpapi.lib
include \masm32\Macros\macros.asm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Returns IP address as DWORD in network byte order
; Usage: IPADDR(192,168,0,1)
; by Exagone [Thomas Bleeker]
my_IPADDR MACRO IPP1:REQ,IPP2:REQ,IPP3:REQ,IPP4:REQ
LOCAL @val
@val = IPP1 + (IPP2 SHL 8) + (IPP3 SHL 16) + (IPP4 SHL 24)
EXITM <&@val>
ENDM
;-------------------------------------
; Returns port number as WORD in network byte order
; Usage: PORTNR(1234)
; by Exagone [Thomas Bleeker]
;-------------------------------------
my_PORTNR MACRO PORTNUMBER:REQ
LOCAL @val
@val = (PORTNUMBER SHR 8) + ((PORTNUMBER AND 0FFh) SHL 8)
EXITM <&@val>
ENDM
;-------------------------------------
MIB_TCP_STATE_DELETE_TCB equ 12
MIB_TCPROW STRUCT
dwState DWORD ?
dwLocalAddr DWORD ?
dwLocalPort DWORD ?
dwRemoteAddr DWORD ?
dwRemotePort DWORD ?
MIB_TCPROW ENDS
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
TestRow MIB_TCPROW <my_IPADDR(168,201,127,85),my_PORTNR(2018), my_IPADDR(202,106,185,73),my_PORTNR(80)>
;local IP & port number ||| remote IP & port number
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
Main:
;Killing a TCP connection
invoke SetTcpEntry, addr TestRow
invoke MessageBox,NULL,chr$("Killed a IP Connect"),chr$("--- test ---"),MB_OK or MB_ICONASTERISK
invoke ExitProcess, NULL
end Main
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
:make
set name=kill_ip
\masm32\bin\ml /c /coff %name%.bat
\masm32\bin\Link /subsystem:windows %name%.obj
del *.bak
del *.obj
echo.
You missed a parameter in the SetTcpEntry call.
TestRow MIB_TCPROW <MIB_TCP_STATE_DELETE_TCB,my_IPADDR(168,201,127,85),my_PORTNR(2018), my_IPADDR(202,106,185,73),my_PORTNR(80)>
Were you using Mad Wizard's NetTool to find a connection to kill ? Your local address does not look right to me.
anon,
thanks your reply.
yeah,that is it.
:U :U :U
where has the "call SetTcpEntry" win32 developer's references?
if i kill all ports of a ip address, then what do I?
thanks you very much.
regards
For API reference, I use the PlatformSDK. If you do not have a copy, you can
go to Microsofts MSDN website and get the same information.
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/
http://www.msdn.microsoft.com/
Since I do not know what you are trying to do with your program, I really can
not tell you what to do next.
anon,
thanks you gave me the Link.
QuoteSince I do not know what you are trying to do with your program, I really can not tell you what to do next.
when i'm exploring on internet, i used a sniffer soft written by dom to find: a ip address with changing port number is communcating with my ip address. I don't need the ip address. That may be a virus or others. so i must kill the connection. if i killed the Ip address by one to one, That is slowly, and the port number of the ip address is changing. therefore i need to kill all ports.
regards.
It sounds like you should scan your computer for trojans. There are a lot of
good free scanners available on the internet. You might also consider using
a firewall. If you want to do something with your own software, look at
Mad Wizard's NetTool for ideas. I would make it update every few seconds
so you could see this type of activity. Add your KillIP routine so you could
select the connection from the list. You could even just check for connections
that are changing ports frequently and automatically kill them. But remember,
this is how a normal FTP connection works (changing ports often).
Thanks anon,
you gave me much guidance.
If i did't guess falsely, you are the famous Thomas. I think the website www.MadWizard.org is the best win32asm network station on internet.
:U :U :U
Thanks you again.
best regards
Thank you for the compliment, but I'm not Thomas.
Quote from: anon on December 25, 2004, 03:47:35 PM
As you said, Telnet uses port 23(decimal). Windows version has nothing to do with
what port is used for a particular protocol.
I don't want to be pedantic, but telnet operates on whatever *port* you tell the server to listen on. Telnet is a protocol (communication standard), it is not port specific.
SLUGGY global moderator,
Thanks you gave me a new conception.
as saw your five star coruscatting . I have known : i want to know much thing, it is no problem.
Thomas said:
Quote
"The client is the one that requests something, the server responses accordingly. For example, when opening a website, the browser is the client, the webserver is the server. The browser initiates the connection with the server and requests a specific resource. The server then sends back a response and the data requested.
The server is continually waiting for incoming connections. This is called listening, which is always done on a certain IP and port number. The client is only active when necessary, as the client is always the initiator of a connection and the one that requests information. To create a connection, the client needs to know both the IP and port number the server is listening on. A connection is made to that server and hopefully accepted by the server. While communication over a TCP/IP connection is two-way, many protocols (HTTP, FTP, etc) let the client and server interact in turn.
