Suggestion for a UDP port to listen to
Sam of California
I am a beginner so this question might not make any sense. I want to write a
UDP sender and receiver so I will do the receiver first. This is entirely a
learning excercise. It is my understanding that there are tools I can use to
help with this; I can probably write the sender first and use a tool to
verify that it is working. However if there is UDP data that my system is
receiving that is not being used, then that could also be useful.
I realize that the answer probably depends on things in my system and such.
My system is not a server and I am using Windows XP.
If there is not a simple answer then it is not important.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.530 / Virus Database: 325 - Release Date: 10/22/2003
Arkady Frenkel
used as UDP or TCP on
Windows SDK ( on on Windows SDK\samples\netds\winsock )
Arkady
"Sam of California" <sam...@socal.rr.com> wrote in message
news:K_crb.111$pE3...@twister.socal.rr.com...
Sam of California
news:OOo42Fkp...@TK2MSFTNGP12.phx.gbl...
> You have project called simple ( simples - server/simplec - client ) maybe
> used as UDP or TCP on
> Windows SDK ( on on Windows SDK\samples\netds\winsock )
Thank you.
That shows how to listen. I am asking for a suggestion for something to
listen to. In other words, I am not asking for code; I am asking for data. I
am asking for a port number or something like that. If "port number" is
unclear, then look at my original question; I hope I was clear enough there.
Arkady Frenkel
http://tangentsoft.net/wskfaq/intermediate.html#svrport
Arkady
"Sam of California" <sam...@socal.rr.com> wrote in message
news:1Lfrb.154$pE3...@twister.socal.rr.com...
Sam of California
That does not answer my question either.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.537 / Virus Database: 332 - Release Date: 11/6/2003
Sam of California
> Is there a UDP port that might be getting data that is not being read?
>
> I am a beginner so this question might not make any sense. I want to write
a
> UDP sender and receiver so I will do the receiver first. This is entirely
a
> learning excercise. It is my understanding that there are tools I can use
to
> help with this; I can probably write the sender first and use a tool to
> verify that it is working. However if there is UDP data that my system is
> receiving that is not being used, then that could also be useful.
>
> I realize that the answer probably depends on things in my system and
such.
> My system is not a server and I am using Windows XP.
>
> If there is not a simple answer then it is not important.
I think I have captured a few relevant packets.
I seem to be getting a lot of UDP packets sent to my port 1223. I see that
that port is used for "TGP", whatever that is.
I also received packets sent to my ports 3210, 3213, 3214 and 3216. Their
designated uses are as follows:
3210 Flamenco Networks Proxy
3213 NEON 24X7 Mission Control
3214 JMQ Daemon Port 1
3216 Ferrari electronic FOAM
So what would happen if I was to listen to one of those ports to receive the
packets? I would do this just for testing purposes. Is all of the above data
not used by most systems?
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Alan J. McFarlane
> "Sam of California" <sam...@socal.rr.com> wrote in message
> news:K_crb.111$pE3...@twister.socal.rr.com...
>> Is there a UDP port that might be getting data that is not being
>> read?
>>
>> I am a beginner so this question might not make any sense. I want to
>> write a UDP sender and receiver so I will do the receiver first.
>> This is entirely a learning excercise. It is my understanding that
>> there are tools I can use to help with this; I can probably write
>> the sender first and use a tool to verify that it is working.
>> However if there is UDP data that my system is receiving that is not
>> being used, then that could also be useful.
>>
>> I realize that the answer probably depends on things in my system
>> and such. My system is not a server and I am using Windows XP.
>>
I wouldn't expect there to be any UDP packets being received without some
program locally accepting them. The only (incoming) UDP traffic I see
normally on my internet connection are DNS name lookup responses and DHCP
address assignment responses (to port 68) and, when in use, streaming audio
(e.g. RealAudio).
The only others I see are spam Windows Messenger traffic and Windows
Networking name lookup (NetBIOS-over-TCP/IP Name Service) traffic. These
come to port 135 and 137. You could try listening on port 135 (RPE locator)
or 137 (nbname) if you have the respective services disabled.
> I think I have captured a few relevant packets.
>
I presume with a sniffer program? ...and not with a Winsock program that
listens on a UDP port.
> I seem to be getting a lot of UDP packets sent to my port 1223. I see
> that that port is used for "TGP", whatever that is.
>
Hmm don't know about that one, but see below.
> I also received packets sent to my ports 3210, 3213, 3214 and 3216.
> Their designated uses are as follows:
>
> 3210 Flamenco Networks Proxy
> 3213 NEON 24X7 Mission Control
> 3214 JMQ Daemon Port 1
> 3216 Ferrari electronic FOAM
>
When sending a UDP packet (and also when creating a TCP connection)
(usually) an arbitrary source port is chosen by the system--you will seem
some sources refer to this as an ephemeral port. The system normally
assigns ports in ascending order, so I think that's what you are seeing
here. I think it's likely those are the local machine's port number for a
sequence of DNS queries. What is the remote port number in those packet?
