Today I was playing Modern Warfare 2. I was hosting ground war. There were something like 20 people playing. A notoroius blatant hacker joined. I wanted to get rid of him. My idea was to start adding ports to my firewall to find him and block him out.
When I opened up netstat this is what I found.
alt text http://www.phantix-llc.com/netstat_data.jpg
The last entry is immediately after I quit the game. The last IP shown belongs to steam.
How does MW2 hide all the incoming connections from netstat?
How can I overcome this?
It'll be using UDP not TCP, so won't have fixed connections. Unfortunately you're not going to be able to find his IP from netstat for UDP; you'll have to look it up in-game.
To get more useful information from netstat, you wanted netstat -ano: that'll also show your open UDP listen sockets and the program IDs that own each one. You can then use task manager (view, select columns, add PID column) to identify which ones are owned by MW2. But UDP doesn't have fixed connections so it won't show information about who externally is using your UDP connections.
Yes there are admin tools for mwf2,allso writing status in the console "pressing ctrl+alt+supr in game so u can see console behind". Also aIWNet_crt_u.exe "cheat reporting tool" will give u the ips and names and xuid.
if your look to kick someone out of a game your hosting try this site
http://www.adivinedude.com
it has a tool with all the instructions and source code needed
Use a tcpdump/wireshark (used to be ethereal) type of a tool to analyze the traffic. The problem then is that you will have to pinpoint which udp stream belongs to the nasty person.
If you are hosting the game and are able to kick people out, you might want to record traffic and then kick him out and see which stream stops. Another option is to send him private messages and try to see where they are sent.
Related
My game, is aimed to have around 20-30 players in one server, keeps crashing with 1-2 players after a short delay. If 3 or more try to join, it crashes instantly. Sometimes it doesn't even allow 1 person to join. It often gives the ID=17, with Errors 277 or 279, or to check their internet connection.
The map isn't especially large, it consists of 3 small islands made out of terrain, with bridges and water in-between. There are a couple of buildings and a couple of scripts running. A duplicate of the game can be found here, which is exactly the same, just stored under a different game (to protect the original).
I've tried disabling the API services and HTTP services individually and 3rd party stuff is always off as I never use it. Some audio files, taken from the Roblox verified music and Monstercat, occasionally don't play properly in the radio, but I'm not sure if this is related. I've also tried running it in "Testservice" but it still doesn't want to work, same errors. It runs perfectly in Normal Roblox studio running.
Any help is appreciated, please ask if you need anything else.
As it's such a diverse range of things it could possibly be, I'm unsure which code parts would be useful.
This is probably an error in your internet connection or computer. The game worked well for me. There are lots of possible fixes to this problem. Here are some of them:
Disable your firewall/antivirus
Unplug your router for a minute, turn off devices connected to it, and then restart.
Reinstall the game
Try playing the game in another wifi connection
Open Ports. You may not be able to play Roblox as a result of you not forwarding
ports. Here are the relevant ports you’ll need to open, along with instructions on how
to open them:
ROBLOX PC PORTS:
UDP: 49152–65535
Here’s how to open these ports:
Log in as admin to your router.
Navigate to the port forwarding category.
Enter the IP address of your PC or console.
Enter the TCP and/or the UDP ports for Roblox.
Restart your router.
Links from the sites I got that information:
https://whatt.org/errors/roblox-error-code-277-fix/
https://www.gamerevolution.com/guides/560789-how-to-fix-roblox-error-code-279-id-17
(Remaining segment of original Question)
I'm a bit confused on logistics of a software firewall app on a client side computer that blocks incoming on a port. Texts generally depict a Server initiating the bind to a port then setting up listening. Then clients can attempt to connect to this server, upon which the Server assigns the Client another free port number to form the connection protocol tuple.
But how does an app on a client setup or bind to a port to monitor and/or block it?
UPDATE EDIT ADD:
I looked at the links 4dc0 gave in comment and they were helpful.
So I deleted certain segments of my original question as answered to a point that they are mute issue of concern.
After doing more reading I found in the context of servers, 0.0.0.0 means all IPv4 addresses on the local machine. So this led me in a new direction of decipher.
so I looked at this, >netstat -a -n -o -b
I like the -b switch cause some PIDs don't show in task man svcs.
