수안이의 컴퓨터 연구실

7 Articles, Search for 'Network'

2009/01/21 Sysinternals Utilities
2009/01/21 NirSoft Freeware Utilities
2009/01/21 Foundstone Free Tools
2007/07/27 Network Programming in C#
2007/07/18 NBTScan. NetBIOS Name Network Scanner. (2)
2007/05/14 UDP 프로그래밍의 기초
2007/05/14 ICMP 프로그래밍

Software2009/01/21 17:36

Sysinternals Utilities

http://technet.microsoft.com/en-us/sysinternals

Sysinternals Suite
The entire set of Sysinternals Utilities rolled up into a single download.

AccessChk
v4.23 (December 19, 2008)
This update fixes a bug that sometimes caused AccessChk to not show the full list of rights and privileged assigned to a user account.

AccessEnum
1.32 (November 1, 2006)
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.

AdExplorer
v1.01 (November 27, 2007)
Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.

AdInsight
v1.01 (November 20, 2007)
An LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications.

AdRestore
v1.1 (November 1, 2006)
Undelete Server 2003 Active Directory objects.

Autologon
v2.10 (November 1, 2006)
Bypass password screen during logon.

Autoruns
v9.38 (January 12, 2009)
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

BgInfo
v4.14 (August 8, 2008)
This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.

BlueScreen
v3.2 (November 1, 2006)
This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x.

CacheSet
v1.0 (November 1, 2006)
CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT.

ClockRes
v1.0 (November 1, 2006)
View the resolution of the system clock, which is also the maximum timer resolution.

Contig
v1.55 (September 30, 2008)
Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.

Coreinfo
v1.0 (September 11, 2008)
Coreinfo is a new command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.

Ctrl2cap
v2.0 (November 1, 2006)
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.

DebugView
v4.76 (October 16, 2008)
Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.

Desktops
v1.0 (August 21, 2008)
This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.

DiskExt
v1.1 (May 14, 2007)
Display volume disk-mappings.

Diskmon
v2.01 (November 1, 2006)
This utility captures all hard disk activity or acts like a software disk activity light in your system tray.

DiskView
v2.21 (November 1, 2006)
Graphical disk sector utility.

Disk Usage (DU)
v1.33 (December 10, 2008)
View disk usage by directory.

EFSDump
v1.02 (November 1, 2006)
View information for encrypted files.

Filemon
v7.04 (November 1, 2006)
This monitoring tool lets you see all file system activity in real-time.

Handle
v3.42 (November 19, 2008)
This handy command-line utility will show you what files are open by which processes, and much more.

Hex2dec
v1.0 (November 1, 2006)
Convert hex numbers to decimal and vice versa.

Junction
v1.05 (July 24, 2007)
Create Win2K NTFS symbolic links.

LDMDump
v1.02 (November 1, 2006)
Dump the contents of the Logical Disk Manager's on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.

ListDLLs
v2.25 (November 1, 2006)
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.

LiveKd
v3.0 (November 1, 2006)
Use Microsoft kernel debuggers to examine a live system.

LoadOrder
v1.0 (November 1, 2006)
See the order in which devices are loaded on your WinNT/2K system.

LogonSessions
v1.0 (November 1, 2006)
List the active logon sessions on a system.

MoveFile
v1.0 (November 1, 2006)
Allows you to schedule move and delete commands for the next reboot.

NewSID
v4.10 (November 1, 2006)
Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID.

NTFSInfo
v1.0 (November 1, 2006)
Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.

PageDefrag
v2.32 (November 1, 2006)
Defragment your paging files and Registry hives.

PendMoves
v1.1 (November 1, 2006)
Enumerate the list of file rename and delete commands that will be executed the next boot.

PortMon
v3.02 (November 1, 2006)
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.

Process Explorer
v11.32 (January 12, 2009)
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

Process Monitor
v2.03 (December 10, 2008)
Monitor file system, Registry, process, thread and DLL activity in real-time.

ProcFeatures
v1.10 (November 1, 2006)
This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.

PsExec
v1.94 (January 4, 2008)
Execute processes with limited-user rights.

PsFile
v1.02 (December 4, 2006)
See what files are opened remotely.

PsGetSid
v1.43 (December 4, 2006)
Displays the SID of a computer or a user.

PsInfo
v1.75 (July 9, 2007)
Obtain information about a system.

PsKill
v1.12 (December 4, 2006)
Terminate local or remote processes.

PsList
v1.28 (December 4, 2006)
Show information about processes and threads.

PsLoggedOn
v1.33 (December 4, 2006)
Show users logged on to a system.

PsLogList
v2.64 (December 4, 2006)
Dump event log records.

PsPasswd
v1.22 (December 4, 2006)
Changes account passwords.

PsService
v2.22 (January 11, 2008)
View and control services.

PsShutdown
v2.52 (December 4, 2006)
Shuts down and optionally reboots a computer.

PsSuspend
v1.06 (December 4, 2006)
Suspend and resume processes.

PsTools
v2.43 (February 12, 2007)
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

RegDelNull
v1.10 (November 1, 2006)
Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.

RegHide
v1.0 (November 1, 2006)
Creates a key called "HKEY_LOCAL_MACHINE\Software\Sysinternals\Can't touch me!\0" using the Native API, and inside this key it creates a value.

RegJump
v1.01 (November 1, 2006)
Jump to the registry path you specify in Regedit.

RegMon
v7.04 (November 1, 2006)
This monitoring tool lets you see all Registry activity in real-time.

RootkitRevealer
v1.71 (November 1, 2006)
Scan your system for rootkit-based malware.

SDelete
v1.51 (November 1, 2006)
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.

ShareEnum
v1.6 (November 1, 2006)
Scan file shares on your network and view their security settings to close security holes.

ShellRunas
v1.01 (February 28, 2008)
Launch programs as a different user via a convenient shell context-menu entry.

Sigcheck
v1.54 (September 30, 2008)
Dump file version information and verify that images on your system are digitally signed.

Streams
v1.56 (April 27, 2007)
Reveal NTFS alternate streams.

Strings
v2.40 (April 24, 2007)
Search for ANSI and UNICODE strings in binaryimages.

Sync
v2.0 (November 1, 2006)
Flush cached data to disk.

TCPView
v2.53 (January 11, 2008)
Active socket command-line viewer.

VolumeId
v2.0 (November 1, 2006)
Set Volume ID of FAT or NTFS drives.

Whois
v1.01 (November 1, 2006)
See who owns an Internet address.

WinObj
v2.15 (November 1, 2006)
The ultimate Object Manager namespace viewer is here.

ZoomIt
v3.01 (January 12, 2009)
Presentation utility for zooming and drawing on the screen.

"Software" 카테고리의 다른 글

Sysinternals Utilities (0)2009/01/21
NirSoft Freeware Utilities (0)2009/01/21
Windows Server 2008 (0)2008/04/27
오류없는 SW 개발을 꿈꾼다 (0)2005/10/12
해커를 움직이는 힘 (0)2005/05/30

Posted by webdizen

Tags Monitoring, Network, Process, Scanner, Sysinternals, System

No Trackback No Comment

Leave your greetings.

Software2009/01/21 15:36

NirSoft Freeware Utilities

http://www.nirsoft.net

Password Recovery Utilities

The utilities provided in the following section are for password recovery and educational purposes only. They are not intended to be used for illegal purposes.

MessenPass v1.24 - Instant Messenger Password Recovery
MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications: MSN Messenger, Windows Messenger (In Windows XP), Windows Live Messenger (In Windows XP And Vista), Yahoo Messenger (Version 5.x/6.x), ICQ Lite 4.x/5.x/2003, AOL Instant Messenger, AIM 6.x, AIM Pro, Trillian, Miranda, and GAIM.

Asterisk Logger v1.04
Automatically reveals the passwords stored behind the asterisks ('***') in standard password text-boxes of Windows.

Dialupass v3.00 - Dialup Password Recovery
This utility enumerates all dialup/VPN entries on your computers, and displays their logon details: User Name, Password, and Domain. You can use it to recover a lost password of your Internet connection or VPN.
Dialupass also allows you to save the dialup/VPN list into text/html/csv/xml file, or copy it to the clipboard.

Protected Storage PassView v1.63
This utility reveals the passwords stored on your computer by Internet Explorer, Outlook Express and POP3 accounts of MS-Outlook. The passwords are revealed by reading the information from the Protected Storage.

IE PassView v1.15
IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0/8.0, as well as older versions of Internet explorer, v4.0 - v6.0

PasswordFox v1.10
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

ChromePass v1.05

ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry, the following information is displayed: Origin URL, Action URL, User Name Field, Password Field, User Name, Password, and Created Time. You can select one or more items and then save them into text/html/xml file or copy them to the clipboard.

Network Password Recovery v1.20
When you connect to a network share on your LAN or to your .NET Passport/Messenger account, Windows XP/Vista allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user.

AsterWin IE v1.03
This utility reveals the passwords stored behind the asterisks in the web pages of Internet Explorer 5.0 and above. You can use it for recovering a lost web site password, if it's stored on your computer.
It was developed in Visual Basic environment and requires the Visual Basic Runtime library.
Source code is included !

Mail PassView v1.46 - Email Password Recovery
Recovers the passwords and other email accounts information of the following email applications: Outlook Express, Microsoft Outlook 2000 (POP3/SMTP Accounts only), Microsoft Outlook 2002/2003/2007, Windows Mail, IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free, and Web-based email accounts.

PstPassword v1.11
PstPassword is a small utility that recover lost password of Outlook .PST (Personal Folders) file.

WirelessKeyView v1.20
WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard.

Remote Desktop PassView v1.01
Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside .rdp files.

LSASecretsView v1.20
LSASecretsView is a small utility that displays the list of all LSA secrets stored in the Registry on your computer. The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your RAS/VPN passwords, Autologon password, and other system passwords/keys.

LSASecretsDump v1.20
LSASecretsDump is a small console application that extract the LSA secrets from the Registry, decrypt them, and dump them into the console window. The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your RAS/VPN passwords, Autologon password, and other system passwords/keys.
This utility is the console version of LSASecretsView.

PCAnywhere PassView v1.11
Reveals the passwords stored in PCAnywhere items. Both login information and the protection passwords are revealed instantly.

Access PassView v1.12
This utility reveals the database password of every password-protected mdb file that created with Microsoft Access 95/97/2000/XP or with Jet Database Engine 3.0/4.0
It can be very useful if you forgot your Access Database password and you want to recover it.

Win9x PassView v1.1
The Win9x PassView utility reveals the passwords stored on your computer by Windows 95/98 operating system.

Content Advisor Password Remover v1.01
Removes the Content Advisor password in Internet Explorer (versions 4.x and above).
Visual C++ Source code is included.

Enterprise Manager PassView v1.00
Reveals the passwords that SQL Server Enterprise Manager stores on your computer.

AsterWin v1.20
This utility reveals the passwords stored behind the asterisks in standard password text-boxes.
It supports the following operating systems: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000 and Windows XP.

VNCPassView v1.01
VNCPassView is a small utility that recover the passwords stored by the VNC tool. It can recover 2 of passwords: password stored for the current logged-on user (HKEY_CURRENT_USER in the Registry), and password stored for the all users.

AspNetUserPass v1.00
AspNetUserPass is a very simple console-based utility that displays the password of ASPNet user on your system.

Netscapass v2.03
Reveals the stored mail password (POP3 server password) for Netscape Communicator 4.x, Netscape 6.x and Netscape 7. It can also reveal the stored web-sites passwords in Netscape 6.x/7.x

Network Monitoring Tools

SmartSniff v1.45
SmartSniff allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)

SniffPass v1.07 - Password Sniffer
SniffPass is small utility that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords).
You can use this utility to recover lost Web/FTP/Email passwords.