53 by any chance?
> So what would happen if I was to listen to one of those ports to
> receive the packets? I would do this just for testing purposes. Is
> all of the above data not used by most systems?
>
Well it depends. It likely that you will get an error bad of the form
port/address_in_use though.
--
Alan J. McFarlane
http://homepage.ntlworld.com/alanjmcf/
Please follow-up in the newsgroup for the benefit of all.
John R Buchan
68. Since DHCPDISCOVER packets are generally broadcast, you should be
able to pick them up from any machine listening on the port. In some
cases, you will also see DHCPOFFER and DHCPREQUEST packets, as well.
If you don't have NetBT installed on the XP machine you might also
listed on 137 and 138. These are the NetBIOS name resolution and
datagram ports. There is typically broadcast UDP traffic on these ports
on most (pre-W2k and mixed mode) MS networks.
--
Note, I seldom respond to email questions. Please keep discussions in
the news group, so everyone can benefit from them (including me <g>).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
John R Buchan ........................ jrb-tech(at)unknownegg(dot)org
Sam of California
"Alan J. McFarlane" <alan...@yahoo.com.INVALID> wrote in message
news:UYNrb.1872$Tc2....@newsfep4-glfd.server.ntli.net...
>
> The only others I see are spam Windows Messenger traffic and Windows
> Networking name lookup (NetBIOS-over-TCP/IP Name Service) traffic. These
> come to port 135 and 137. You could try listening on port 135 (RPE
locator)
> or 137 (nbname) if you have the respective services disabled.
Thank you, I will investigate.
> I presume with a sniffer program? ...and not with a Winsock program that
> listens on a UDP port.
I used PacketMon from AnalogX.
> I think it's likely those are the local machine's port number for a
> sequence of DNS queries. What is the remote port number in those packet?
> 53 by any chance?
The source port was 80 and the source IP was 65.215.158.8 for 4 packets,
each with a target port of 3210, 3213, 3214 and 3216.
Sam of California
"John R Buchan" <see.my.s...@nowhere.null> wrote in message
news:li30rvo0012kq77rg...@4ax.com...
> If you're on a segment with a DHCP available, you might listen on 67 and
> 68.
This sounds interesting. I will investigate.
> If you don't have NetBT installed on the XP machine you might also
> listed on 137 and 138.
I will investigate this too. I probably don't have NetBT installed but I
will check to determine for sure.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Alan J. McFarlane
> news:UYNrb.1872$Tc2....@newsfep4-glfd.server.ntli.net...
> Thank you, now we are talking. This is what I was hoping for.
>>
>> The only others I see are spam Windows Messenger traffic and Windows
>> Networking name lookup (NetBIOS-over-TCP/IP Name Service) traffic.
>> These come to port 135 and 137. You could try listening on port 135
>> (RPE locator) or 137 (nbname) if you have the respective services
>> disabled.
>
> Thank you, I will investigate.
>
Note there is _some_ possibility that binding a UDP socket to a port used by
an existing program could intercept the packets to it and thus stop is
operating. This is not very likely these days (much later in your learning
process lookup SO_EXCLUSIVEADDRUSE) but just so you know. :-)
[...]
>> I think it's likely those are the local machine's port number for a
>> sequence of DNS queries. What is the remote port number in those
>> packet? 53 by any chance?
>
> The source port was 80 and the source IP was 65.215.158.8 for 4
> packets, each with a target port of 3210, 3213, 3214 and 3216.
>
Erm, was the IP Protocol definately UDP (IP Protocol 17=0x11), it looks like
those are part of TCP (protocol 6) connections, precisely HTTP connections
(port 80 is HTTP) to a server at Decisionmark Corp (see
http://ws.arin.net/cgi-bin/whois.pl?queryinput=65.215.158.8).
BTW the group microsoft.public.win32.programmer.networks may be an even
better place for questions on network programming.
Sam of California
> Note there is _some_ possibility that binding a UDP socket to a port used
by
> an existing program could intercept the packets to it and thus stop is
> operating.
Yes, I understand. Because of that, I was asking here.
> > The source port was 80 and the source IP was 65.215.158.8 for 4
> > packets, each with a target port of 3210, 3213, 3214 and 3216.
> >
> Erm, was the IP Protocol definately UDP (IP Protocol 17=0x11), it looks
like
> those are part of TCP (protocol 6) connections, precisely HTTP connections
> (port 80 is HTTP) to a server at Decisionmark Corp (see
> http://ws.arin.net/cgi-bin/whois.pl?queryinput=65.215.158.8).
The Protocol was definately UDP. So I assume I have some spyware reporting
back to Decisionmark. I wonder if Ad-Aware removes the spyware, but I will
go elsewhere for answers to questions such as that.
> BTW the group microsoft.public.win32.programmer.networks may be an even
> better place for questions on network programming.
Thank you. I was not sure where to go; now I know.