Hi!

I'm new here, and newbie to Qt, but I've writen some simple application in Qt, but never used network.
I would like to write a program, what check a port of the pc, and if something happen on the port, it will send a simple message.
For example I would like to check port 5500, and somebody connect to my pc with vnc on port 5500, the program send a message to me, that something happend on port 5500.
Does somebody has an idea, how can I check a port?

Regards,
Sutee84

It's not that simple as I understand you want a service running on that port as well. In your situation a simple iptables rule (provided you're using Linux) would be best. You can have a rule that will log the packet and you can monitor the log with some other application (cron or your own app) and do whatever you need to do.

Under Windows there are several freeware programs such as Net Monitor which will show you when ports are connected to.

If you want to do it yourself, then your looking at monitoring Winsock, which normally uses a proxy DLL or injecting your own DLL into running processes to monitor calls.

If you just want to know when someone has connected to a port (and don't care about forwarding it onto another program), then things become much easier and you can do it all in Qt.

Yes, I just want to know if somebody or something use the port.

Yes, I just want to know if somebody or something use the port.

What fatjuicymole meant is that you can't have a service running on that port - i.e. you can't have a vnc daemon there. If that's acceptible then open a QTcpServer on that port and when something tries to connect to it, simply close the client socket to drop the connection.

I don't understand exactly, what you wrote.
Why can't I running service on that port?
I want to write a program, what can check if somebody connect to my pc with vnc on port 5500 for example. Vnc server use the mention port what I want to check.

Only one program can connect to a port at one time. So if VNC is listening on port 5000 (for example), then you can't write a program that uses the same port.

So what you want to do is install a proxyservice. Change the port VNC uses from 5000 to 6000 (f.ex). Write a program in Qt that accepts connections on port 5000, then immediately connect to VNC on port 6000 and transparency pass through all data you receive from both sides. You can then popup a dialog box telling when someone connected and disconnected.

...or write a firewall rule as already suggested. Doing things in kernel space are much faster than doing them in userspace and you retain control over who is using your services (otherwise all connections to VNC will look like originating on localhost - and in fact they will).

I am a little confused. I understand that a port can only have one service running on it .. that part doesn't confuse me .. what confuses me is the answers that are being given. The OP wants to write a software that tells him when a port sees activity .. but 5500 is only an example.

If the OP is given an answer to write a Firewall rule .. why isn't he given an answer on how Firewalls monitor ports? What I am reading here is the OP wants to write a Firewall like software and port 5500 is just an example. Maybe I am wrong, sutee84.

Hi!

You're not wrong. I just want to check the activities on some ports, and I want to know if somebody connect to the pc, and send a message.
I want it to work on windows, because there is windows on that pc, what I want to use my software on.
There is winvnc on that pc, and I just want to know, if somebody connect to the pc with vnc.
If somebody connected/trie to connect to my pc, the application send me a message.
That is, what I want.

Thx.
Regards,
Sutee84

If the OP is given an answer to write a Firewall rule .. why isn't he given an answer on how Firewalls monitor ports? What I am reading here is the OP wants to write a Firewall like software and port 5500 is just an example.
1) Using a firewall rule is much simpler than writing software, and the OP might not have tried this avenue (Why write software if you don't have to? Your just making work for yourself for no reason)
2) Qt doesn't support writing firewall software, and we are guessing the OP is using Linux/Unix/BSD as his profile only says X-Windows, and nothing about MS-Windows.
3) An alternative way is given above that will work in Qt and be cross-platform, should the OP want to write software on his own.

You're not wrong. I just want to check the activities on some ports, and I want to know if somebody connect to the pc, and send a message.
I want it to work on windows, because there is windows on that pc, what I want to use my software on.
There is winvnc on that pc, and I just want to know, if somebody connect to the pc with vnc.
If somebody connected/trie to connect to my pc, the application send me a message.
That's exactly what Intrusion Detection Systems (such as firewalls) do. And I don't see much point in doing that in pure userspace anyway as:
1) you're making your system vulnerable to attack if your software is flawed
2) port scanning has become an everyday practise even for non-malicious software so you'll get lots of false positives without detecting any port scanning patterns like real IDS systems do
3) your software will make the port appear as "open" for port scanning techniques encouraging future attempts to break into the system using that port
4) to make your software run you will have to bring the existing firewall down for it and if you're interacting with the IDS anyway, why write your own software instead of configuring the firewall properly?
5) you will not be able to start the real service (i.e. a real VNC daemon) on that port for as long as your software is running
6) if there can't be any real service running on that port, why bother checking if anyone tries to connect to it in the first place?

If you still insist on writing your own piece of software, just start a server on the port you want monitored and when something tries to connect to it, drop the connection (I think you have to accept it first, otherwise it will not leave the queue eventually blocking any future attempts to connect to the port) and send the message.

1) Using a firewall rule is much simpler than writing software, and the OP might not have tried this avenue (Why write software if you don't have to? Your just making work for yourself for no reason)

Because that is how innovations are made .. ?

Sutee, you need to look at the QNetwork classes.

Because that is how innovations are made .. ?

Reinventing the wheel is not an innovation, it's lack of proper research.