SocketSniff v1.02
SocketSniff allows you to watch the Windows Sockets (WinSock) activity of the selected process.
For each created socket, the following information is displayed: socket handle, socket type, local and remote addresses, local and remote ports, total number of send/receive bytes, and more. You can also watch the content of each send or receive call, in Ascii mode or as Hex Dump.

CurrPorts v1.56
CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file.
CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)

AdapterWatch v1.04
AdapterWatch displays useful information about your network adapters: IP addresses, Hardware address, WINS servers, DNS servers, MTU value, Number of bytes received or sent, The current transfer speed, and more. In addition, it displays general TCP/IP/UDP/ICMP statistics for your local computer.

NetResView v1.16
NetResView is a small utility that displays the list of all network resources (computers, disk shares, and printer shares) on your LAN. As opposed to "My Network Places" module of Windows, NetResView display all network resources from all domains/workgroups in one screen, and including admin/hidden shares.

PingInfoView v1.20
PingInfoView is a small utility that allows you to easily ping multiple host names and IP addresses, and watch the result in one table. It automatically ping to all hosts every number of seconds that you specify, and displays the number of succeed and failed pings, as well as the average ping time. You can also save the ping result into text/html/xml file, or copy it to the clipboard.

Web Browser Tools

IECookiesView v1.73
This utility displays the details of all cookies that Internet Explorer stores on your computer. In addition, it allows you to change the content of the cookies, delete unwanted cookies files, save the cookies into a readable text file, find cookies by specifying the domain name, view the cookies of other users and in other computers, and more...
Read More >>

IECacheView v1.21 - Internet Explorer Cache Viewer
IECacheView is a small utility that reads the cache folder of Internet Explorer, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: Filename, Content Type, URL, Last Accessed Time, Last Modified Time, Expiration Time, Number Of Hits, File Size, Folder Name, and full path of the cache filename. You can easily save the cache information into text/html/xml file, or copy the cache table to the clipboard and then paste it to another application, like Excel or OpenOffice Spreadsheet.

IEHistoryView v1.37
This utility reads all information from the history file on your computer, and displays the list of all URLs that you have visited with Internet Explorer browser in the last few days. It also allows you to select one or more URL addresses, and then remove them from the history file or save them into text, HTML or XML file. In addition, you are allowed to view the visited URL list of other user profiles on your computer, and even access the visited URL list on a remote computer, as long as you have permission to access the history folder.

MozillaCookiesView v1.26
MozillaCookiesView is an alternative to the standard 'Cookie Manager' provided by Netscape and Mozilla browsers. It displays the details of all cookies stored inside the cookies file (cookies.txt) in one table, and allows you to save the cookies list into text, HTML or XML file, delete unwanted cookies, and backup/restore the cookies file.

MozillaHistoryView v1.18
MozillaHistoryView is a small utility that reads the history data file (history.dat) of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web pages in the last days. For each visited Web page, the following information is displayed: URL, First visit date, Last visit date, Visit counter, Referrer, Title, and Host name.
You can also easily export the history data to text/HTML/Xml file.

MozillaCacheView v1.17
MozillaCacheView is a small utility that reads the cache folder of Firefox/Mozilla/Netscape Web browsers, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: URL, Content type, File size, Last modified time, Last fetched time, Expiration time, Fetch count, Server name, and more.
You can easily select one or more items from the cache list, and then extract the files to another folder, or copy the URLs list to the clipboard.

OperaCacheView v1.11
OperaCacheView is a small utility that reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: URL, Content type, File size, Last accessed time, and last modified time in the server.
You can easily select one or more items from the cache list, and then extract the files to another folder, or copy the URLs list to the clipboard.

ChromeCacheView v1.10
ChromeCacheView is a small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: URL, Content type, File size, Last accessed time, Expiration time, Server name, Server response, and more. You can easily select one or more items from the cache list, and then extract the files to another folder, or copy the URLs list to the clipboard.

MyLastSearch v1.32
MyLastSearch utility scans the cache and history files of your Web browser, and locate all search queries that you made with the most popular search engines (Google, Yahoo and MSN). The search queries that you made are displayed in a table with the following columns: Search Text, Search Engine, Search Time, Web Browser, and the search URL.

IEDesignMode v1.00
IEDesignMode Adds a new menu item into the context menu of Internet Explorer that allows you to easily switch the active Internet Explorer window to design mode. When a Web page in in design mode, you can change the location of images and other objects, change the current text, paste a new text into the Web page, and so on. After you made your changes, you can easily switch back to non-design mode and/or save the modified Web page to HTML file.

FavoritesView v1.20
FavoritesView displays the list of all your Favorties (of Internet Explorer browser) and bookmarks (of Netscape/Mozilla browsers) in a single page. Each line in the list specifies the title of the item, the URL address, the created/modified date of the bookmark item, and the folder name. You select one or more of these bookmarks, and then copy them to the clipboard, delete them (Only for Internet Explorer Favorites), export them to tab-delimited text file, HTML file, or XML file. FavoritesView also allows you to locate duplicate URL addresses in your Favorites/Bookmarks or find specific item by specifying the URL or the title.

ActiveX Compatibility Manager v1.00
This utility allows you to easily disable/enable ActiveX components on Internet Explorer browser.

Video/Audio Related Utilities

VideoCacheView v1.40
After watching a video in a Web site, you may want to save the video file into your local disk for playing it offline in the future. If the video file is stored in your browser's cache, this utility can help you to extract the video file from the cache and save it for watching it in the future.
It automatically scans the entire cache of Internet Explorer and Mozilla-based Web browsers (Including Firefox) and finds all video files that are currently stored in it. It allows you to easily copy the cached video files into another folder for playing/watching them in the future. If you have a movie player that is configured to play flv files, it also allows you to play the video directly from your browser's cache.

WebVideoCap v1.33
While watching a video in a Web site, you may sometimes want to save the video into your local drive, and then play it offline later. This utility allows you to capture .flv (Flash Video) files and RTSP streams while the Web browser download and play them inside a Web page. After the entire video file is downloaded and played by the Web browser, the video file is saved in the folder that you selected, and you can play it offline later with any Video player.
WebVideoCap can capture the video files of most popular video-sharing sites, including YouTube, Google Video, Yahoo Video, iFilm, Metacafe, Putfile, and more...

Volumouse v1.65
Volumouse provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse.
It allows you to define a set of rules for determining when the wheel will be used for changing the sound volume. For example: You can configure Volumouse to use your mouse wheel for volume control when the Alt key is hold down, when the left mouse button is down, when the mouse cursor is over the taskbar, and so on...
When the conditions that you define are not satisfied, your mouse wheel will be used for the regular scrolling tasks, exactly as before.

InstalledCodec v1.05
InstalledCodec is a small utility displays the list of all Codec drivers and DirectShow filters currently installed on your system. For each component the following information is displayed: Display Name, Type, Disabled Status, Installed/Modified Time, Description, Company Name, Filename, and more... It allows you to easily disable or enable any Codec/DirectShow component or export the list into text/xml/html file.

Internet Related Utilities

IPNetInfo v1.18
IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.
This utility can be very useful for finding the origin of unsolicited mail. You can simply copy the message headers from your email software and paste them into IPNetInfo utility. IPNetInfo automatically extracts all IP addresses from the message headers, and displays the information about these IP addresses.

WhoisThisDomain v1.31
This utility allows you to easily get information about a registered domain. It automatically connect to the right WHOIS server, according to the top-level domain name, and retrieve the WHOIS record of the domain. It support both generic domains and country code domains.

IPInfoOffline v1.05
IPInfoOffline Allows you to view information about IP addresses, without connecting any external server. It uses a compressed IP addresses database that is stored inside the exe file. For each IP address, the following information is displayed: IP block range, Organization (RIPE, ARIN, APNIC, LACNIC or AFRINIC), Assigned Date, Country Name, and Country Code. After retrieving the information about the desired IP addresses, You can copy the information to the clipboard, or save it into text/html/xml/csv file.

DNSDataView v1.00
This utility is a GUI alternative to the NSLookup tool that comes with Windows operating system. It allows you to easily retrieve the DNS records (MX, NS, A, SOA) of the specified domains. You can use the default DNS server of your Internet connection, or use any other DNS server that you specify. After retrieving the DNS records for the desired domains, you can save them into text/xml/html/csv file.

FastResolver v1.22
FastResolver is a small utility that resolves multiple host names into IP addresses and vice versa. You can simply type the list of IP addresses or host name that you want to resolve, or alternatively, you can specify IP addresses range that you want to scan. For local network, FastResolver also allows you to get the MAC address of all IP addresses that you scan. FastResolver is a multithreaded application, so it can resolve dozens of addresses within a few seconds.

SiteShoter v1.30
SiteShoter is a small utility that allows you to save a screenshot of any Web page into a file. It automatically creates hidden window of Internet Explorer, loads the desired Web page, and than save the entire content of the Web page into an image file (.png, .jpg, .tiff, .bmp or .gif). You can use SiteShoter in user interface mode, or alternatively, you can run SiteShoter in command-line mode without displaying any user interface.

SeqDownload v1.20
This utilities allows you to automatically download live images from the Web for every xxx seconds/minutes and store the files on your local drive. After collecting a fair amount of images, you can easily create nice animation from the downloaded images.
This utility is especially useful for live cams Web sites, weather radar images, and satellite images.

GoogRank v1.01
GoogRank is a simple utility that retrieves and displays the Google's PageRank of a Web page.

HTMLAsText v1.06
HTMLAsText utility converts HTML documents to simple text files, by removing all HTML tags and formatting the text according to your preferences.

IdenSwitch v1.01
This utility allows you to instantly open Outlook Express with the desired identity, without requiring you to switch the identity through the menu of Outlook Express.

AddrView v1.01
AddrView allows you to parse HTML pages and extract most URL addresses stored in them. AddrView extracts URLs of images (<img> tag), links to other files (<a> tag), CSS files, frames, Flash files, and more.

TagsReport v1.00
TagsReport reads HTML file and displays statistical information about the tags the appears in it.

JavaScript Animator Express v1.10
This utility allows you to easily create animation from image files (GIFs and JPGs) on your local drive. The animation is achieved by creating a simple HTML page with JavaScript animation, and running it on your default browser.

CustomizeIE v1.01
Add new menu items and toolbar buttons to Internet Explorer

TurnFlash v2.10 (UI Version)
TurnFlash is a small utility that allows you to eaily disable and enable the Macromedia Flash player component in Internet Explorer.

TurnFlash v1.00 (command-line version)
small command-line utility that allows you to eaily disable and enable the Macromedia Flash player component in Internet Explorer.
Source code is included !

MIMEView v1.10
This utility displays the list of all MIME types defined in your system. For each MIME type, information about the associated file extension and installed plugin is also displayed.

Command-Line Utilities

NirCmd v2.20
NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface. By running NirCmd with simple command-line option, you can write and delete values and keys in the Registry, write values into INI file, dial to your internet account or connect to a VPN network, restart windows or shut down the computer, create shortcut to a file, change the created/modified date of a file, change your display settings, and more...

WirelessNetConsole v1.00

WirelessNetConsole is a small console application that dumps all current detected wireless networks information into the standard output. For each wireless network, the following information is displayed: SSID, Signal Quality in %, PHY types, RSSI, MAC Address, Channel Frequency, and more.

AtNow v1.1
AtNow is a command-line utility that schedules programs and commands to run in the near future.

Visual C++ Source code is included.

