Re: Detecting Internet activity

Hi Noeld,
Thanks for your feedback!

In this situation, I suggest you do the following test at first. Open a FTP
connection and then use netstat tool to confirm whether or not the relevant
port is 20 or 21. If so, it may be something wrong using the GetTcpTable
API(e.g. not convert from network byte order to host byte order)

The following article shows how to use GetTcpTable API(including sample
code)to get TCP information. I hope it's useful for you.
Title: Enhance netstat
URL: http://www.codeproject.com/internet/enetstatasp.asp

If you have any questions or concerns, please let me know. Thanks again and
have a nice day!

Best Regards,

Terry Fei[MSFT]
Microsoft Community Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Best Regards,


--------------------
>From: "Noël Danjou" <noeld@xxxxxxxxxxxxx>
>References: <ei23tXFHGHA.3000@xxxxxxxxxxxxxxxxxxxx>
<RHdNKvMHGHA.3764@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Detecting Internet activity
>Date: Thu, 19 Jan 2006 18:57:05 +0100
>Lines: 23
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>Message-ID: <#68BXHSHGHA.2320@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.win32.programmer.networks
>NNTP-Posting-Host: acaen-152-1-10-69.w83-115.abo.wanadoo.fr 83.115.154.69
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.win32.programmer.networks:27923
>X-Tomcat-NG: microsoft.public.win32.programmer.networks
>
>Hi Kellie and Terry,
>
>Thanks to both of you for your suggestions.
>
>I could not find the GetExtendedTcpTable declaration in the "Platform SDK
>for Windows 2003 SP1" so I looked at GetTcpTable instead and that API
could
>possibly do the trick but I still have some issues:
>
>- the listed ports don't seem to match the same figures as in netstat
>and
>- when I open a FTP connection, none of the listed ports match the
>"well-known" FTP ports 20 or 21, instead they show as 3544 to 3549 for
>example. How would I figure out if it is a port used for FTP, HTTP or
other
>protocol or how would I convert them to well-known port numbers like 21 or
>80?
>
>Thank you.
>
>Best regards,
>--
>Noël
>
>
>

.

Relevant Pages

  • RE: Telnet/ftp problems SBS2000
    ... Please make sure your client computers are configured as both Firewall ... will find two options "Enable folder view for FTP sites" and "Use Passive ... that the control connection has been successfully established, ... (other than port 21) ...
    (microsoft.public.windows.server.sbs)
  • Re: IPSwitch, Inc. WS_FTP Server
    ... > bounce attack as well as PASV connection hijacking. ... > The FTP bounce vulnerability allows a remote attacker to cause the ... > anonymously along with any internal addresses that the FTP server has ... That means it's got to handle a PORT ...
    (Bugtraq)
  • RE: FTP Window of opportunity?
    ... target on the line when in reality it was just a firewall lying to them. ... The connection connects and then immediately ... Subject: FTP Window of opportunity? ... the FTP port shows up. ...
    (Pen-Test)
  • Re: Iptables FTP question
    ... think all other related would be from specific modules,the FTP and IRC ... Keep in mind that connection ... source port of 20 if it is for port mode data connections(for a standard ... I would also break down your rules into chains instead of appending such ...
    (comp.security.firewalls)
  • Re: Passive means what during FTP?
    ... :227 Entering Passive Mode ... :ftp: connect: No route to host ... The FTP data transfer uses a connection that is separate from the ... address and port number to connect to for the data transfer. ...
    (comp.os.linux.setup)