Because that is how innovations are made .. ?This forum is dedicated to the Qt framework or minor other programming tasks. For help on writing a firewall, you should use a website more suited to the task, such as one dedicated to advanced topics of your chosen operating system, as different OSs have wildly different ways of interacting with the network layer.

Nothing in Qt will do anything like a typical firewall application. The only Qt-way of doing what the OP wants has already been described, but as pointed out, it is not the practical way to go about the task.

Thank you very much!

Hi!

Can you write me a short example how to make a server and check the port as you wrote, because I have never used QNetwork class?

Thx.

There are numerous examples in the Qt installation. Have a look in the 'examples' directory.

As explained before however, don't expect your application to run at the same time as your VNC server, unless you want the pitfalls as explained above.

For help on writing a firewall, you should use a website more suited to the task, such as one dedicated to advanced topics of your chosen operating system, as different OSs have wildly different ways of interacting with the network layer.

The term "network layer" may be used incorrectly here :) You probably meant "networking stack" as most firewalls used today (especially on Windows systems) are most likely implemented in higher layers than the network layer of both the ISO model and the TCP/IP model. And to position ourselves in the situation described in this thread, a piece of software acting in userspace would reside in the most upper layer - the application layer (so each piece of data would have to go all the way up, decapsulated from each layer's headers until reaching the application listening on the port). Just my five cents... :)

I am a non-conformist when it comes to software. I agree with you that 'reinventing the wheel' is not truely innovation, but it can create innovation. I also like having the option of being able to code my own firewall.


There are numerous examples in the Qt installation. Have a look in the 'examples' directory.
Definitely a good start. The examples have a network and client that will show you something of how it works.


As explained before however, don't expect your application to run at the same time as your VNC server, unless you want the pitfalls as explained above.
I don't agree with this totally, fatjuicymole. The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.

I also like having the option of being able to code my own firewall.
But do it with means meant for coding a firewall, not a userspace application.


The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.

Hmm? Could you share a snippet of that does what you mean? Where would the connection proceed exactly? It seems you are using unix, so let's assume netcat started as
netcat -l 10001
... to be our server. Please write a minimal application (using whatever technology available for a standard u*ix system) that will bind a userspace application to tcp port 10001, intercept the connection, issue some debugging statement to the console and let the connection be picked up by the netcat pseudo-server.

Please also perform a (shallow) theoretical analysis of how the tcp handshake (SYN ->, SYN+ACK <-, ACK ->)would look like from the client's perspective in such a situation.

I don't agree with this totally, fatjuicymole. The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.Explain how to do this with Qt. I don't think it's possible for the simple reason that a user-level application doesn't have that kind of access (and Qt only works in user-land). Sure, you can get the connect notification and ignore it (not accept the connection request), but you then can't pass on that notification to some other program without affecting the source route. The only way I see it working is if the client automatically has multiple retries, so the notification app gets the first, releases the port, and VNC gets the next, but thats hardly a practical solution.

The only way I see it working is if the client automatically has multiple retries, so the notification app gets the first, releases the port, and VNC gets the next, but thats hardly a practical solution.

IMO this wouldn't work too, because of at least these facts and situations:

1. smart network stacks (or maybe it's even enforced by the standard, I don't remember) disallow binding to a just-released port to prevent stale connections/stray packets that might confuse the new daemon
2. race condition between the client and "server-switching" after an incoming connection is detected
3. a situation when the server can handle more than one connection simoultaneously - you wouldn't get any notification about new connections when there would already be a connection accepted by the real server
4. detecting when to reinstate the "peeking" daemon once the true connection is closed (+ a race condition again)

Of course I know how to do it in some special conditions in userland using Qt, i.e. on Linux you can implement a netlink device that will receive all incoming SYN packets before they are delivered to their destination but this is part of Linux firewalling mechanism, so it's kind of cheating (as you're still using kernel space means to get the data delivered to user space) and may slow down networking due to the necessity of copying the first packet of the connection back and forth between kernel and user space (fortunately only for a single packet per connection). By the way, that's probably how Windows personal firewalls work too more or less which would also explain why networking (and whole computer experience as well) is slower on Windows when a firewall is active.

I am not assuming anything with you wysota. I am using multiple Linux distros and multiple Windows distros. To start assuming with you from your first post is just going to lead the thread further off topic, prevent me from working on the networking software I am working on right now, and create a list of assumptions that digress from a truth based reality; something I need in my life.

FYI, I am working on a software's server and client networking script at the moment and it is using threading. The code is in Python and PyQt, so I am not using pure Qt classes I am also using Python classes.

Query: Where is 'user land'?

I am not assuming anything with you wysota. I am using multiple Linux distros and multiple Windows distros. To start assuming with you from your first post is just going to lead the thread further off topic, prevent me from working on the networking software I am working on right now, and create a list of assumptions that digress from a truth based reality; something I need in my life.
Then I don't see why you're making opinions and defending them if you are not ready to make one more step and prove your points. It's easy to say "I don't have time to respond to your arguments, I have better things to do". Well, the truth is I'm devoting my private time to being here as well. The biggest compensation I can get is to study difficult cases such as this one and learn from them.