GoogRankCmd v1.01
GoogRankCmd is a simple command-line utility that retrieves and displays the Google's PageRank of a Web page ,without using Google Toolbar or any other browser plugin.

WhosIP v1.02
WhosIP is a simple command-line utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.

WhoisCL v1.30
WhoisCL is a simple command-line utility that allows you to easily get information about a registered domain. It automatically connect to the right WHOIS server, according to the top-level domain name, and retrieve the WHOIS record of the domain. It supports both generic domains and country code domains.

SNRemove v1.00
This utility removes the reference to strong name signature from .NET exe and dll files. After removing the strong name reference, you can make any change you want in dll/exe file, without getting any exception or error message.

Desktop Utilities

WinLister v1.13
This utility displays the list of opened windows on your system. For each window, some useful information is displayed: the title, the handle of window, location, size, class name, process number, the name of the program that created the window, and more...
In addition, you can easily hide, show or close the selected windows, or save the windows list to text or HTML file.

ShortcutsMan v1.01
ShortcutsMan displays the details about all shortcuts that you have on your desktop and under your start menu. Broken shortcuts (shortcuts that point to file that doesn't exist) are automatically painted with pink color. You select one or more shortcuts, and then delete them, resolve them or save the shortcut's details to HTML/Text/XML file.

FileTypesMan v1.11
FileTypesMan is an alternative to the 'File Types' tab in the 'Folder Options' of Windows. It displays the list of all file extensions and types registered on your computer. For each file type, the following information is displayed: Type Name, Description, MIME Type, Perceived Type, Flags, Browser Flags, and more.
FileTypesMan also allows you to easily edit the properties and flags of each file type, as well as it allows you to add, edit, and remove actions in a file type.

MyUninstaller v1.42
MyUninstaller is an alternative utility to the standard Add/Remove applet of Windows operating system. It displays the list of all installed application, and allows you to uninstall an application, delete an uninstall entry, and save the list of all installed applications into a text file or HTML file.
MyUninstaller also provides additional information for most installed applications that the standard Add/Remove applet doesn't display: product name, company, version, uninstall string, installation folder and more.

OpenWithView v1.02
OpenWithView is a small utility that displays the list of all available applications in the 'Open With' dialog-box of Windows, and allows you to easily disable/enable the applications in the list. When application is disabled, it won't be displayed in the 'Other Programs' section of the 'Open With' dialog-box.
This utility can be useful if your 'Open With' window displays too much applications, and you want to remove the applications that you don't use frequently.

SpecialFoldersView v1.05
Windows operating system have dozens of special folders that are used for storing application settings and files, storing Internet files, saving temporary files, storing shortcuts to other files, and so on.
This utility displays the list of all special folders in your system, and allows you to easily jump to the right folder simply by double-clicking the folder item. You can also save the list of all folder paths into text/html/xml file.

InsideClipboard v1.06
Each time that you copy something into the clipboard for pasting it into another application, the copied data is saved into multiple formats. The main clipboard application of Windows only display the basic clipboard formats, like text and bitmaps, but doesn't display the list of all formats that are stored in the clipboard.
InsideClipboard is a small utility that displays the binary content of all formats that are currently stored in the clipboard, and allow you to save the content of specific format into a binary file.

NirExt v1.01
NirExt utility adds 3 useful context menu extensions to your Windows Explorer environment:

Folder Properties: This option is available in the context menu when you right-click on a folder in your file system. It allows you change the icon of any folder you want, and change the text that appears when the mouse cursor moves over the folder.
Advanced Run: This option is available in the context menu when you right-click on an executable file (*.EXE). It allows you to instantly run an application with command-line and some other options.
Create Shortcut+: This option is available in the context menu when you right-click on any file in your system. It allows you to instantly create a shortcut and drop it into one of the following folders: Desktop, Start Menu, Programs folder under Start Menu, Common Desktop (for all users), Common Start Menu (for all users), and Common Programs folder (for all users) under Start Menu.

WinMessControl v1.00
Disable/enable the 'Windows Messenger' application under Windows XP.

Programmer Tools

DLL Export Viewer v1.26
This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memory address. When this function is called, the debugger will stop in the beginning of this function.

GDIView v1.03
GDIView is a unique tool that displays the list of GDI handles (brushes, pens, fonts, bitmaps, and others) allocated by every process. It displays the total count for each type of GDI handle, as well as detailed information about each handle. This tool can be useful for developers that need to trace GDI resources leak in their software.

HeapMemView v1.02
HeapMemView is a small utility that allows you to view the content of all memory blocks allocated in the heap of the process the you select. This tool can be useful for developers that need to trace memory leaks in their software.

DeviceIOView v1.01
DeviceIOView allows you to watch the data transfer between a software or service and a device driver (DeviceIoControl calls). For each call to a device driver, the following information is displayed: Handle, Control Code, number of input bytes, number of output bytes, the name of the device handle, and all the input/output bytes, displayed as Hex dump.

System Utilities

OpenedFilesView v1.30
OpenedFilesView displays the list of all opened files on your system. For each opened file, additional information is displayed: handle value, read/write/delete access, file position, the process that opened the file, and more... Optionally, you can also close one or more opened files, or close the process that opened these files.

ProcessActivityView v1.06
ProcessActivityView creates a summary of all files and folders that the selected process tries to access. For each file that the process access, the following information is displayed: Number of times that the file was opened and closed, number of read/write calls, total number of read/write bytes, the dll that made the last open-file call, and more...

WinUpdatesList v1.23
WinUpdatesList displays the list of all Windows updates (Service Packs and Hotfixes) installed on your local computer. For hotfix updates, this utility also displays the list of files updated with these hotfixes. In addition, it allows you to instantly open the Web link in Microsoft Web site that provides more information about the selected update, uninstall an update, copy the update information to the clipboard, or save it to text/HTML/XML file.

SysExporter v1.41
SysExporter utility allows you to grab the data stored in standard list-views, list boxes, and combo boxes from almost any application running on your system, and export it to text, HTML or XML file.

ShellExView v1.36 - Shell Extensions Manager
The ShellExView utility displays the details of shell extensions installed on your computer, and allows you to easily disable and enable each shell extension.

URLProtocolView v1.12
URLProtocolView is a simple utility that displays all URL protocols (for example: ftp:, telnet:, mailto:) that are currently installed on your system. For each URL protocol, the following information is displayed: The protocol name, the protocol description, the command-line that is executed when you type or click the URL, the product name, and the company name. This utility also allows you to easily enable/disable the URL protocols.

RegScanner v1.70
RegScanner is a small utility that allows you to scan the Registry, find the desired Registry values that match to the specified search criteria, and display them in one list. After finding the Registry values, you can easily jump to the right value in RegEdit, simply by double-clicking the desired Registry item.

RegFromApp v1.15
RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed.

USBDeview v1.30
USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.
For each USB device, exteneded information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more... USBDeview also allows you to uninstall USB devices that you previously used, and disconnect USB devices that are currently connected to your computer. You can also use USBDeview on a remote computer, as long as you login to that computer with admin user.

BluetoothView v1.11
BluetoothView is a small utility that runs in the background, and monitor the activity of Bluetooth devices around you. For each detected Bluetooth device, it displays the following information: Device Name, Bluetooth Address, Major Device Type, Minor Device Type, First Detection Time, Last Detection Time, and more.
BluetoothView can also notify you when a new Bluetooth device is detected, by displaying a balloon in your taskbar or by playing a small beep sound.

WirelessNetView v1.12
WirelessNetView is a small utility that runs in the background, and monitor the activity of wireless networks around you. For each detected network, it displays the following information: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher Algorithm, and more.

CleanAfterMe v1.30
CleanAfterMe allows you to easily clean files and Registry entries that are automatically created by the Windows operating system during your regular computer work.
With CleanAfterMe, you can clean the cookies/history/cache/passwords of Internet Explorer, the 'Recent' folder, the Registry entries that record the last opened files, the temporary folder of Windows, the event logs, the Recycle Bin, and more.

UserProfilesView v1.00
UserProfilesView displays the list of all user profiles that you currently have in your system. For each user profile, the following information is displayed: Domain\User Name, Profile Path, Last Load Time, Registry File Size, User SID, and more. You can save the profiles list into text/xml/html/csv file.

MonitorInfoView v1.03
MonitorInfoView is a small utility that displays essential information about your monitor: manufacture week/year, monitor manufacturer, monitor model, supported display modes, and more... The information is extracted from the EDID ("Extended display identification data") records stored on your computer. You can also view the monitor information of multiple computers on your network, if you login to these computers with administrator rights.

DumpEDID v1.01
DumpEDID is a small console application that extract the EDID ("Extended display identification data") records from your computer, analyze it, and dump it into the console window. EDID record provide essential information about your monitor: manufacture week/year, monitor manufacturer, monitor model, supported display modes, and so on... You can also get the EDID records of a remote computer, if you login to this computer with administrator rights.
(DumpEDID is the console version of MonitorInfoView utility)

RunAsDate v1.05
RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn't change the current system date and time of your computer, but it only injects the date/time that you specify into the desired application.
You can run multiple applications simultaneously, each application works with different date and time, while the real date/time of your system continues to run normally.

NK2View v1.25
Each time that you send a new message in Outlook, the emails that you type in To/Cc fields, are automatically inserted into the AutoComplete list, so in the next time that you type an email address, Outlook automatically completes the right email address for you.
The AutoComplete file of Outlook is stored under [Your Profile]\Application Data\Microsoft\Outlook , and it always saved as the profile name of Outlook with .NK2 extension.
This utility reads the AutoComplete file of Outlook (with .NK2 extension), displays all email records stored in it, and allows you to easily export these records into text/html/xml file.

OfficeIns v1.03 - Microsoft Office Add-Ins Manager
OfficeIns is a small utility that displays the details of all installed Microsoft Office add-ins on your computer, and allows you to disable/enable them.

ProduKey v1.35
ProduKey is a small utility that displays the ProductID and the CD-Key of MS-Office, Windows, and SQL Server installed on your computer. You can view this information for your current running operating system, or for another operating system/computer - by using command-line options.

RegDllView v1.30
RegDllView is a small utility that displays the list of all registered dll/ocx/exe files (COM registration). For each registered file, you can view the last date/time that it was registered, and the list of all registration entries (CLSID/ProgID).

MUICacheView v1.00
Each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the 'MuiCache'.

This utility allows you to easily view and edit the list of all MuiCache items on your system. You can edit the name of the application, or alternatively, you can delete unwanted MUICache items.

ShellBagsView v1.05
Each time that you open a folder in Explorer, Windows automatically save the settings of this folder into the Registry. This utility displays the list of all folder settings saved by Windows. For each folder, the following information is displayed: The date/time that you opened it, the entry number, display mode (Details, Icons, Tiles, and so on...), the last position of the window, and the last size of the window.

UserAssistView v1.00
This utility decrypt and displays the list of all UserAssist entries stored under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist key in the Registry. The UserAssist key contains information about the exe files and links that you open frequently. you can save the list of UserAssist entries into text/html/xml/csv file, as well as you can delete unwanted items.

MyEventViewer v1.15
MyEventViewer is a simple alternative to the standard event viewer of Windows. As oppose to Windows event viewer, MyEventViewer allows you to watch multiple event logs in one list, as well as the event description and data are displayed in the main window, instead of opening a new one. Also, with MyEventViewer you can easily select multiple event items and then save them to HTML/Text/XML file, or copy them to the clipboard (Ctrl+C) and then paste them into Excel.