Both the server and client side use an IP and port number, but the IP and port number of the server are usually fixed. The standard port for the WWW is 80 (using HTTP).
Google for example, is a webserver that runs on port 80 and IP 216.239.39.101 (at the moment of writing). Each client (read: anyone google-ing :) connects to this IP and port. So the webserver can have many connections on the same port. This is no problem, since all traffic on that port is for the same process. On the client side, the port number doesn't matter. Any port can be used. Some people think that the port number used in a connection needs to be the same on both sides. This is not true. Just open a website and quickly run 'netstat -an' in a command line. You might see a line like this:
TCP xxx.xxx.xxx.xxx:2894 216.239.39.101:80 ESTABLISHED
xxx.xxx.xxx.xxx was my IP, 216.239.39.101 is google's IP. The number after the colon is the port number. As you can see, the server side uses port 80, while the client uses a random (read: some free) port number like 2894. Each client connection needs a different port number on the client side, since every connection is associated with a different client."
Client:
The program that initiates the connection, and requests information.
Server:
The program that listens for incoming connections, accepts them and responses according to the received requests. The IP and port number of the server need to be known by the client to connect to it."
my question is:
1. if server side changed her port, then Client side should corresponding to changed his ports that requested. if Client side don't know the server side her port changed .then he can't create connection. so server side telnet ports should be 23. is it right ?
2. here is a example named "SparcZ" that downloaded from www.ronybc.8k.com. if i changed its telnet ports to 24, then "SparcZ" can't accomplish his function from Client side. if i used command "telnet 222.111.111.111 24" at client side, then everything is fine. 222.111.111.111 is a ip address of "SparcZ" running.
3. Could you tell me the return value at " invoke SetTcpEntry" in all cases?
regards
Thanks all mentors who provided windows api help LINKS for guidance
:U
;=============================================================================
Platform SDK: IP Helper
SetTcpEntry
The SetTcpEntry function sets the state of a TCP connection.
DWORD SetTcpEntry(
PMIB_TCPROW pTcpRow
);
Parameters
pTcpRow
[in] Pointer to a MIB_TCPROW structure. This structure specifies information to identify the TCP connection to modify. It also specifies the new state for the TCP connection. The caller must specify values for all the members in this structure.
Return Values
If the function succeeds, the return value is NO_ERROR.
If the function fails, use FormatMessage to obtain the message string for the returned error.
Remarks
Currently, the only state to which a TCP connection can be set is MIB_TCP_STATE_DELETE_TCB.
Requirements
Client Requires Windows XP, Windows 2000 Professional, Windows NT Workstation 4.0 SP4 and later, Windows Me, or Windows 98.
Server Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0 SP4 and later.
Header Declared in Iphlpapi.h.
Library Link to Iphlpapi.lib.
DLL Requires Iphlpapi.dll.
;================================================================================
The MIB_TCPROW structure contains information for a TCP connection.
typedef struct _MIB_TCPROW {
DWORD dwState;
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwRemoteAddr;
DWORD dwRemotePort;
} MIB_TCPROW, *PMIB_TCPROW;
Members
dwState
Specifies the state of the TCP connection. This member can have one of the following values:
MIB_TCP_STATE_CLOSED
MIB_TCP_STATE_LISTEN
MIB_TCP_STATE_SYN_SENT
MIB_TCP_STATE_SYN_RCVD
MIB_TCP_STATE_ESTAB
MIB_TCP_STATE_FIN_WAIT1
MIB_TCP_STATE_FIN_WAIT2
MIB_TCP_STATE_CLOSE_WAIT
MIB_TCP_STATE_CLOSING
MIB_TCP_STATE_LAST_ACK
MIB_TCP_STATE_TIME_WAIT
MIB_TCP_STATE_DELETE_TCB
dwLocalAddr
Specifies the address for the connection on the local computer. A value of zero indicates the listener can accept a connection on any interface.
dwLocalPort
Specifies the port number for the connection on the local computer.
dwRemoteAddr
Specifies the address for the connection on the remote computer.
dwRemotePort
Specifies the port number the connection on the remote computer.
Requirements
Client: Requires Windows XP, Windows 2000 Professional, Windows NT Workstation 4.0 SP4 and later, Windows Me, or Windows 98.
Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0 SP4 and later.
Header: Declared in Iprtrmib.h.
;=================================================================================
:lol
regards
anon,
I'm pleasure too early. actually, the Proc can't Kill a ip connection. because I check (invoke SetTcpEntry, addr TestRow) return value, i found it can't. at the time, the return Value =87.
here is the modified code.
