Ports

[six_L]

hello, everyone.
wishes you happy holiday.

Several Internet protocols has their own default ports. ie:
HTTP uses port 80 (decimal)
FTP uses port 21 (decimal).
Telnet uses port 23(decimal) (win98)
in windows xp:
Telnet uses port  ???(decimal)

regards

[anon]

As you said, Telnet uses port 23(decimal). Windows version has nothing to do with
what port is used for a particular protocol.

[six_L]

thanks anon.
ok, That's right.
:U
here, there has a proc that I learned how kill a Ip connection. It downloaded from www.madwizard.com. but after ran. I have used a sniffer soft to find that Ip connection is existing. what's error with my usage?

Code Select Expand


;@echo off
;goto make
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, STDCALL
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include \masm32\include\windows.inc
include \masm32\include\masm32.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
include \masm32\include\m_iphlpapi\iphlpapi.inc
includelib \masm32\lib\m_iphlpapi\iphlpapi.lib
include \masm32\Macros\macros.asm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Returns IP address as DWORD in network byte order
; Usage: IPADDR(192,168,0,1)
; by Exagone [Thomas Bleeker]
my_IPADDR  MACRO IPP1:REQ,IPP2:REQ,IPP3:REQ,IPP4:REQ
LOCAL    @val
@val = IPP1 + (IPP2 SHL 8) + (IPP3 SHL 16) + (IPP4 SHL 24)
EXITM    <&@val>
ENDM
;-------------------------------------
; Returns port number as WORD in network byte order
; Usage: PORTNR(1234)
; by Exagone [Thomas Bleeker]
;-------------------------------------
my_PORTNR  MACRO PORTNUMBER:REQ
LOCAL    @val
@val = (PORTNUMBER SHR 8) + ((PORTNUMBER AND 0FFh) SHL 8)
EXITM    <&@val>
ENDM
;-------------------------------------
MIB_TCP_STATE_DELETE_TCB    equ   12
     
MIB_TCPROW STRUCT
      dwState           DWORD   ?
      dwLocalAddr       DWORD   ?
      dwLocalPort       DWORD   ?
      dwRemoteAddr      DWORD   ?
      dwRemotePort      DWORD   ?
MIB_TCPROW ENDS
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
TestRow MIB_TCPROW <my_IPADDR(168,201,127,85),my_PORTNR(2018), my_IPADDR(202,106,185,73),my_PORTNR(80)> 
;local IP & port number  |||  remote IP & port number
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
Main:
  ;Killing a TCP connection
invoke SetTcpEntry, addr TestRow
invoke MessageBox,NULL,chr$("Killed a IP Connect"),chr$("--- test ---"),MB_OK or MB_ICONASTERISK
invoke ExitProcess, NULL

end Main
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
:make
set name=kill_ip

    \masm32\bin\ml /c /coff %name%.bat
    \masm32\bin\Link /subsystem:windows %name%.obj
    del *.bak
    del *.obj
    echo.


[anon]

You missed a parameter in the SetTcpEntry call.

TestRow MIB_TCPROW <MIB_TCP_STATE_DELETE_TCB,my_IPADDR(168,201,127,85),my_PORTNR(2018), my_IPADDR(202,106,185,73),my_PORTNR(80)>

Were you using Mad Wizard's NetTool to find a connection to kill ? Your local address does not look right to me.

[six_L]

anon,
thanks your reply.
yeah,that is it.
:U :U :U

where has the "call SetTcpEntry" win32 developer's references?
if i kill all ports of a ip address, then what do I?


thanks you very much.
regards

[anon]

For API reference, I use the PlatformSDK. If you do not have a copy, you can
go to Microsofts MSDN website and get the same information.
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/
http://www.msdn.microsoft.com/
Since I do not know what you are trying to do with your program, I really can
not tell you what to do next.

[six_L]

anon,
thanks you gave me the Link.

Since I do not know what you are trying to do with your program, I really can not tell you what to do next.

when i'm exploring on internet, i used a sniffer soft written by dom to find:  a ip address with changing port number is communcating with my ip address. I don't need the ip address. That may be a virus or others. so i must kill the connection. if i killed the Ip address by one to one, That is slowly, and the port number of the ip address is changing. therefore i need to kill all ports.

regards.

[anon]

It sounds like you should scan your computer for trojans. There are a lot of
good free scanners available on the internet. You might also consider using
a firewall. If you want to do something with your own software, look at
Mad Wizard's NetTool for ideas. I would make it update every few seconds
so you could see this type of activity. Add your KillIP routine so you could
select the connection from the list. You could even just check for connections
that are changing ports frequently and automatically kill them. But remember,
this is how a normal FTP connection works (changing ports often).

[six_L]

Thanks anon,
you gave me much guidance.