ActiveXHelper v1.12
ActiveXHelper is a small utility that allows you to view essential information about ActiveX components installed on your computer. You can view the entire (and very large !) list of ActiveX components by loading it from HKEY_CLASSES_ROOT\CLSID Registry key, or alternatively, display only the ActiveX components that you specify. In addition, you can temporarily disable specific ActiveX components. When ActiveX components are disabled, they cannot be used by any software, until you enable them again.

RecentFilesView v1.09
Each time that you open a file from Windows Explorer or from a standard open/save dialog-box, the name of the file that you opened is recorded by the operating system. Some of the names are saved into the 'Recent' folder. Other are saved into the Registry.
This utility display the list of all recently opened files, and allows you to delete unwanted filename entries. You can also save the files list into text/html/xml file.

InjectedDLL v1.00
InjectedDLL is a small utility that displays the list of DLLs that are automatically injected on every process in your system.

CurrProcess v1.13
CurrProcess utility displays the list of all processes currently running on your system. For each process, you can view the list of all modules (DLL files) that the process loads into memory. for all processes and modules, additional useful information is also displayed: product name, version, company name, description of the file, the size of the file, and more.
In addition, CurrProcess allows you to do the following actions: Kill a process, Dump memory of process into a text file, Create HTML report containing information about a process with the list of all modules that it loads into memory, Save the list of all running processes into text or HTML file, and more.

ServiWin v1.35
ServiWin utility displays the list of installed drivers and services on your system. For some of them, additional useful information is displayed: file description, version, product name, company that created the driver file, and more.
In addition, ServiWin allows you to easily stop, start, restart, pause, and continue service or driver, change the startup type of service or driver (automatic, manual, disabled, boot or system), save the list of services and drivers to file, or view HTML report of installed services/drivers in your default browser.

ShellMenuView v1.07
ShellMenuView is a small utility that display the list of static menu items that appeared in the context menu when you right-click a file/folder on Windows Explorer, and allows you to easily disable unwanted menu items.

DriverView v1.16
DriverView utility displays the list of all device drivers currently loaded on your system. For each driver in the list, additional useful information is displayed: load address of the driver, description, version, product name, company that created the driver, and more.

FoldersReport v1.21
The FoldersReport utility scans a drive or a base folder that you select, and displays essential information for each folder that it finds: The size of all files inside the folder, The real files size on the disk, number of files inside the folder, number of hidden files, number of compressed files, and number of subfolders. You can use this utility to easily find out which folders use the most space in your drive. You can scan the folders of your local drives, CD-ROM drives, and network resources on a remote computer.

StartupRun v1.22
The StartupRun utility displays the list of all applications that are loaded automatically when Windows boots. For each application, additional information is displayed (Product Name, File Version, Description, and Company Name), in order to allow you to easily identify the applications that are loaded at Windows startup. if StartupRun identifies a spyware or adware program that runs at startup, it automatically paints it in pink color. In addition, you are allowed to Edit, disable, enable and delete the selected startup entries. You can also save the list of startup items into a text or html files, and even add a new startup entry to the Registry.

GACView v1.11
GACView is an alternative to the standard .NET assembly viewer on Windows Explorer. In addition to the standard columns, GACView displays additional information for each assembly, like modified date, file size, full path of the assembly file, file version, and so on. GACView also allows you to delete an assembly the cannot be uninstalled in the regular way.

JRView v1.00
JRView is a small utility that displays the list of all Java Runtime Environments and Java Development Kits installed on your system, and allows you to run a Java application (.class or .jar file) on the desired Java environment.

MMCompView v1.10
Displays the details of all installed multimedia components (Codec, ActiveX filters) and allows you disable/enable specific components.

IECompo v1.00
Displays the installed Internet Explorer components on your computer.

FileDate Changer v1.1
This utility allows you to eaily change the created, modified and accessed date of any file in your system. You can select multiple files and change the dates of them at once.

Explorestart v1.00
Explorestart is a very simple utility that simply restart Explorer and Internet Explorer. When you run this tool, all instances of Explorer (explorer.exe) and Internet Explorer (iexplore.exe) are terminated instantly, and a new instance of Explorer is created after a few seconds.

StartBlueScreen v1.00
This utility, just as it sounds, allows your to crash the Windows operating system by initiating a Blue Screen of Death according to 5 parameters that you specify from command-line.

Other Utilities

SkypeLogView v1.06
SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.

ResourcesExtract v1.10
ResourcesExtract is a small utility that scans dll/ocx/exe files and extract all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more...) stored in them into the folder that you specify. You can use ResourcesExtract in user interface mode, or alternatively, you can run ResourcesExtract in command-line mode without displaying any user interface.

HashMyFiles v1.43
HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.
HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.

MetarWeather v1.56
The MetarWeather utility decodes METAR weather reports from around the world, and displays them in a simple weather report table. You can save the weather report into a text or HTML files. MetarWeather can decode METAR reports from a text file, or download the latest reports directly from the Internet.

HtmlDocEdit v1.02
HtmlDocEdit is a simple HTML designer/editor based on the Internet Explorer browser, that allows you to easily edit HTML files without any knowledge in HTML. With HtmlDocEdit you can change the font/color of selected text, add images, add links, add ordered and unordered lists, and more...

ZipInstaller v1.21
The ZipInstaller utility installs and uninstalls applications and utilities that do not provide an internal installation program. You can use this utility to install and uninstall all other utilities in this Web site.

IconsExtract v1.45
Extract icons and cursors from EXE, DLL, CPL, and OCX files and save them as ICO or CUR files.

DotNetResourcesExtract v1.00
DotNetResourcesExtract is a small utility that scan dll/exe files of .NET applications, and extract all .NET embedded resources (Bitmaps, Gifs, HTML files, and so on) stored in them into the folder that you specify. c# source code is available.

WinExplorer v1.30
WinExplorer is a utility that shows all system's windows in hierarchical display.
For every window in the hierarchy, you can view its properties, like handle, class name, caption, size, position and more. You can also modify some properties, like Caption and Visible/Enable.
Source code is included

ExeInfo v1.01
The ExeInfo utility shows general information about executable files (*.exe), dynamic-link libraries (*.dll), ocx files, and drivers files.

Source code is included

pcANYWHERE Hosts Scanner v1.01
This small utility allows you to scan a TCP/IP network and get the list of all pcANYWHERE hosts within that network.
The Visual Basic source code is included !

"Software" 카테고리의 다른 글

Sysinternals Utilities (0)2009/01/21
NirSoft Freeware Utilities (0)2009/01/21
Windows Server 2008 (0)2008/04/27
오류없는 SW 개발을 꿈꾼다 (0)2005/10/12
해커를 움직이는 힘 (0)2005/05/30

Posted by webdizen

Tags Audio, Browser, Desktop, Freeware, Internet, Monitoring, Network, NirSoft, Password, Programmer, Recovery, System, Tools, Utilities, Video, Web

No Trackback No Comment

Leave your greetings.

Security2009/01/21 15:24

Foundstone Free Tools

http://www.foundstone.com/

Assessment Utilities: FSCrack ™v1.0.1; Fpipe™v2.1; CredDigger ™v2.1
Forensic Tools: PatchIt™v2.0; DumpAutoComplete v0.7; Galletav1.0; BinText; Vision™v1.0; Pascov1.0; Forensic Toolkit™v2.0; NTLast™v3.0; ShoWin™v2.0; Rifiutiv1.0
Foundstone SASS Tools: CookieDigger™v1.0; Hacme Travel™v1.0; Hacme Bank™v2.0; HackPack™v1.0; SecureUML Templatev1.0; SiteDigger™v2.0; SiteScopev1.0; SSLDigger™v1.02; Hacme Shipping™v1.0; CodeScout™v1.0; Validator.NET™v1.0; Hacme Casino™v1.0; WSDigger™v1.0; Hacme Books™v2.0; Socket Security AuditorNEW!!v1.0; .NET Security Toolkitv1.0; .NETMon™v1.0
Intrusion Detection Tools: Carbonite™v1.0; Fport™v2.0; Attacker™v3.0; FileWatch™v1.0; IPv4Tracev1.0
Scanning Tools: RPCScanv2.03; DSScanv1.0; MS05-051 Scanv1.0; SQLScanv1.0; MessengerScanv1.05; BOPing™v2.0; NetSchedScanv1.0; SuperScan™v4.0; MydoomScanner v1.0; DDosPing™v2.0; Trout™v2.0; MS05-039 Scanv1.0; CIScanv1.0; ScanLine™v1.01; DIRE™NEW!!v1.0; SNScan™v1.05
Stress Testing Tools: Blast™v2.0; FSMax™v2.0; UDPFlood™v2.0

"Security" 카테고리의 다른 글

Foundstone Free Tools (0)2009/01/21
Unix/Linux 해킹 피해 시스템 분석 절차 (0)2007/07/06
원격 네트워크 로그인의 중앙화와 보안 (0)2007/05/10
SQL Injection Attacks by Example (0)2007/04/30
해킹 관련 용어 II (0)2007/01/12

Posted by webdizen

Tags Assessment, Detection, Forensic, Foundstone, Intrusion, Network, SASS, Scanning, Security, Testing

No Trackback No Comment

Leave your greetings.

Programming/Network Programming2007/07/27 09:11

Network Programming in C#

출처 : http://www.devarticles.com/c/a/c-sharp/ ··· sharp%2F

Network Programming in C#
(Page 1 of 2 )

Rajesh will now educate C# programmers by demonstrating the correct method of using the Socket class. A must read for those network programmers out there.

The .NET framework provides two namespaces, System.Net and System.Net.Sockets for network programming. The classes and methods of these namespaces help us to write programs, which can communicate across the network. The communication can be either connection oriented or connectionless. They can also be either stream oriented or data-gram based. The most widely used protocol TCP is used for stream-based communication and UDP is used for data-grams based applications.

The System.Net.Sockets.Socket is an important class from the System.Net.Sockets namespace. A Socket instance has a local and a remote end-point associated with it. The local end-point contains the connection information for the current socket instance.

There are some other helper classes like IPEndPoint, IPADdress, SocketException etc, which we can use for Network programming. The .NET framework supports both synchronous and asynchronous communication between the client and server. There are different methods supporting for these two types of communication.

A synchronous method is operating in blocking mode, in which the method waits until the operation is complete before it returns. But an asynchronous method is operating in non-blocking mode, where it returns immediately, possibly before the operation has completed.

Dns Class

The System.net namespace provides this class, which can be used to creates and send queries to obtain information about the host server from the Internet Domain Name Service (DNS). Remember that in order to access DNS, the machine executing the query must be connected to a network. If the query is executed on a machine, that does not have access to a domain name server, a System.Net.SocketException is thrown. All the members of this class are static in nature. The important methods of this class are given below.

public static IPHostEntry GetHostByAddress(string address)

Where address should be in a dotted-quad format like "202.87.40.193". This method returns an IPHostEntry instance containing the host information. If DNS server is not available, the method returns a SocketException.

public static string GetHostName()

This method returns the DNS host name of the local machine.

In my machine Dns.GetHostName() returns vrajesh which is the DNS name of my machine.

public static IPHostEntry Resolve(string hostname)

This method resolves a DNS host name or IP address to a IPHostEntry instance. The host name should be in a dotted-quad format like 127.0.01 or www.microsoft.com.

IPHostEntry Class

This is a container class for Internet host address information. This class makes no thread safety guarantees. The following are the important members of this class.

AddressList Property

Gives an IPAddress array containing IP addresses that resolve to the host name.

Aliases Property

Gives a string array containing DNS name that resolves to the IP addresses in AddressList property.