.386
.model flat, STDCALL
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc
include \masm32\include\m_iphlpapi\iphlpapi.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\m_iphlpapi\iphlpapi.lib
include \masm32\Macros\macros.asm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Returns IP address as DWORD in network byte order
; Usage: IPADDR(192,168,0,1)
; by Exagone [Thomas Bleeker]
my_IPADDR MACRO IPP1:REQ,IPP2:REQ,IPP3:REQ,IPP4:REQ
LOCAL @val
@val = IPP1 + (IPP2 SHL 8) + (IPP3 SHL 16) + (IPP4 SHL 24)
EXITM <&@val>
ENDM
;-------------------------------------
; Returns port number as WORD in network byte order
; Usage: PORTNR(1234)
; by Exagone [Thomas Bleeker]
;-------------------------------------
my_PORTNR MACRO PORTNUMBER:REQ
LOCAL @val
@val = (PORTNUMBER SHR 8) + ((PORTNUMBER AND 0FFh) SHL 8)
EXITM <&@val>
ENDM
;-------------------------------------
MIB_TCP_STATE_DELETE_TCB equ 12
MIB_TCPROW STRUCT
dwState DWORD ?
dwLocalAddr DWORD ?
dwLocalPort DWORD ?
dwRemoteAddr DWORD ?
dwRemotePort DWORD ?
MIB_TCPROW ENDS
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
TestRow MIB_TCPROW <MIB_TCP_STATE_DELETE_TCB,my_IPADDR(10,180,127,85),my_PORTNR(139),\
my_IPADDR(10,180,127,172),my_PORTNR(2572)>
;local IP & port number \;remote IP & port number
pzCaption db "Kill a IP Connection Application",0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
HandleError proc lpTitle:DWORD
LOCAL lpMsgBuffer : LPVOID ;dword
; calculate language ID, asm version of MAKELANGID
mov cx, SUBLANG_DEFAULT
shl ecx, 10
;or cx, LANG_NEUTRAL ; LANG_NEUTRAL = 0, nothing necessary
; Setup parameters for FormatMessage, normal pushing to use some
; params directly (e.g. GetLastError returns the ID in eax, but I
; can't use this register in "invoke")
push NULL ; we don't need this
push 0 ; min. size of output buffer if we use
; FORMAT_MESSAGE_ALLOCATE_BUFFER
lea ebx,lpMsgBuffer ; get address of our buffer
push ebx ; address of buffer
push ecx ; our language ID, calculated above
invoke GetLastError ; get error number
push eax ; push return value = error ID
push NULL ; can be used to format a string, we don't need it
mov edx, FORMAT_MESSAGE_ALLOCATE_BUFFER or FORMAT_MESSAGE_FROM_SYSTEM
push edx ; some flags, check your doc for more
call FormatMessage ; here we go
; Display error-message
invoke MessageBox, NULL, lpMsgBuffer, lpTitle, MB_OK or MB_ICONSTOP
; free memory
invoke LocalFree, lpMsgBuffer
ret
HandleError endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Main:
;Killing a TCP connection
invoke SetTcpEntry, addr TestRow
.if eax==NO_ERROR
invoke MessageBox,NULL,chr$("OK, IP Connection Killed!"),addr pzCaption,MB_OK or MB_ICONASTERISK
.else
;pushad
;invoke MessageBox,NULL,str$(eax),addr pzCaption,MB_OK or MB_ICONASTERISK
;popad
invoke HandleError,addr pzCaption
.endif
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end Main
additional file is the sniffer software that i use.
regards
[attachment deleted by admin]
Error code 87 = ERROR_INVALID_PARAMETER
But the program still works for me.
anon,
Thanks you.
it can't work in my windows system (XP home edition SP2.)
I used the HandleError proc for showing error. in my windows system, error 87 means: " the Image file that specified is not include resource area. " ( this is ENGLISH translated with me, it maybe not clearly ).
regards
MSDN: System Error Codes (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/system_error_codes.asp)
Hi, Anon, Michaelw:
Thanks you.
I used the Ollydbg checking the return value, it is 57h(87d). according to below,
Platform SDK: Debugging and Error Handling
System Error Codes
Code Description Name
87 The parameter is incorrect. ERROR_INVALID_PARAMETER
- I don't Know where the error parameter in my code?
- Others, why did the HandleError proc display the "the Image file that specified is not include resource area." , not the "The parameter is incorrect." ?
- or, the Ip connection is used by a virus. at the user mode, i can't disconnect.
Regards.
I get that error only if I try to shut down an invalid connection.
(I don't know why "the Image file that specified is not include resource area")
is being reported)
Make sure you are setting the addresses and ports correctly.
hi, anon
Thanks you.
I used dom's sniffer to watch the packet, at same time, Input address and port. running Kill_ip. i'm sure the address and ports is correct.
but it is changing at next packet. could you modify it to Kill all ports of a ip address?
oh, i try to Kill a normal ip connection (ie: http//www.yahoo.com). It can killed when I'm testing.
regards.
Yes, it can be done. You will have to make some big changes
to your program. What I would do is create a program like the
one Thomas wrote (NetTool). Then have it update the screen
every few seconds. Add an edit control, or a listbox that you
add BANNED addresses to. When one of these addresses connect,
automatically kill it.
But what I really would do is clean up my computer with trojan
and spyware software and start using a firewall.