Checking a port if it's in use/open

[sutee84]

Yes, I just want to know if somebody or something use the port.

[wysota]

Yes, I just want to know if somebody or something use the port.

What fatjuicymole meant is that you can't have a service running on that port - i.e. you can't have a vnc daemon there. If that's acceptible then open a QTcpServer on that port and when something tries to connect to it, simply close the client socket to drop the connection.

[sutee84]

I don't understand exactly, what you wrote.
Why can't I running service on that port?
I want to write a program, what can check if somebody connect to my pc with vnc on port 5500 for example. Vnc server use the mention port what I want to check.

[squidge]

Only one program can connect to a port at one time. So if VNC is listening on port 5000 (for example), then you can't write a program that uses the same port.

So what you want to do is install a proxyservice. Change the port VNC uses from 5000 to 6000 (f.ex). Write a program in Qt that accepts connections on port 5000, then immediately connect to VNC on port 6000 and transparency pass through all data you receive from both sides. You can then popup a dialog box telling when someone connected and disconnected.

[wysota]

...or write a firewall rule as already suggested. Doing things in kernel space are much faster than doing them in userspace and you retain control over who is using your services (otherwise all connections to VNC will look like originating on localhost - and in fact they will).

[prof.ebral]

I am a little confused. I understand that a port can only have one service running on it .. that part doesn't confuse me .. what confuses me is the answers that are being given. The OP wants to write a software that tells him when a port sees activity .. but 5500 is only an example.

If the OP is given an answer to write a Firewall rule .. why isn't he given an answer on how Firewalls monitor ports? What I am reading here is the OP wants to write a Firewall like software and port 5500 is just an example. Maybe I am wrong, sutee84.

[sutee84]

Hi!

You're not wrong. I just want to check the activities on some ports, and I want to know if somebody connect to the pc, and send a message.
I want it to work on windows, because there is windows on that pc, what I want to use my software on.
There is winvnc on that pc, and I just want to know, if somebody connect to the pc with vnc.
If somebody connected/trie to connect to my pc, the application send me a message.
That is, what I want.

Thx.
Regards,
Sutee84

[wysota]

You're not wrong. I just want to check the activities on some ports, and I want to know if somebody connect to the pc, and send a message.
I want it to work on windows, because there is windows on that pc, what I want to use my software on.
There is winvnc on that pc, and I just want to know, if somebody connect to the pc with vnc.
If somebody connected/trie to connect to my pc, the application send me a message.

That's exactly what Intrusion Detection Systems (such as firewalls) do. And I don't see much point in doing that in pure userspace anyway as:
1) you're making your system vulnerable to attack if your software is flawed
2) port scanning has become an everyday practise even for non-malicious software so you'll get lots of false positives without detecting any port scanning patterns like real IDS systems do
3) your software will make the port appear as "open" for port scanning techniques encouraging future attempts to break into the system using that port
4) to make your software run you will have to bring the existing firewall down for it and if you're interacting with the IDS anyway, why write your own software instead of configuring the firewall properly?
5) you will not be able to start the real service (i.e. a real VNC daemon) on that port for as long as your software is running
6) if there can't be any real service running on that port, why bother checking if anyone tries to connect to it in the first place?

If you still insist on writing your own piece of software, just start a server on the port you want monitored and when something tries to connect to it, drop the connection (I think you have to accept it first, otherwise it will not leave the queue eventually blocking any future attempts to connect to the port) and send the message.

[sutee84]

Hi!

Can you write me a short example how to make a server and check the port as you wrote, because I have never used QNetwork class?

Thx.

[squidge]

There are numerous examples in the Qt installation. Have a look in the 'examples' directory.

As explained before however, don't expect your application to run at the same time as your VNC server, unless you want the pitfalls as explained above.

[prof.ebral]

I am a non-conformist when it comes to software. I agree with you that 'reinventing the wheel' is not truely innovation, but it can create innovation. I also like having the option of being able to code my own firewall.

There are numerous examples in the Qt installation. Have a look in the 'examples' directory.

Definitely a good start. The examples have a network and client that will show you something of how it works.

As explained before however, don't expect your application to run at the same time as your VNC server, unless you want the pitfalls as explained above.

I don't agree with this totally, fatjuicymole. The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.

[wysota]

I also like having the option of being able to code my own firewall.

But do it with means meant for coding a firewall, not a userspace application.

The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.

Hmm? Could you share a snippet of that does what you mean? Where would the connection proceed exactly? It seems you are using unix, so let's assume netcat started as

bash Code:

Switch view

netcat -l 10001

netcat -l 10001

To copy to clipboard, switch view to plain text mode 

... to be our server. Please write a minimal application (using whatever technology available for a standard u*ix system) that will bind a userspace application to tcp port 10001, intercept the connection, issue some debugging statement to the console and let the connection be picked up by the netcat pseudo-server.

Please also perform a (shallow) theoretical analysis of how the tcp handshake (SYN ->, SYN+ACK <-, ACK ->)would look like from the client's perspective in such a situation.

[squidge]

I don't agree with this totally, fatjuicymole. The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.

Explain how to do this with Qt. I don't think it's possible for the simple reason that a user-level application doesn't have that kind of access (and Qt only works in user-land). Sure, you can get the connect notification and ignore it (not accept the connection request), but you then can't pass on that notification to some other program without affecting the source route. The only way I see it working is if the client automatically has multiple retries, so the notification app gets the first, releases the port, and VNC gets the next, but thats hardly a practical solution.

[squidge]

If the OP is given an answer to write a Firewall rule .. why isn't he given an answer on how Firewalls monitor ports? What I am reading here is the OP wants to write a Firewall like software and port 5500 is just an example.

1) Using a firewall rule is much simpler than writing software, and the OP might not have tried this avenue (Why write software if you don't have to? Your just making work for yourself for no reason)
2) Qt doesn't support writing firewall software, and we are guessing the OP is using Linux/Unix/BSD as his profile only says X-Windows, and nothing about MS-Windows.
3) An alternative way is given above that will work in Qt and be cross-platform, should the OP want to write software on his own.

[prof.ebral]

1) Using a firewall rule is much simpler than writing software, and the OP might not have tried this avenue (Why write software if you don't have to? Your just making work for yourself for no reason)

Because that is how innovations are made .. ?

Sutee, you need to look at the QNetwork classes.

[wysota]

Because that is how innovations are made .. ?

Reinventing the wheel is not an innovation, it's lack of proper research.

[squidge]

Because that is how innovations are made .. ?

This forum is dedicated to the Qt framework or minor other programming tasks. For help on writing a firewall, you should use a website more suited to the task, such as one dedicated to advanced topics of your chosen operating system, as different OSs have wildly different ways of interacting with the network layer.

Nothing in Qt will do anything like a typical firewall application. The only Qt-way of doing what the OP wants has already been described, but as pointed out, it is not the practical way to go about the task.

[wysota]

For help on writing a firewall, you should use a website more suited to the task, such as one dedicated to advanced topics of your chosen operating system, as different OSs have wildly different ways of interacting with the network layer.

The term "network layer" may be used incorrectly here You probably meant "networking stack" as most firewalls used today (especially on Windows systems) are most likely implemented in higher layers than the network layer of both the ISO model and the TCP/IP model. And to position ourselves in the situation described in this thread, a piece of software acting in userspace would reside in the most upper layer - the application layer (so each piece of data would have to go all the way up, decapsulated from each layer's headers until reaching the application listening on the port). Just my five cents...

[sutee84]

Thank you very much!