The following program shows the application of the above two classes.

using System;
using System.Net;
using System.Net.Sockets;
class MyClient
{
   public static void Main()
   {
   IPHostEntry IPHost = Dns.Resolve("www.hotmail.com");
   Console.WriteLine(IPHost.HostName);
   string []aliases = IPHost.Aliases;
   Console.WriteLine(aliases.Length);
   IPAddress[] addr = IPHost.AddressList;
   Console.WriteLine(addr.Length);
   for(int i= 0; i < addr.Length ; i++)
   {
   Console.WriteLine(addr[i]);
   }
   }
}

IPEndPoint Class

This class is a concrete derived class of the abstract class EndPoint. The IPEndPoint class represents a network end point as an IP address and a port number. There is couple of useful constructors in this class:

IPEndPoint(long addresses, int port)
IPEndPoint (IPAddress addr, int port)
IPHostEntry IPHost = Dns.Resolve("www.c-sharpcorner.com");
Console.WriteLine(IPHost.HostName);
string []aliases = IPHost.Aliases;
IPAddress[] addr = IPHost.AddressList;
Console.WriteLine(addr[0]);
EndPoint ep = new IPEndPoint(addr[0],80);

Network Programming in C# - Part 2
(Page 2 of 2 )

Socket Programming: Synchronous Clients

The steps for creating a simple synchronous client are as follows.

Create a Socket instance.
Connect the above socket instance to an end-point.
Send or Receive information.
Shutdown the socket
Close the socket

The Socket class provides a constructor for creating a Socket instance.

public Socket (AddressFamily af, ProtocolType pt, SocketType st)

Where AddressFamily, ProtocolType and SocketTYpe are the enumeration types declared inside the Socket class.

The AddressFamily member specifies the addressing scheme that a socket instance must use to resolve an address. For example AddressFamily.InterNetwork indicates that an IP version 4 addresses is expected when a socket connects to an end point.

The SocketType parameter specifies the socket type of the current instance. For example SocketType.Stream indicates a connection-oriented stream and SocketType.Dgram indicates a connectionless stream.

The ProtocolType parameter specifies the ptotocol to be used for the communication. For example ProtocolType.Tcp indicates that the protocol used is TCP and ProtocolType.Udp indicates that the protocol using is UDP.

public Connect (EndPoint ep)

The Connect() method is used by the local end-point to connect to the remote end-point. This method is used only in the client side. Once the connection has been established the Send() and Receive() methods can be used for sending and receiving the data across the network.

The Connected property defined inside the class Socket can be used for checking the connection. We can use the Connected property of the Socket class to know whether the current Socket instance is connected or not. A property value of true indicates that the current Socket instance is connected.

IPHostEntry IPHost = Dns.Resolve("www.c-sharpcorner.com");
Console.WriteLine(IPHost.HostName);
string []aliases = IPHost.Aliases;
IPAddress[] addr = IPHost.AddressList;
Console.WriteLine(addr[0]);
EndPoint ep = new IPEndPoint(addr[0],80);
Socket sock = new
Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
sock.Connect(ep);
if(sock.Connected)
Console.WriteLine("OK");

The Send() method of the socket class can be used to send data to a connected remote socket.

public int Send (byte[] buffer, int size, SocketFlags flags)

Where byte[] parameter storing the data to send to the socket, size parameter containing the number of bytes to send across the network. The SocketFlags parameter can be a bitwise combination of any one of the following values defined in the System.Net.Sockets.SocketFlags enumerator.

SocketFlags.None
SocketFlags.DontRoute
SocketFlags.OutOfBnd

The method Send() returns a System.Int32 containing the number of bytes send.Remember that there are other overloaded versions of Send() method as follows.

public int Send (byte[] buffer, SocketFlags flags)
public int Send (byte[] buffer)
public int Send (byte[] buffer,int offset, int size, SocketFlags flags)

The Receive() method can be used to receive data from a socket.

public int Receive(byte[] buffer, int size, SocketFlags flags)

The overloaded versions of Receive() methods are shown below.

public int Receive (byte[] buffer, SocketFlags flags)
public int Receive (byte[] buffer)
public int Receive (byte[] buffer,int offset, int size, SocketFlags flags)

When the communication across the sockets is over, the connection between the sockets can be terminated by invoking the method ShutDown()

public void ShutDown(SocketShutdown how)

Where ‘how’ is one of the values defined in the SocketSHutdown enumeration. The value SoketShutdown.Send means that the socket on the other end of the connection is notified that the current instance would not send any more data.

The value SoketShutdown.Receive means that the socket on the other end of the connection is notified that the current instance will not receive any more data and the value SoketShutdown.Both means that both the action are not possible.

Remember that the ShutDown() method must be called before the Close(0 method to ensure that all pending data is sent or received.

A socket can be closed by invoking the method Close().

public void Close()

This method closes the current instance and releases all managed and un-managed resources allocated by the current instance. This method internally calls the Dispose() method with an argument of ‘true’ value, which frees both managed and un-managed resources used by the current instance.

protected virtual void Dispose(bool)

The above method closes the current instance and releases the un-managed resources allocated by the current instance and exceptionally release the managed resources also. An argument value of ‘true’ releases both managed and un-managed resources and a value of ‘false’ releases only un-managed resources.

The source code for a simple synchronous client by using the sockets is show below. The following program can send an HTTP request to a web server and can read the response from the web server.

using System;
using System.Net;
using System.Net.Sockets;
using System.Text;
class MyClient
{
   public static void Main()
   {
   IPHostEntry IPHost = Dns.Resolve("www.google.com");
   Console.WriteLine(IPHost.HostName);
   string []aliases = IPHost.Aliases;
   IPAddress[] addr = IPHost.AddressList;
   Console.WriteLine(addr[0]);
   EndPoint ep = new IPEndPoint(addr[0],80);
Socket sock = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
   sock.Connect(ep);
   if(sock.Connected)
   Console.WriteLine("OK");
   Encoding ASCII = Encoding.ASCII;
   string Get = "GET / HTTP/1.1\r\nHost: " + "www. google.com" +
   "\r\nConnection: Close\r\n\r\n";
   Byte[] ByteGet = ASCII.GetBytes(Get);
   Byte[] RecvBytes = new Byte[256];
   sock.Send(ByteGet, ByteGet.Length, 0);
   Int32 bytes = sock.Receive(RecvBytes, RecvBytes.Length, 0);
   Console.WriteLine(bytes);
   String strRetPage = null;
   strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
   while (bytes > 0)
   {
   bytes = sock.Receive(RecvBytes, RecvBytes.Length, 0);
   strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
   Console.WriteLine(strRetPage );
   }
   sock.ShutDown(SocketShutdown.Both);
   sock.Close();
   }
}

"Network Programming" 카테고리의 다른 글

Posted by webdizen

Tags C#, Network, Socket

No Trackback No Comment

Leave your greetings.

Security/Scanning2007/07/18 13:55

NBTScan. NetBIOS Name Network Scanner.

General Information

NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.

Version 1.5 is now available. See Change Log for changes since previous release.

NBTscan compiles and runs on Unix and Windows. I have tested it on Windows NT 4.0, Windows 2000, FreeBSD 4.3, OpenBSD 2.8 and RedHat Linux 7.1 and 7.3. It should also compile and run on Solaris and other Linuxes as well.

Steve Coleman (Steve (dot) Coleman (at) jhuapl (dot) edu) ported previous versions of NBTscan to Solaris, HP-UX and OSF/1 and fixed several bugs. He reports that NBTscan also runs on IRIX/SGI with minor problems. I was also told that NBTscan runs on AIX (Antonio Dell'elce) and SunOS 4.1.3_U1 (Joe Cline). Mohammad A. Haque (mhaque (at) haque (dot) net) ported nbtscan to Darwin.

This program is a successor of a perl script with the same name and does essentially the same thing, being much faster though. NBTscan produces a report like that:

IP address       NetBIOS Name     Server    User             MAC address
------------------------------------------------------------------------------
192.168.1.2      MYCOMPUTER                 JDOE             00-a0-c9-12-34-56
192.168.1.5      WIN98COMP        <server>  RROE             00-a0-c9-78-90-00
192.168.1.123    DPTSERVER        <server>  ADMINISTRATOR    08-00-09-12-34-56

First column lists IP address of responded host. Second column is computer name. Third column indicates if this computer shares or is able to share files or printers. For NT machine it means that Server Service is running on this computer. For Windows 95 it means that "I want to be able to give others access to my files" or "I want to be able to allow others to print on my printer(s)" checkbox is ticked (in Control Panel/Network/File and Print Sharing). Most often it means that this computer shares files. Third column shows user name. If no one is logged on from this computer it is same as computer name. Last column shows adapter MAC address.

If run with -v switch NBTscan lists whole NetBIOS name table for each responded address. The output looks like that:

NetBIOS Name Table for Host 192.168.1.123:

Name             Service          Type
----------------------------------------
DPTSERVER        <00>             UNIQUE
DPTSERVER        <20>             UNIQUE
DEPARTMENT       <00>             GROUP
DEPARTMENT       <1c>             GROUP
DEPARTMENT       <1b>             UNIQUE
DEPARTMENT       <1e>             GROUP
DPTSERVER        <03>             UNIQUE
DEPARTMENT       <1d>             UNIQUE
??__MSBROWSE__?  <01>             GROUP
INet~Services    <1c>             GROUP
IS~DPTSERVER     <00>             UNIQUE
DPTSERVER        <01>             UNIQUE

Adapter address: 00-a0-c9-12-34-56
----------------------------------------

FAQ

Where can I get NBTscan?

Download it from http://www.inetcat.net/software/nbtscan.html . I used to have inetcat.org domain but it was grabbed by cybersquatters, so I had to move to inetcat.net.

Is there source code available ?

Yes. Same as above.

NBTscan lists my Windows boxes just fine but does not list my unixes or routers. Why?

That is the way it is supposed to work. NBTscan uses NetBIOS for scanning and NetBIOS is only implemented by Windows (and some software on Unix such as Samba)

I get some error message on a certain operating system while compiling or running NBTscan. What can I do?

If you get errors compiling there is not much I can help you with. I don't have every possible version of every possible OS, so I wouldn't be able to reproduce your problem. Try to figure out what is going wrong, make a patch and send it to me. :)

If you get unexpected results running nbtscan and you think it is a bug, send me a bug report. Describe your environment (OS, version of nbtscan, how big the network you are scanning is, are there any firewalls on the way) and make a packet dump if possible. Comparing the results produced by nbtscan with results of nbtstat -a (Windows utility) also helps to find the problem. If you get same results from nbtscan and nbtstat, this probably means that the problem is in the network setup, not in nbtscan.

Are there any docs in Russian?

No. I am too lazy to do translation. If you are willing to translate docs to Russian or any other language for that matter, you are more than welcome.

How do I write NBTscan output into a file?

Just like any other program:

nbtscan 123.45.67.89 > filename

Works on both Unix and Windows.

How do I make NBTscan write its output one screen at a time?

Just like any other program:

 nbtscan 123.45.67.89 | more

Works on both Unix and Windows.

How do I export NBTscan output into an Excel file?

Run nbtscan with "-s ," option (script-friendly output, use comma as a field separator) and open the resulting file in Excel.

Why do I get "Connection reset by peer" errors on Windows 2000?

NBTscan uses port 137 UDP for sending queries. If the port is closed on destination host destination will reply with ICMP "Port unreachable" message. Most operating system will ignore this message. Windows 2000 reports it to the application as "Connection reset by peer" error. Just ignore it.

Is there a GUI for nbtscan?