If i did't guess falsely, you are the famous Thomas. I think the website www.MadWizard.org is the best win32asm network station on internet.
:U :U :U
Thanks you again.
best regards

[anon]

Thank you for the compliment, but I'm not Thomas.

[sluggy]

As you said, Telnet uses port 23(decimal). Windows version has nothing to do with
what port is used for a particular protocol.

I don't want to be pedantic, but telnet operates on whatever *port* you tell the server to listen on. Telnet is a protocol (communication standard), it is not port specific.

[six_L]

SLUGGY global moderator,
Thanks you gave me a new conception.

as saw your five star coruscatting . I have known :  i want to know much thing, it is no problem.

Thomas said:

"The client is the one that requests something, the server responses accordingly. For example, when opening a website, the browser is the client, the webserver is the server. The browser initiates the connection with the server and requests a specific resource. The server then sends back a response and the data requested.

The server is continually waiting for incoming connections. This is called listening, which is always done on a certain IP and port number. The client is only active when necessary, as the client is always the initiator of a connection and the one that requests information. To create a connection, the client needs to know both the IP and port number the server is listening on. A connection is made to that server and hopefully accepted by the server. While communication over a TCP/IP connection is two-way, many protocols (HTTP, FTP, etc) let the client and server interact in turn.

Both the server and client side use an IP and port number, but the IP and port number of the server are usually fixed. The standard port for the WWW is 80 (using HTTP).

Google for example, is a webserver that runs on port 80 and IP 216.239.39.101 (at the moment of writing). Each client (read: anyone google-ing :) connects to this IP and port. So the webserver can have many connections on the same port. This is no problem, since all traffic on that port is for the same process. On the client side, the port number doesn't matter. Any port can be used. Some people think that the port number used in a connection needs to be the same on both sides. This is not true. Just open a website and quickly run 'netstat -an' in a command line. You might see a line like this:

TCP    xxx.xxx.xxx.xxx:2894    216.239.39.101:80       ESTABLISHED

xxx.xxx.xxx.xxx was my IP, 216.239.39.101 is google's IP. The number after the colon is the port number. As you can see, the server side uses port 80, while the client uses a random (read: some free) port number like 2894. Each client connection needs a different port number on the client side, since every connection is associated with a different client."

Client:
The program that initiates the connection, and requests information.

Server:
The program that listens for incoming connections, accepts them and responses according to the received requests. The IP and port number of the server need to be known by the client to connect to it."

my question is:
1. if server side changed her port, then Client side should corresponding to changed his ports that requested. if Client side don't know the server side her port changed .then he can't create connection. so server side telnet ports should be 23. is it right ?

2. here is a example named "SparcZ" that downloaded from www.ronybc.8k.com. if i changed its telnet ports to 24, then "SparcZ" can't accomplish his function from Client side. if i used command "telnet 222.111.111.111 24" at client side, then everything is fine. 222.111.111.111 is a ip address of  "SparcZ" running.

3. Could you tell me the return value at " invoke SetTcpEntry" in all cases?
   
regards

[six_L]

Thanks all mentors who provided windows api help LINKS for  guidance
:U
;=============================================================================
Platform SDK: IP Helper

SetTcpEntry

The SetTcpEntry function sets the state of a TCP connection.

DWORD SetTcpEntry(
  PMIB_TCPROW pTcpRow
);

Parameters
pTcpRow
[in] Pointer to a MIB_TCPROW structure. This structure specifies information to identify the TCP connection to modify. It also specifies the new state for the TCP connection. The caller must specify values for all the members in this structure.
Return Values
If the function succeeds, the return value is NO_ERROR.

If the function fails, use FormatMessage to obtain the message string for the returned error.

Remarks
Currently, the only state to which a TCP connection can be set is MIB_TCP_STATE_DELETE_TCB.

Requirements
Client Requires Windows XP, Windows 2000 Professional, Windows NT Workstation 4.0 SP4 and later, Windows Me, or Windows 98.
Server Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0 SP4 and later.
Header Declared in Iphlpapi.h.

Library Link to Iphlpapi.lib.

DLL Requires Iphlpapi.dll. 
;================================================================================
The MIB_TCPROW structure contains information for a TCP connection.

