Firewalls, ports and packets info

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I know you can use wireshark and various commands to see incoming and outgoing packets and the ports the are using to block ports that are unused etc but I was wondering is there an app that will tell you if a game or application needs to use specific ports?

i.e something that will say splinter cell conviction uses port 80 etc instead having to run wireshark and see whats going on.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Netstat and TCPView ? This has long been part of the N+ objectives

Not as good as Wireshark but MS also have NetworkMonitor.

Doesn't it also cover ping, tracert, pathping, ipconfig, route, arp, etc.

Version I took didn't go into any real detail on anything making it rather expensive and pointless exam IMHO.

 

yep they are. I was meaning something a bit more simple such as it just saying this app uses this port kind of thing.

See we have a schoolkid at out place doing work experience and I have been trying to teach him what he info from netstat, nslookup and wireshark all mean but he is not getting it. I have also shown him the prof messer videos but that doesn't seem to stick either so I am wanting something that will say this app uses this port to try and simplify it for him.

 

TCPView is the simple version, netstats not exactly complex either.

Yeah nslookup also on exam but relates to name servers and DNS, not gonna help explain TCP/IP sockets and ports to a kid.

Sockets can be opened and closed, so as long as apps don't run at same times, multiple apps could use same port on same socket over time.

Applications don't have to conform to the 'common well known port numbers' if they don't want to, it just makes peoples lives easier if they do.

Maybe these might help ?

http://www.infm.ulst.ac.uk/~kevin/com347/q&a2.htm
http://wapedia.mobi/en/TCP_and_UDP_port
http://wapedia.mobi/en/Internet_socket

Failing that maybe get him to mess with Telnet, FTP, gopher, lynx, wget or other basic comms programs or teach him serial comms first, maybe play with hyperterminal to control a device. You could try sending send printer codes to a printer or controlling an old modem using Hayes AT commands. Otherwise maybe just use a null modem cable to connect two machines. Hell go one better and have him make a serial null modem cable, later you can have him make a crossover cat5 cable. A lot schools also used to let students build robot kits and control them trough the parallel port.

Pretty sure CCENT courses start with this sort of stuff at most colleges too.

 

have tried going through what all the commands do and what they show, have also gone through what wireshark is showing. Not tried TCPview though so might give the a go at dinner time and see if it makes it any clearer to him.

BTW I know what netstat etc all do its trying to get this kid to understand it as he doesn't seem to be getting it at all.

 

Its like a radio with channels, the NIC sees prettymuch everything on the wire at the hardware level, like a super radio that could be tuned into all stations at once, the application has to specify which port its interested in on the TCP/IP address associated to the NIC, like chosing a channel to listen too.

Its this facility that allows you to have hundreds of applications and services multitasking and communicating 'simultaneously'. The port's provide a level of abstraction over the ethernet hardware.

I thing you could say is its like an extension power strip, the strip is like a (TCP) socket, and the plug holes are like ports.

Basically you have one physical connection, but you can split it into multiple virtual channels.

Another thing you could explain with regard to firewalls and ports is port scanning and attack surface and point them to something like ShieldsUp.

 

That's actually a good way of explaining it, thanks and I'd forgotten about shieldsup.

 

I've always used the Post Office analogy - ever since I saw it used to illustrate the difference between UDP and TCP. Basically, 'regular' mail (i.e. first & second class) is sent out via the Post office. They don't 'guarantee' delivery of it, so mail delivery can't be said to be 'reliable'. That's UDP. 'Registered' mail (i.e. signed for) is sent via the same organisation, but since it's 'guaranteed' it can be said to be reliable That's TCP

Using the same sort of analogy, a specific port is like a specific person at an address. The TCP/IP stack (sorting office, postman) takes care of delivering the packet (letter) to the correct network (house) address. If there isn't a specific port number (person's name) in the packet (letter), there's no way to know which application (person) to deliver the packet to.

 

Thats a good way of putting too I was trying to think of a way of explaining about connectionless and connected protocols to him.

cheers for that I'll show him what you said, hopefully it will stick now.

 

thanks for the analogies guys, he got it thanks to what you said... eventually.