Yes. There are a couple of different GUIs sent to me by different people at different times. Warning: I got this software at different times from different people. I didn't test it and I didn't read the source code. I don't know if it works and what it does when it works, so don't blame me if it does something completely awfull to you or your computer. You have been warned.

Use42 by Peter Feil (peter (dot) feil (at) one2many (dot) de) Use42 is a GUI wrapper form enum (by Jordan Ritter BindViewRazor), nbtscan (by me) and ipeye (by Arne Vidstrom). Runs on Windows.The author does not provide any source code. You can download it here.
gui.exe was sent to me by r_i_c_h (at) btinternet (dot) com. It is a Windows GUI for nbtscan. r_i_c_h said he got it from someone else but lost the sources. You can download it here.
xNBTscan was contributed by Brian (daten (at) dnetc (dot) org) and is a GTK2-base GUI for X. You can get it from here.

Why nbtscan doesn't scan for shares? Are you going to add share scanning to nbtscan?

No. NBTscan uses UDP for what it does. That makes it very fast. Share scanning requires TCP. For one thing, it will make nbtscan more slow. Also adding share scanning means adding a lot of new code to nbtscan. There is a lot of good share scanners around, so I see no reason to duplicate that work.

Why do I get 00-00-00-00-00-00 instead of MAC address when I scan a Samba box?

Because that's what Samba send in response to the query. Nbtscan just prints out what it gets.

Usage

NBTscan is a command-line tool. You have to supply at least one argument - address range in one of three forms:

xxx.xxx.xxx.xxx	Single IP in dotted-decimal notation. Example: 192.168.1.1.
xxx.xxx.xxx.xxx/xx	Net address and subnet mask. Example: 192.168.1.0/24
xxx.xxx.xxx.xxx-xxx	Address range. Example: 192.168.1.1-127. This will scan all addresses from 192.168.1.1 to 192.168.1.127.

It also understands the following switches:

>nbtscan -f my_ips.txt <output depends on other options>

Option	Meaning	Usage example
-v	verbose output. Print all names received from each host	>nbtscan -v 192.168.1.123 NetBIOS Name Table for Host 192.168.1.123: Name Service Type ---------------------------------------- DPTSERVER <00> UNIQUE DPTSERVER <20> UNIQUE DEPARTMENT <00> GROUP DPTSERVER <03> UNIQUE DPTSERVER <01> UNIQUE Adapter address: 00-a0-c9-12-34-56 ----------------------------------------
-d	dump packets. Print whole packet contents. Cannot be used with -v, -s or -h options.	>nbtscan -d 192.168.1.123 Packet dump for Host 192.186.1.2: Transaction ID: 0x02e9 (745) Flags: 0x8400 (33792) Question count: 0x0000 (0) Answer count: 0x0001 (1) Name service count: 0x0000 (0) Additional record count: 0x0000 (0) Question name: CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Question type: 0x0021 (33) Question class: 0x0001 (1) Time to live: 0x00000000 (0) Rdata length: 0x0089 (137) Number of names: 0x05 (5) <skipped lots of data>
-e	Format output in /etc/hosts format.	> ./nbtscan -e 192.168.75.0/28 192.168.75.2 M3I4W6 192.168.75.3 BOCKSTAEL 192.168.75.4 PCROGER 192.168.75.6 R392900055 192.168.75.12 SONY 192.168.75.13 DSNRVTWF 192.168.75.14 G8F8N7 192.168.75.15 VAIO
-l	Format output in lmhosts format.	> ./nbtscan -e 192.168.75.0/28 192.168.75.2 M3I4W6 #PRE 192.168.75.3 BOCKSTAEL #PRE 192.168.75.4 PCROGER #PRE 192.168.75.6 R392900055 #PRE 192.168.75.12 SONY #PRE 192.168.75.13 DSNRVTWF #PRE 192.168.75.14 G8F8N7 #PRE 192.168.75.15 VAIO #PRE
-t timeout	wait timeout seconds for response. Default 1.	>nbtscan -d 192.168.1.123 <output depends on other options>
-b bandwidth	Output throttling. Slow down packet output so that it uses no more that bandwidth bps. Useful on slow links, so that ougoing queries don't get dropped.	>nbtscan -b 28800 192.168.1.123 <output depends on other options>
-r	use local port 137 for scans. Win95 boxes respond to this only. You need to be root to use this option on Unix.	>nbtscan -r 192.168.1.123 <output depends on other options>
-q	Suppress banners and error messages	>nbtscan -q 192.168.1.123 <output depends on other options>
-s separator	Script-friendly output. Don't print column and record headers, separate fields with separator.	>nbtscan -s : 192.168.1.1-24 192.168.1.1:DIRDY-BIRDY :<server>:JOED :00-a0-c9-12-34-56 192.168.1.4:MIGHTY :<server<:JPSMITH :00-aa-00-78-90-12 192.168.1.5:BUGS-BUNNY :<server<:OUR_ADMIN :00-aa-00-34-56-78 192.168.1.19:DEFENDER :<server<:PETERA :00-60-b0-90-12-34 >nbtscan -s : -v 192.168.1.1 194.186.12.236:DIRDY-BIRDY :00U 194.186.12.236:COMPANY__COM :00G 194.186.12.236:DIRDY-BIRDY :20U 194.186.12.236:DIRDY-BIRDY :03U 194.186.12.236:COMPANY__COM :1eG 194.186.12.236:JOED :03U 194.186.12.236:MAC:00-a0-c9-12-34-56
-h	Print human-readble names for services. Can only be used with -v option.	>nbtscan -s : -h -v 192.168.1.1 194.186.12.236:DIRDY-BIRDY :Workstation Service 194.186.12.236:COMPANY__COM :Domain Name 194.186.12.236:DIRDY-BIRDY :File Server Service 194.186.12.236:DIRDY-BIRDY :Messenger Service 194.186.12.236:COMPANY__COM :Browser Service Elections 194.186.12.236:JOED :Messenger Service 194.186.12.236:MAC:00-a0-c9-12-34-56
-m retransmits	Number of retransmits. Default 0.	>nbtscan -m 2 192.168.1.123 <output depends on other options>
-f filename	Take IP addresses to scan from file filename

Installation

Installing from Win32 binaries

Download zip archive
Unpack it
Put nbtscan.exe and cygwin1.dll to directory in your PATH, such as winnt/system32
That's all. Now you can run nbtscan from command prompt.

Installing from sources on Windows

Download and install Cygwin from http://sources.redhat.com/cygwin/
Start Cygwin shell and proceed from there as in Unix installation

Installing from sources under Unix

Ungzip and untar sources
Run ./configure script
Run make and make install
That's all.

Perl version of NBTscan

NBTscan was first written in Perl. It is much more slow then its C cousin, and has less options, but it has an advantage also: Windows Perl script is able to receive responses from Windows 95 sent to port 137. So if you really have to scan Windows 95 boxes from Windows you can download and use Perl NBTscan. There is also a IpInfo (Perl script too) which runs both on NT and Unix, and gives some additional info (such as DNS host name). It was created by Steve Coleman.

Reporting bugs, sending comments, etc.

You can report bugs to the author (hey, that's me) alla (at) inetcat (dot) org. I am not promising to do anything about it, but I may well want to fix them. I shall also appreciate comments and suggestions. If you have somehow enhanced this program - send me a copy or a patch.

"Scanning" 카테고리의 다른 글

NBTScan. NetBIOS Name Network Scanner. (2)2007/07/18
Nmap을 이용한 네트워크 스캐닝과 방어하기 (0)2007/04/12
nmap Option (0)2007/04/03

Posted by webdizen

Tags NBTScan, Network, Scan, Security

No Trackback 2 Comments

Leave your greetings.

냥냥이

항상rss에 구독해서 보는데 좋은자료가 많군요 ㅎㅎ
2008/01/07 12:54 [ Permalink : Modify/Delete : Reply ]
- webdizen
  
  구독까지 해서 봐 주시다니 감사합니다. 제가 호기심이 많고, 궁금한걸 잘 참지 못해서 책을 찾아보거나, 인터넷을 통해 얻은 정보들을 아티클로 올려놓다보니 조금씩 쌓여진거 같아요.
  2008/01/07 15:48 [ Permalink : Modify/Delete ]

Programming/Network Programming2007/05/14 17:13

UDP 프로그래밍의 기초

이번 문서는 UDP 프로그래밍에 관한 내용입니다. 최소한의 UDP 프로그래밍을 할수 있는 수준의 간단한 문서입니다. 많은 도움이 되었으면 좋겠군요.

1절. 소개
2절. UDP 프로그래밍
2.1절. UDP란
2.1.1절. connectionless
2.1.2절. unreliable
2.1.3절. 프로그래머 관점에서 봤을때의 특징
2.1.4절. UDP 를 어디에 사용할수 있을까?
2.1.5절. UDP 를 이용하는 서버 작성
2.1.6절. UDP 를 이용하는 클라이언트 작성
2.2절. 예제 프로그램
2.2.1절. 서버 에제
2.2.2절. 클라이언트 예제
2.2.3절. 문제점

--------------------------------------------------------------------------------

1절. 소개
우리는 그동안 소켓 프로그래밍을 하면서 TCP/IP 를 이용한 프로그래밍을 했었다. 이번에는 TCP와 같은 레벨의 또다른 프로토콜인 UDP 프로그래밍에 대해서 알아보도록 할것이다.

--------------------------------------------------------------------------------

2절. UDP 프로그래밍
2.1절. UDP란
TCP/IP 4계층에서 봤을때 UDP 는 TCP 와 같은 Transport Layer 에 위치한다. 즉 UDP와 TCP는 동급의 프로토콜로 데이타를 전송하기 위해서 사용되는 프로토콜이다.

TCP가 연결지향적이고 신뢰할수 있는 데이타의 흐름을 제공하는 반면 UDP는 비연결지향성(connectionless)이며, 데이타의 흐름을 신뢰할수 없다는 특징이 있다.

--------------------------------------------------------------------------------

2.1.1절. connectionless
TCP는 서로 통신을 하기전에 상대방을 확인하는 절차를 가짐으로써, session(통신선로)를 맺는 작업을 하며, 연결된 session 을 통해서 데이타의 흐름이 이루어진다. 그러나 UDP 는 이러한 session 을 만들기 위한 작업을 하지 않고, 그냥 보내고 받기만을 한다. 그러므로 우리가 UDP 서비스를 하는 서버로 메시지를 보냈다고 하더라도, 메시지가 실제로 도착되었는지는 알수가 없다. 데이타는 보내질수도 있고 그렇지 않을수도 있다.

--------------------------------------------------------------------------------

2.1.2절. unreliable
또한 TCP와 달리 신뢰할수가 없다. TCP는 프로토콜자체에 메시지가 제대로 보내졌음을 체크할수 있는 다양한 장치를 가지고 있다. 즉 각 패킷에 순서를 매겨서, 순서가 뒤엉키지 않도록 재조립하며, 일정시간 동안 패킷이 도착하지 않으면, 해당 패킷을 다시 보내달라고 요청할수도 있다. 그러나 UDP는 이러한 어떠한 장치를 가지고 있지 않는다. UDP 로 전송된 패킷은 순서가 뒤바뀔수도 있으며, 중간에 패킷이 손실될수도 있다. 프로토콜 차원에서 패킷의 순서가 뒤바뀌었는지, 패킷이 손실되었는지 알수 있는 방법은 없다.

UDP 패킷에 신뢰성을 주기 위해서는 application 차원에서 직접 코딩을 해주어야만 한다. 보통은 패킷을 만들때 데이타 헤더를 따로 만들어서 일련번호등을 넣어서 서버측에 보내고 서버측에서는 이에 대한 응답을 보내는 방식을 이용하여 UDP 패킷에 신뢰성을 부여한다.