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:49168 0.0.0.0:0 LISTENING 2020
listening
[NortonSecurity.exe]
TCP 0.0.0.0:49169 0.0.0.0:0 LISTENING 2020
[NortonSecurity.exe]
TCP 192.168.1.5:49170 13.91.60.30:443 ESTABLISHED 2020
[NortonSecurity.exe]
TCP 192.168.1.5:51220 50.23.246.167:80 TIME_WAIT 0
TCP 192.168.1.5:51223 151.101.1.69:443 ESTABLISHED 5504
[firefox.exe]
This was interesting but I still needed help deciphering the full impact. I did more searching and found this link,
How do multiple clients connect simultaneously to one port, say 80, on a server?
While a different Title persey it gave me a lot of insight into this and more directions to search from here. Additionally it gave a good book link which in the used sellers section was affordable.
I can see many reasons why someone qualified would not reply to a post like this. However my naivety in posting the question was surpassed only by my desire to get more insight into these facets. Admittedly I was not seeking to write code for such, but desired a deeper understanding of it. As I searched through one clue to the next I realized the depth and scope of what I sought. And after some effort I did find enough to give me an idea of what's going. In case anyone comes by here with same curiosities I'm posting up a few of the better links I found.
Some links are dated but contain paradigm related content of application based filtering, tracking, layer 3, 4, and/or drivers via the NDIS firewall paradigms.
https://www.symantec.com/connect/articles/software-firewalls-made-straw-part-1-2
https://learn.microsoft.com/en-us/windows-hardware/drivers/network/ndis-driver-stack
https://learn.microsoft.com/en-us/windows-hardware/drivers/netcx/
https://www.codeproject.com/Articles/3405/Developing-Firewalls-for-Windows-2000-XP
https://www.codeproject.com/Articles/5602/Simple-Packet-Filter-Firewall
https://www.novell.com/documentation/nbm38/?page=/documentation/nbm38/overview/data/ae70q0b.html
http://programmerworld.net/personal/firewall.htm
Good recommended book
https://www.amazon.com/exec/obidos/tg/detail/-/0471205443/qid=1094828844/sr=1-1/ref=sr_1_1/103-9352427-0026242?v=glance&s=books&tag=hardfocom-20
I've got an old connection log to a website which contains the IP addresses, the user agent string and the timestamp.
I want to know how many of them used 3G to access a website as I suspect there is a latency issue.
Now I know that I can use some code to have this info directly from the user.
But I still want to process this old log using only IP addresses even if it is only for one ISP.
I thought I could do that by finding a list of the subnets used for 3g.
Do you think it can be done?
Otherwise, what do you suggest?
Hope you can help.
Cheers,
One approach could be to lookup every IP using "whois" services, if the ISP listed is a phone carrier only, you can be certain the connection was made by a mobile connection.
This is not a total solution, but it might give you enough information.
Now, to find a service which will allow you to make all the requests required, might be another matter.
Basically I need to find out where an application X connects to (ip or domain name) and what data is being passed back and force. The application is plain Windows app, system is Windows Vista.
The connection is very quick and something like netstat does now show it - is there a way to show past connections using netstats or other program?
I suspect a connection is HTTP, so if this is true, knowing the full URL would be nice to have too.
Thanks
Nik
Take a look at Wireshark; it allows you to monitor all incoming and outgoing network traffic on your machine and has a ton of advanced filtering options.
You could also find your programs PID, and run netstat -o in cmd, this command lists all active connections and the PID thats using it.
I've searched this subject in stackoverflow and found out that a telnet library would help, and I found a telnet lib here: C# Telnet Library
but I don't know how I can use a telnet library to open a port in my router. I'm using an AT&T 2wire router. Any hints on how I can do this?
You can't. The 2wire router is an island unto itself, if it decides to block a port nothing external can (or should) be able to change that. You are on the wrong track, and would need to restate your goals in order to get a useful answer.
UPnP and other "Hole Punching" techniques do exist: but you'll be in a world of hurt if you try to reply on them for any widespread deployment.
Perhaps you meant to open a connection to a remote server and then establish two way communication. That is easy... and how other games and tools get the job done.
Technically speaking you should not be able to. You shouldn't have outside programatic access to a router to open a port if it's blocked.
If what you mean is opening a port for communication (that is not blocked) then you can simply create Sockets with the address and port (ex. localhost 7777) to establish inter process communication or simply communication with another server.
As I mentioned in a comment below there are ports that are available for use (in C# this can be easily tested, a quick google search will find you many snippets of code for testing if a port is open). A simple approach is to simply start at port 1024 (I believe this is the correct lower bound for ports that should be used by applications, someone correct me if I'm wrong) and just start counting up until you find a port that is available, if you find you've reached some upper limit you can simply report that a connection cannot be made. I hope this clears up a little more and if I have time I will try to find some code I have for this and edit it in but honestly a quick search can net you similar code for checking ports in C#.