FYI, I am working on a software's server and client networking script at the moment and it is using threading. The code is in Python and PyQt, so I am not using pure Qt classes I am also using Python classes.
I don't care - you can write the proof of concept for your solution in pure python code even, I'm sure we'll understand the principles. The software doesn't even have to work, just show us the main idea.


Query: Where is 'user land'?
Everywhere where 'kernel land' is not.

Then why don't you give me some time. I am rewriting the network and the current re-write is far from complete. If you want, you can download the source and see how the network uses threading.

http://www.assembla.com/wiki/show/traipse

The way the software's network is working: it uses threading to create new socks for each client, though all data is sent to one Port. It is pretty conceivable to use the same technology, only in reverse, to hand off the port request to a decision making function in the software. The function could notify the user through the UI and then the user could tell the software how to handle the request.

While the port request is being made, yes the port will be used by a service, but after the decision is completed the software can stop using the port allowing it to be accessed.

Then why don't you give me some time. I am rewriting the network and the current re-write is far from complete. If you want, you can download the source and see how the network uses threading.Using threading to handle multiple connections is not a problem, but how do you pass a connection handled by a thread to another process?

I will check the examples about network.
Does somebody know other way to check if somebody connect to the pc with winvnc (on windows), than check the vnc's port?

The application probably logs a connection to some file in which case you can monitor the log file.

Does somebody know other way to check if somebody connect to the pc with winvnc (on windows), than check the vnc's port?Have you taken a look at the VNC source code? The simplest solution may be to modify the code of VNC to popup a message box asking if you wish to accept the connection and show the IP address of the computer thats attempting to connect.

Using threading to handle multiple connections is not a problem, but how do you pass a connection handled by a thread to another process?
I don't know at the moment because that is not what I am working on.

The application probably logs a connection to some file in which case you can monitor the log file.
Please don't tell me you are talking about my application .. if you are, high rating or not check your ego at the source.

EDIT: I think this thread has been unfortunately hijacked. I was just trying to point out that the OP's idea is possible. I didn't mean to hijack his question thread.

I don't know at the moment because that is not what I am working on.
That's the whole point of this discussion. We say this is not possible.


Please don't tell me you are talking about my application .. if you are, high rating or not check your ego at the source.
You may use the threaded or hybrid mode of the thread view to see which post I was replying to.


EDIT: I think this thread has been unfortunately hijacked. I was just trying to point out that the OP's idea is possible. I didn't mean to hijack his question thread.
And we're trying to point out it is not possible so the discussion is not offtopic.

Here is an example of what you want Sutee .. it is coded in Visual Basic so I am not sure how useful it will be to you here.

Link: http://support.microsoft.com/kb/194938

meh. Here is the source for a Network Monitor coded in Qt: http://reachme.web.googlepages.com/qtnetworkmonitor

filetransit.com makes this claim about it

Qt Network Monitor 0.2 is an application to monitor the activity of both LANs and Internet servers, offering you continuous information about all devices: servers, computers, ports, websites, other IP devices, etc.It lets you monitor different devices simultaneously, and generates all types of statistics, obtained from each one of them.

which is also what you want. The site I linked to is the main site for it and it contains the source .. so that might be something to look at Sutee. I can't find the same claim on the main page.

I think you are missing the point of what sutee84 wants to do... He doesn't want to know on which ports there are daemons running, he wants to know when someone connects to one of the running daemons (despite the title of this thread).

You're welcome, Sutee. I don't expect you to use the softwares themselves, instead I thought you would be able to draw some information from them. They are not my softwares so I can verify the claims either. I hope you get what you are looking for.

Some extra info: Firewall Builder is a Qt program that helps you write iptable/netfiler rules. As such it's only for Linux and MacOSX http://www.fwbuilder.org/
But I did some extra research and found an open source Firewall for Windows called Netdefender. This has a Port scanner to scan for open ports: http://www.programmerworld.net/personal/firewall.htm This one is in Visual C++.

Again same premise, draw from it what you can to get what you really want.

Take a look at the platform specific results here: http://en.wikipedia.org/wiki/Netstat

This provides incite into how this information is obtained on different operating systems. I am not aware of this functionality being directly available in QT.

After your replies in this forum, I really expected more than the posting of a quick google search. Pointing to the sourcecode of an open-source firewall is hardly practical either, specially considering it is written in Visual C++ and MFC when they were asking for Qt solution. I fail to see why you posted the other links, since they clearly do even less of what was asked.

@fatjuicymole:

Leave them alone, it seems they perfectly know what they want and what they are doing. At some point we have to admit we are just trolling around on this forum and bow our heads before a solution for detecting which tcp (won't work for udp) ports are open by trying to register a listening socket on each and every one of them. Let's face it - resistance is futile and even running a level three diagnostic wouldn't help.

If you literally wish to see if a port is in use/open then the netstat command is probably what you need.

Variations are built into the kernels of most operating systems.


If you really want to build your own then something based around the pcap library or similar is what you need.

Personally, I would not go there but good luck!

I solved the problem, I check the log file, it was the easier way.