Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

netcat and monitoring local traffic 1

Status
Not open for further replies.
fastlanwan

fastlanwan

Technical User
Mar 29, 2003
42
US
I'm trying to monitor any traffic from my machine (XP) using netcat. It seems to be listening by the prompt of "listening on port x..." but I see no output to the screen or if I redirect to a file, its empty.

The cmd I've tried using are "nc -vv -l -p21-139" or "nc -l -p21-139" both with and without ">filename" with no output either way. I do have a firewall and took it down for the tests so that's not it and its running or "listening on port x..." while I'm web surfing it should at least pickup p53 and p80 but its not picking up anything.

Ideas anyone?

A+ N+ Sec+ SME/Sec+
 
Sort by date Sort by votes
Netcat is not designed to be used for monitoring traffic, it is an application that listens on a given port to the exclusion of any other application that may be listening on that port. If you bind to a specific IP address, you will typically insert "in front of" the listening application, which generally listens on "any" IP address.

Read the following excerpt from the netcat for NT README.

--------------------------------------------
You will need to bind "in front of" some services that may already be listening on those ports. An example is the NETBIOS Session Service that is running on port 139 of NT machines that are sharing files. You need to bind to a specific source address (one of the IP addresses of the machine) to accomplish this. This gives Netcat priority over the NETBIOS service which is at a lower priority because it is bound to ANY IP address. This is done with the Netcat -s option:

nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx

Now you can connect to the machine on port 139 and Netcat will field the connection before NETBIOS does. You have effectively shut off file sharing on this machine by the way. You have done this with just user privileges to boot.
--------------------------------------------

BTW, the example is quite dangerous, as it binds a command shell to port 139, meaning that anyone who attempts to telnet to that port will receive a command prompt from your machine.

I think that what you are really looking for is Ethereal ( It uses the WinPCAP library, which is a packet capture library developed initially for Unix at Lawrence Berkely Labs and ported to Windows by an Italian firm.


pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
245
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
207
Nitta84
Nitta84
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
92
Russtoleum
Russtoleum
LonnieJohnson
  • Locked
  • Question
Monitoring incoming threats
Replies
2
Views
73
LonnieJohnson
LonnieJohnson

Part and Inventory Search

Sponsor

Back
Top