이렇듯 UDP 는 단순히 데이타 그램 위주의 통신을 하기 때문에, 데이타 그램 지향 프로토콜 이라고 불리우기도 한다. 실제로 UDP는 User Datagram Protocol 의 줄임말이다.

--------------------------------------------------------------------------------

2.1.3절. 프로그래머 관점에서 봤을때의 특징
UDP는 TCP 프로토콜이 가지고 있는 다양한 기능을 가지고 있지 않다. 당연히 더 간단하고, 더빠른 처리를 보장해준다. 또한 프로그래밍 하기도 더욱 간단하다. 나중에 예제를 들겠지만 UDP 를 이용하는 서버의 경우 listen, accept 를 할필요 없이 그냥 소켓을 생성하고, 읽을 데이타가 있는지 기다리기만 하면된다(connectionless 이므로 당연히 클라이언트의 accept 를 기다릴 필요가 없다).

--------------------------------------------------------------------------------

2.1.4절. UDP 를 어디에 사용할수 있을까?
언뜻 생각하기에 UDP는 TCP에 비해서 사용하기에 문제가 있을거라고 생각할수 있다. 그러나 UDP는 그 나름대로 적당한 사용처가 있다.

첫번째가 음성및 비디오를 위한 실시간 스트리밍 서비스이다. 음성서비스를 TCP로 해버릴경우의 문제점은 패킷이 중간에 빠질경우 음성비스가 중단되어버린다는 점이다(빠진 패킷에 대한 재 전송을 요청하므로). 하지만 이건 바람직한 현상이 아니다. 이건 마치 우리가 전화를 할때 중간에 약간의 잡음이 생겼다고 해서, 전화가 중단되는 것과 마찬가지의 상황이다. 우리는 약간의 잡음 때문에 (혹은 한두자 정도 언어가 전달이 안되는) 그걸 교정하느라고 서비스가 중단되는 것 보다는 서비스질이 약간 떨어지더라도 계속적으로 서비스가 되는걸 원할것이다. 즉 통신품질보다는 통신의 연속성이 더욱 중요시 되는곳에 유용하게 사용될수 있다. (물론 TCP로도 구현할수 있으며, 상당수의 서비스가 TCP로 서비스 된다. 다만 이러한 특징을 가지고 있음을 설명하는 것이다.)

두번째는 상당히 많은 패킷이 오가면서, 별로 중요하지 않은 몇개의 데이타 손실 정도는 눈감아줄수 있는 곳이다. 가장 유명한게 start craft 의 베틀넷 서비스가 아닐가 싶다. 이 베틀넷 서비스에는 수많은 유저가 접속해서 사용할건데, 서비스의 모든 부분에 TCP를 사용하기에는 TCP는 너무 느린 감이 있다. 특히 게임을 할때 서로 교환되는 수많은 패킷의 경우 매우 중요한 데이타가 아니므로, 그리고 게임의 흐름이 끊기면 안되므로 UDP로 처리되는게 더 유리할것이다.

이밖에도 UDP 를 통신 프로토콜로 사용하는 서비스로는 DNS 와 NFS, SNMP, syslog 등이 있다.

--------------------------------------------------------------------------------

2.1.5절. UDP 를 이용하는 서버 작성
UDP 서버역시 socket 를 이용해서 통신을 하지만 TCP와는 달리 연결지향이 아니므로 listen 과정과 accetp 과정이 필요 없다. socket > bind 과정후 만들어진 소켓 지정 번호 에서 데이타가 있을경우 이를 읽기만 하면 된다. 또한 클라이언트와 연결을 맺지 않기 때문에, 각 클라이언트의 요청해결을 위해서 fork, select, poll, thread 등을 이용해서 프로세스를 분기할 필요가 없다. 기본적으로 UDP를 이용한 서버의 경우 최초 socket 함수를 이용해서 만들어진 소켓 지정 번호 만을 가지고 통신이 가능하다. TCP에 있어서 최초 만들어진 소켓 지정 번호가 클라이언트의 연결을 accept 하기 위한 end point 전용으로 쓰이는 것과는 다르다. TCP를 이용한 플로그래밍에 있어서는 각 클라이언트와의 연결을 위해서 최초 생성된 하나의 소켓 지정 번호를 end point 로 하고 연결이 만들어지면 전용 통신 선로를 위한 소켓 지정 번호를 생성하고 이 소켓 지정 번호를 이용해서 통신을 하게 된다. UDP 는 이러한 작업이 필요 없으므로 서버를 매우 간편하고, 직관적으로 이해하기 쉽게 만들수 있다(단지 while 문을 돌리기만 하면 된다).

여기에서 한가지 의문점이 생긴다. 연결을 맺지 않는다고 했는데, 그렇다면 어떻게 여러개의 클라이언트로 부터 요청을 받았을때, 요청한 클라이언트에게 결과 데이타를 보낼수 있을까(단지 하나의 소켓 지정 번호를 이용해서)? 가장 간단하게 생각해볼수 있는 방법은 데이타를 받을때, 데이타를 보낸 클라이언트의 정보를 받아오고, 이 클라이언트의 정보를 토대로 데이타를 보내면 될것이다. Unix 는 이러한 함수를 제공하고 있다.

int recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen);
int sendto(int s, const void *msg, size_t len, int flags, const struct sockaddr *to, socklen_t tolen);

recvfrom 과 sendto 를 이용해서 원하는 클라이언트로 데이타를 보낼수 있다. recvfrom 은 TCP와 UDP 모두에서 사용이 가능한데, UDP 에서 사용할경우 sockaddr 구조체가 채워져서 돌아온다. 그러므로 우리는 클라이언트의 연결 정보를 알수 있게 된다. INET 서버의 경우라면 struct sockaddr_in 을 사용하게 될것이다. 우리는 sockaddr_in 의 멤버 변수를 확인함으로써 port 와 address 등 통신을 위해서 꼭 필요한 정보를 얻을수 있다.

struct sockaddr_in 
{ 
    __SOCKADDR_COMMON (sin_); 
    in_port_t sin_port;             /* Port number.  */ 
    struct in_addr sin_addr;        /* Internet address.  */ 
    .... 
};

sockaddr_in 은 /usr/include/netinet/in.h 에 선언되어 있다.

sendto 도 recvfrom 과 마찬가지로 TCP/UDP 모두에 사용가능하며, struct sockaddr 에 메시지를 보낼 호스트(클라이언트 혹은 서버 호스트)의 정보를 채워 넣음으로써 원하는 클라이언트 에게 메시지를 보낼수 있다.

--------------------------------------------------------------------------------

2.1.6절. UDP 를 이용하는 클라이언트 작성
UDP 클라이언트는 그야말로 초 간단이다. socket 을 열고나서 sendto 함수이용해서 쓰기만 하면 그걸로 끝이다.

--------------------------------------------------------------------------------

2.2절. 예제 프로그램
이제 간단한 예제를 만들어 보도록 하겠다. 덧셈 서버/클라이언트로, 클라이언트측에서 2개의 숫자를 보내면 서버측에서 이걸 받아서 더한다음 돌려주는 간단하지만 UDP 의 프로그래밍을 하기 위한 최소한의 내용을 담고 있다.

--------------------------------------------------------------------------------

2.2.1절. 서버 에제
예제 : sum_server.c

#include <sys/types.h> 
#include <sys/stat.h> 
#include <sys/socket.h> 
#include <unistd.h> 
#include <netinet/in.h> 

struct data 
{ 
    int a; 
    int b; 
    int sum; 
}; 

int main(int argc, char **argv) 
{ 
    int sockfd; 
    int clilen; 
    int state; 
    int n; 
    int sum; 
    struct data add_data;     

    struct sockaddr_in serveraddr, clientaddr; 

    clilen = sizeof(clientaddr); 
    sockfd = socket(AF_INET, SOCK_DGRAM, 0); 
    if (sockfd < 0) 
    { 
        perror("socket error : "); 
        exit(0); 
    } 

    bzero(&serveraddr, sizeof(serveraddr)); 
    serveraddr.sin_family = AF_INET; 
    serveraddr.sin_addr.s_addr = htonl(INADDR_ANY); 
    serveraddr.sin_port = htons(1234); 

    state = bind(sockfd, (struct sockaddr *)&serveraddr, 
        sizeof(serveraddr)); 
    if (state == -1) 
    { 
        perror("bind error : "); 
        exit(0); 
    } 

    while(1) 
    { 
        n =recvfrom(sockfd, (void *)&add_data, sizeof(add_data), 0, (struct sockaddr *)&clientaddr, &clilen); 
        add_data.sum = add_data.a + add_data.b; 
        sendto(sockfd, (void *)&add_data, sizeof(add_data), 0, (struct sockaddr *)&clientaddr, clilen); 
    } 
    close(sockfd); 
}

예제 프로그램은 더할나위 없이 간단하다. 소켓을 생성해서 bind 하는것 까지는 TCP 프로그래밍과 매우 비슷하다. 다른것이 있다면 최초 socket 함수를 호출할때 2번째 인자로 SOCK_STREAM 대신 SOCK_DGRAM 을 쓴다는것이다. SOCK_STREAM 을 명시해 줌으로써 UDP 소켓을 사용할수 있다. 그리고 listen, accept 함수가 없이 바로 데이타 전송/수신 과 관련된 함수를 호출함을 알수 있다. 이는 클라이언트와 연결을 생성시키지 않기 때문이다.

그리고 redvfrom 함수를 호출하여서, 클라이언트로 부터 데이타를 읽어 들이고 읽어들인 데이타를 더하고 그 결과값을 sendto 를 이용해서 클라이언트측으로 보낸다. recvfrom과 sendto 의 5번째 아규먼트를 주목하기 바란다. 5번째 아규먼트로 클라이언트의 소켓구조체 주소를 가져옴으로 우리는 다중의 클라이언트에 대한 요청을 처리할수 있게 된다.

--------------------------------------------------------------------------------

2.2.2절. 클라이언트 예제
예제 : sum_client.c

#include <sys/types.h> 
#include <sys/stat.h> 
#include <sys/socket.h> 
#include <unistd.h> 
#include <netinet/in.h> 

struct data 
{ 
    int a; 
    int b; 
    int sum; 
}; 
int main(int argc, char **argv) 
{ 
    int sockfd; 
    int clilen; 
    int state; 
    char buf[255]; 

    struct sockaddr_in serveraddr; 
    struct data add_data; 


    memset(buf, 0x00, 255); 
    clilen = sizeof(serveraddr); 
    sockfd = socket(AF_INET, SOCK_DGRAM, 0); 
    if (sockfd < 0) 
    { 
        perror("socket error : "); 
        exit(0); 
    } 

    bzero(&serveraddr, sizeof(serveraddr)); 
    serveraddr.sin_family = AF_INET; 
    serveraddr.sin_addr.s_addr = inet_addr("127.0.0.1"); 
    serveraddr.sin_port = htons(1234); 

    add_data.a = atoi(argv[1]); 
    add_data.b = atoi(argv[2]); 

    sendto(sockfd, (void *)&add_data, sizeof(add_data), 0, (struct sockaddr *)&serveraddr, clilen); 
    recvfrom(sockfd, (void *)&add_data, sizeof(add_data), 0, NULL, NULL); 

    printf("--> %d + %d = %d 
", add_data.a, add_data.b, add_data.sum); 
    close(sockfd); 
}

클라이언트는 더 간단하다. socket 만 만들고 나서 바로 통신에 들어간다. 클라이언트는 아규먼트로 2개의 숫자를 받아들인 다음 이것을 서버에 보내고, 서버의 결과값(더한값)을 가져오고, 이것을 출력시켜준다.