typedef struct _MIB_TCPROW { 
DWORD dwState;
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwRemoteAddr;
DWORD dwRemotePort;
} MIB_TCPROW, *PMIB_TCPROW;
Members
dwState
Specifies the state of the TCP connection. This member can have one of the following values:
MIB_TCP_STATE_CLOSED
MIB_TCP_STATE_LISTEN
MIB_TCP_STATE_SYN_SENT
MIB_TCP_STATE_SYN_RCVD
MIB_TCP_STATE_ESTAB
MIB_TCP_STATE_FIN_WAIT1
MIB_TCP_STATE_FIN_WAIT2
MIB_TCP_STATE_CLOSE_WAIT
MIB_TCP_STATE_CLOSING
MIB_TCP_STATE_LAST_ACK
MIB_TCP_STATE_TIME_WAIT
MIB_TCP_STATE_DELETE_TCB

dwLocalAddr
Specifies the address for the connection on the local computer. A value of zero indicates the listener can accept a connection on any interface.
dwLocalPort
Specifies the port number for the connection on the local computer.
dwRemoteAddr
Specifies the address for the connection on the remote computer.
dwRemotePort
Specifies the port number the connection on the remote computer.
Requirements
Client: Requires Windows XP, Windows 2000 Professional, Windows NT Workstation 4.0 SP4 and later, Windows Me, or Windows 98.
Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0 SP4 and later.
Header: Declared in Iprtrmib.h.
;=================================================================================
:lol
regards

[six_L]

anon,

I'm pleasure too early. actually, the Proc can't Kill a ip connection. because I check (invoke SetTcpEntry, addr TestRow) return value, i found it can't. at the time, the return Value =87.
here is the modified code.

Code Select Expand


.386
.model flat, STDCALL
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc
include \masm32\include\m_iphlpapi\iphlpapi.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\m_iphlpapi\iphlpapi.lib

include \masm32\Macros\macros.asm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Returns IP address as DWORD in network byte order
; Usage: IPADDR(192,168,0,1)
; by Exagone [Thomas Bleeker]
my_IPADDR  MACRO IPP1:REQ,IPP2:REQ,IPP3:REQ,IPP4:REQ
LOCAL    @val
@val = IPP1 + (IPP2 SHL 8) + (IPP3 SHL 16) + (IPP4 SHL 24)
EXITM    <&@val>
ENDM
;-------------------------------------
; Returns port number as WORD in network byte order
; Usage: PORTNR(1234)
; by Exagone [Thomas Bleeker]
;-------------------------------------
my_PORTNR  MACRO PORTNUMBER:REQ
LOCAL    @val
@val = (PORTNUMBER SHR 8) + ((PORTNUMBER AND 0FFh) SHL 8)
EXITM    <&@val>
ENDM
;-------------------------------------
MIB_TCP_STATE_DELETE_TCB    equ   12
     
MIB_TCPROW STRUCT
      dwState           DWORD   ?
      dwLocalAddr       DWORD   ?
      dwLocalPort       DWORD   ?
      dwRemoteAddr      DWORD   ?
      dwRemotePort      DWORD   ?
MIB_TCPROW ENDS
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
TestRow MIB_TCPROW <MIB_TCP_STATE_DELETE_TCB,my_IPADDR(10,180,127,85),my_PORTNR(139),\
     my_IPADDR(10,180,127,172),my_PORTNR(2572)> 
;local IP & port number \;remote IP & port number
pzCaption db "Kill a IP Connection Application",0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
HandleError proc lpTitle:DWORD
     
LOCAL lpMsgBuffer     : LPVOID ;dword
; calculate language ID, asm version of MAKELANGID
mov cx, SUBLANG_DEFAULT
shl ecx, 10
;or  cx, LANG_NEUTRAL        ; LANG_NEUTRAL = 0, nothing necessary

; Setup parameters for FormatMessage, normal pushing to use some
; params directly (e.g. GetLastError returns the ID in eax, but I
; can't use this register in "invoke")

push NULL                ; we don't need this
push 0                   ; min. size of output buffer if we use
; FORMAT_MESSAGE_ALLOCATE_BUFFER
lea  ebx,lpMsgBuffer     ; get address of our buffer
push ebx                 ; address of buffer
push ecx                 ; our language ID, calculated above
invoke GetLastError      ; get error number
push eax                 ; push return value = error ID
push NULL                ; can be used to format a string, we don't need it
mov edx, FORMAT_MESSAGE_ALLOCATE_BUFFER or FORMAT_MESSAGE_FROM_SYSTEM
push edx                 ; some flags, check your doc for more
call FormatMessage       ; here we go

; Display error-message
invoke MessageBox, NULL, lpMsgBuffer, lpTitle, MB_OK or MB_ICONSTOP
; free memory
invoke LocalFree, lpMsgBuffer

ret
HandleError endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Main:
;Killing a TCP connection

invoke SetTcpEntry, addr TestRow
.if eax==NO_ERROR
invoke MessageBox,NULL,chr$("OK, IP Connection Killed!"),addr pzCaption,MB_OK or MB_ICONASTERISK
.else
;pushad
;invoke MessageBox,NULL,str$(eax),addr pzCaption,MB_OK or MB_ICONASTERISK
;popad
invoke HandleError,addr pzCaption
.endif
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

end Main

 

additional file is the sniffer software that i use.

regards


[attachment deleted by admin]

[anon]

Error code 87 = ERROR_INVALID_PARAMETER

But the program still works for me.