Checking a port if it's in use/open

[wysota]

You're not wrong. I just want to check the activities on some ports, and I want to know if somebody connect to the pc, and send a message.
I want it to work on windows, because there is windows on that pc, what I want to use my software on.
There is winvnc on that pc, and I just want to know, if somebody connect to the pc with vnc.
If somebody connected/trie to connect to my pc, the application send me a message.

That's exactly what Intrusion Detection Systems (such as firewalls) do. And I don't see much point in doing that in pure userspace anyway as:
1) you're making your system vulnerable to attack if your software is flawed
2) port scanning has become an everyday practise even for non-malicious software so you'll get lots of false positives without detecting any port scanning patterns like real IDS systems do
3) your software will make the port appear as "open" for port scanning techniques encouraging future attempts to break into the system using that port
4) to make your software run you will have to bring the existing firewall down for it and if you're interacting with the IDS anyway, why write your own software instead of configuring the firewall properly?
5) you will not be able to start the real service (i.e. a real VNC daemon) on that port for as long as your software is running
6) if there can't be any real service running on that port, why bother checking if anyone tries to connect to it in the first place?

If you still insist on writing your own piece of software, just start a server on the port you want monitored and when something tries to connect to it, drop the connection (I think you have to accept it first, otherwise it will not leave the queue eventually blocking any future attempts to connect to the port) and send the message.

[sutee84]

Hi!

Can you write me a short example how to make a server and check the port as you wrote, because I have never used QNetwork class?

Thx.

[squidge]

There are numerous examples in the Qt installation. Have a look in the 'examples' directory.

As explained before however, don't expect your application to run at the same time as your VNC server, unless you want the pitfalls as explained above.

[prof.ebral]

I am a non-conformist when it comes to software. I agree with you that 'reinventing the wheel' is not truely innovation, but it can create innovation. I also like having the option of being able to code my own firewall.

There are numerous examples in the Qt installation. Have a look in the 'examples' directory.

Definitely a good start. The examples have a network and client that will show you something of how it works.

As explained before however, don't expect your application to run at the same time as your VNC server, unless you want the pitfalls as explained above.

I don't agree with this totally, fatjuicymole. The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.

[wysota]

I also like having the option of being able to code my own firewall.

But do it with means meant for coding a firewall, not a userspace application.

The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.

Hmm? Could you share a snippet of that does what you mean? Where would the connection proceed exactly? It seems you are using unix, so let's assume netcat started as

bash Code:

Switch view

netcat -l 10001

netcat -l 10001

To copy to clipboard, switch view to plain text mode 

... to be our server. Please write a minimal application (using whatever technology available for a standard u*ix system) that will bind a userspace application to tcp port 10001, intercept the connection, issue some debugging statement to the console and let the connection be picked up by the netcat pseudo-server.

Please also perform a (shallow) theoretical analysis of how the tcp handshake (SYN ->, SYN+ACK <-, ACK ->)would look like from the client's perspective in such a situation.

[squidge]

I don't agree with this totally, fatjuicymole. The OP can thread the connections and when a connetion attempt is made to a port he can be notified, release the port, and allow the connection to proceed.

Explain how to do this with Qt. I don't think it's possible for the simple reason that a user-level application doesn't have that kind of access (and Qt only works in user-land). Sure, you can get the connect notification and ignore it (not accept the connection request), but you then can't pass on that notification to some other program without affecting the source route. The only way I see it working is if the client automatically has multiple retries, so the notification app gets the first, releases the port, and VNC gets the next, but thats hardly a practical solution.

[wysota]

The only way I see it working is if the client automatically has multiple retries, so the notification app gets the first, releases the port, and VNC gets the next, but thats hardly a practical solution.

IMO this wouldn't work too, because of at least these facts and situations:

1. smart network stacks (or maybe it's even enforced by the standard, I don't remember) disallow binding to a just-released port to prevent stale connections/stray packets that might confuse the new daemon
2. race condition between the client and "server-switching" after an incoming connection is detected
3. a situation when the server can handle more than one connection simoultaneously - you wouldn't get any notification about new connections when there would already be a connection accepted by the real server
4. detecting when to reinstate the "peeking" daemon once the true connection is closed (+ a race condition again)

Of course I know how to do it in some special conditions in userland using Qt, i.e. on Linux you can implement a netlink device that will receive all incoming SYN packets before they are delivered to their destination but this is part of Linux firewalling mechanism, so it's kind of cheating (as you're still using kernel space means to get the data delivered to user space) and may slow down networking due to the necessity of copying the first packet of the connection back and forth between kernel and user space (fortunately only for a single packet per connection). By the way, that's probably how Windows personal firewalls work too more or less which would also explain why networking (and whole computer experience as well) is slower on Windows when a firewall is active.

[prof.ebral]

I am not assuming anything with you wysota. I am using multiple Linux distros and multiple Windows distros. To start assuming with you from your first post is just going to lead the thread further off topic, prevent me from working on the networking software I am working on right now, and create a list of assumptions that digress from a truth based reality; something I need in my life.

FYI, I am working on a software's server and client networking script at the moment and it is using threading. The code is in Python and PyQt, so I am not using pure Qt classes I am also using Python classes.

Query: Where is 'user land'?

[wysota]

I am not assuming anything with you wysota. I am using multiple Linux distros and multiple Windows distros. To start assuming with you from your first post is just going to lead the thread further off topic, prevent me from working on the networking software I am working on right now, and create a list of assumptions that digress from a truth based reality; something I need in my life.

Then I don't see why you're making opinions and defending them if you are not ready to make one more step and prove your points. It's easy to say "I don't have time to respond to your arguments, I have better things to do". Well, the truth is I'm devoting my private time to being here as well. The biggest compensation I can get is to study difficult cases such as this one and learn from them.

FYI, I am working on a software's server and client networking script at the moment and it is using threading. The code is in Python and PyQt, so I am not using pure Qt classes I am also using Python classes.

I don't care - you can write the proof of concept for your solution in pure python code even, I'm sure we'll understand the principles. The software doesn't even have to work, just show us the main idea.

Query: Where is 'user land'?

Everywhere where 'kernel land' is not.

[prof.ebral]

Then why don't you give me some time. I am rewriting the network and the current re-write is far from complete. If you want, you can download the source and see how the network uses threading.

http://www.assembla.com/wiki/show/traipse

The way the software's network is working: it uses threading to create new socks for each client, though all data is sent to one Port. It is pretty conceivable to use the same technology, only in reverse, to hand off the port request to a decision making function in the software. The function could notify the user through the UI and then the user could tell the software how to handle the request.

While the port request is being made, yes the port will be used by a service, but after the decision is completed the software can stop using the port allowing it to be accessed.

[squidge]

Then why don't you give me some time. I am rewriting the network and the current re-write is far from complete. If you want, you can download the source and see how the network uses threading.

Using threading to handle multiple connections is not a problem, but how do you pass a connection handled by a thread to another process?

[sutee84]

I will check the examples about network.
Does somebody know other way to check if somebody connect to the pc with winvnc (on windows), than check the vnc's port?

[wysota]

The application probably logs a connection to some file in which case you can monitor the log file.

[squidge]

Does somebody know other way to check if somebody connect to the pc with winvnc (on windows), than check the vnc's port?

Have you taken a look at the VNC source code? The simplest solution may be to modify the code of VNC to popup a message box asking if you wish to accept the connection and show the IP address of the computer thats attempting to connect.