--------------------------------------------------------------------------------

2.2.3절. 문제점
위의 UDP 를 이용한 서버/클라이언트 모델은 몇가지 문제점을 가지고 있다. 위의 예제를 가지고 테스트를 해보면 알겠지만, 서버 프로그램이 떠있지 않더라도 클라이언트는 이를 감지 하지 못하고, 메시지를 보낸다. 또한 메시지가 정확히 전달되었는지 그렇지 않은지 클라이언트는 감지 하지 못한다. 데이타를 보내는 걸로 끝이기 때문이다. 그리고 무작정 서버로부터의 응답을 기다리는데, 서버는 죽어 있음으로 당연히 클라이언트는 응답을 받지 못할것이고, 클라이언트는 계속 block 된 상태로 떠있게 될것이다

사실 이건 어쩔수 없는 문제이다. UDP 프로토콜 자체가 데이타의 흐름을 제어할수 있는 어떤 장치를 제공해주지 않기 때문이다. 이를 해결하기 위해서는 어플리케이션 차원에서 해결하는 수 밖에 없다. 즉 최초에 서버에 어떤 메시지를 보내고(HELO 메시지) 일정시간안에 서버로 부터 메시지가 도착하는지 확인하고나서, 통신을 시작하는 것이다. 통신할때도 역시 일정시간안에 응답 메시지가 서버로 부터 도착하는지를 확인해주어야 할것이다.

출처 : http://joinc.co.kr/modules.php?name=new ··· 3Dnested

"Network Programming" 카테고리의 다른 글

Posted by webdizen

Tags Network, UDP, UDP 프로그래밍

No Trackback No Comment

Leave your greetings.

Programming/Network Programming2007/05/14 17:02

ICMP 프로그래밍

ICMP 는 인터넷 상에서 호스트에 네트웍단절과 같은 문제를 확인하기위한 방법으로 많이 사용한다. 이번문서는 ICMP를 이용한 프로그래밍에 대한 내용과 또한 ICMP 프로토콜에 대한 개괄적인 내용또한 담고 있다.

1절. 소개
2절. ICMP 프로토콜에 대해서
2.1절. ICMP 의 사용목적
2.2절. ICMP 프로토콜의 구조
3절. ICMP 프로그래밍

--------------------------------------------------------------------------------

1절. 소개
이문서는 실제로 ICMP 를 어떻게 이용할수 있는지에 대한 내용을 담고 있다. 간단한 ICMP 프로토콜에 대한 개요를 설명한후에 socket 를 이용해서 어떻게 ICMP 프로토콜의 사용이 가능한지에 대해서 얘기하게 될것이다.

이 문서는 여러분이 네트웍 프로토콜들과 TCP/IP 4계층과 socket 프로그래밍 환경에 대한 기본적인 이해를 하고 있다는 가정하에 만들어 졌다. 이들 내용은 이 사이트에서 여러개의 문서에 걸쳐서 다루고 있다. 네트웍 프로그래밍 섹션과 TCP/IP 섹션의 문서들을 참고하기 바란다.

--------------------------------------------------------------------------------

2절. ICMP 프로토콜에 대해서
2.1절. ICMP 의 사용목적
ICMP 는 Inernet Control Message Protocol 의 줄임말이다. ICMP 프로토콜은 보통 다른 호스트나 게이트웨이 와 연결된 네트웍에 문제가 있는지 확인하기 위한 목적으로 주로 사용된다.

ICMP 를 이용한 가장 유명한 프로그램으로는 ping 프로그램이 있다. 우리는 ping 프로그램을 애용해서 특정한 게이트웨이, 호스트, 라우터 등이 제대로 작동을 하고 있는지 등을 조사하며, ICMP 요청에 대한 응답시간을 검사 함으로써 네트웍 상태도 어느정도 확인할수 있다.

--------------------------------------------------------------------------------

2.2절. ICMP 프로토콜의 구조
ICMP 메시지는 기본적으로 IP header 를 이용해서 보내어진다. IP header 정보를 보면 (IP 자세히보기 를 참조하라), 9번째 필드가 protocol 을 위해서 사용되고 있음을 알수 있을것이다. ICMP protocol 을 위해서는 "1" 을 사용한다.

ICMP 는 다음과 같은 구조를 가진다. 첫번째 32 비트까지가 ICMP 헤더이며, 나머지부분은 ICMP 데이타이다. 이 데이타 영역은 ICMP의 어떤 기능을 이용할것이냐에 따라 다르게 설정될수 있다.
0    31
+------------+-------------+-----------------+
| Type | Code    | CheckSum    |
+------------+-------------+-----------------+
| 가변 데이타    |
|    |

Type 필드에는 ICMP 오류 메시지의 종류를 식별하는 코드가 채워진다. Code 는 각 Type 종류에 대한 자세한 오류의 유형을 알려주기 위해서 사용된다. 이 Type 에는 다음과 같은 종류가 있다.

표 1. ICMP Type 필드 유형

0	icmp echo replay	icmp 요청에 대한 icmp 응답
3	Destination Unreachable Message	수신지까지 메시지가 도착할수 없음
4	Source Quench Message	송신지 억제
5	Redirect Message	재지시
8	icmp echo request	목적지 호스트에 ICMP 응답을 요청한다
11	Time Exceeded Message	데이타그램 시간초과(TTL 초과)
12	Parameter Problem Message	데이타그램에서의 파라메타 문제
13,14	Timestamp or Timestamp Reply Message	13:시간기록요청, 14:시간기록응답

Code 필드는 위에서 말했듯이 Type 에 따라 각각 다른 값을 가진다. 예를들어서 Type 3 번에 Code 0 번이 발생했을경우에는 오류 메시지 종류는 "수신지까지 메시지가 도착할수 없음" 이며, 그 이유는 Redirect datagrams for the Network, 즉 "네트웍을 획술할수 없음"이 된다. 이문서에서는 각 ICMP Type 에 따른 Code 까지 설명하진 않겠다. 이에 대한 자세한 내용은 rfc729 를 참고하기 바란다.

--------------------------------------------------------------------------------

3절. ICMP 프로그래밍
그럼 이제 ICMP 를 이용해서 실제 프로그래밍을 해보도록 하겠다.

ICMP 응답을 위해서 전송해야할 ICMP 헤더정보는 다음과 같다(rfc 문서에 정의되어 있음). 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+-

그러므로 우리는 Type, Code, Checksum, Identfier, Sequence Number 를 채워서 완전한 ICMP 패킷을 만들어줘야 한다. Type 는 8번이 될것이고, Code 는 0, Checksum, Identifier, Sequence Number 은 적당히 만들어줘서 채워주면 될것이다. 될것이다. Identifier 와 Sequence Number 는 내가 보낸 ICMP 응답에 대한 메시지인지를 확인하기 위한 목적으로 사용한다. 만약 내가 Identifier 를 120 으로 세팅해서 보냈다면, 수신된 ICMP 메시지의 Identifer 이 120인지를 확인함으로써, 내가 보낸 ICMP 요청에 대한 응답인지를 확인가능하다. 여기에 Sequence Number 를 이용함으로써, 패킷의 일련번호까지 확인할수 있다.

그럼 실제 프로그래밍 과정을 통해서 확인해 보도록 하자. 일단 socket 를 만들때 RAW 소켓(생소켓 혹은 날소켓이라고도 한다). ICMP 는 IP 와 같은 계층에 있음으로 TCP/UDP 소켓을 이용한 접근은 불가능하기 때문이다. 어쩔수 없이 RAW 소켓을 이용해서 직접 ICMP 헤더를 고쳐주어야 한다.

icmp 헤더를 세팅하는건 icmp 구조체에 필요한 값을 써줌으로써 간단히 해결할수 있다. icmp 헤더구조체는 /usr/include/netinet/ip_icmp.h 에 선언되어 있다. 구조체를 보면 상당히 많은 다양한 멤버 변수들을 가지고 있는데, 우리는 이들 값중 Type, Code, Checksum, Identifier, Sequence Number 만을 사용하면된다. 이들을 가르키는 멤버변수는 각각 icmp_type, icmp_code, icmp_id, icmp_seq 이다.

예제 : icmp_echo.c

#include <stdlib.h> 
#include <string.h> 
#include <netinet/ip.h> 
#include <netinet/ip_icmp.h> 
#include <arpa/inet.h> 
#include <errno.h> 
#include <sys/socket.h> 
#include <stdio.h> 
#include <unistd.h> 

int in_cksum(u_short *p, int n); 

int main(int argc, char **argv) 
{ 
    int icmp_socket; 
    int ret; 
    struct icmp *p, *rp; 
    struct sockaddr_in addr, from; 
    struct ip *ip; 
    char buffer[1024]; 
    int sl; 
    int hlen; 
    int ping_pkt_size; 

    icmp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 
    if(icmp_socket < 0) 
    { 
        perror("socket error : "); 
        exit(0); 
    } 

    memset(buffer, 0x00, 1024); 

    p = (struct icmp *)buffer; 
    p->icmp_type=ICMP_ECHO; 
    p->icmp_code=0; 
    p->icmp_cksum=0; 
    p->icmp_seq=15; 
    p->icmp_id=getpid(); 

    p->icmp_cksum = in_cksum((u_short *)p, 1000); 
    memset(&addr, 0, sizeof(0)); 
    addr.sin_addr.s_addr = inet_addr(argv[1]); 
    addr.sin_family = AF_INET; 


    ret=sendto(icmp_socket,p,sizeof(*p),MSG_DONTWAIT,(struct sockaddr *)&addr, sizeof(addr)); 
    if (ret< 0) 
    { 
        perror("sendto error : "); 
    } 

    sl=sizeof(from); 
    ret = recvfrom(icmp_socket,buffer, 1024, 0, (struct sockaddr *)&from, &sl);   
    if (ret < 0) 
    { 
        printf("%d %d %d\n", ret, errno, EAGAIN); 
        perror("recvfrom error : "); 
    } 

    ip = (struct ip *)buffer; 
    hlen = ip->ip_hl*4; 
    rp = (struct icmp *)(buffer+hlen); 
    printf("reply from %s\n", inet_ntoa(from.sin_addr)); 
    printf("Type : %d \n", rp->icmp_type); 
    printf("Code : %d \n", rp->icmp_code); 
    printf("Seq  : %d \n", rp->icmp_seq); 
    printf("Iden : %d \n", rp->icmp_id); 
    return 1; 
} 

int in_cksum( u_short *p, int n ) 
{ 
    register u_short answer; 
    register long sum = 0; 
    u_short odd_byte = 0; 

    while( n > 1 ) 
    { 
        sum += *p++; 
        n -= 2; 
     
    }/* WHILE */ 


    /* mop up an odd byte, if necessary */ 
    if( n == 1 ) 
    { 
        *( u_char* )( &odd_byte ) = *( u_char* )p; 
        sum += odd_byte; 
     
    }/* IF */ 

    sum = ( sum >> 16 ) + ( sum & 0xffff );    /* add hi 16 to low 16 */ 
    sum += ( sum >> 16 );                    /* add carry */ 
    answer = ~sum;                            /* ones-complement, truncate*/ 
     
    return ( answer ); 

} /* in_cksum() */

in_cksum 함수는 다른 ICMP 를 이용하는 프로그램에서 공통적으로 사용된다. checksum 을 만들기 위한 알고리즘 정도로 생각하면 될것 같다. 실제로 ping, aping, fping 등의 관련 어플리케이션에서 사용되어지고 있다.

이제 위의 코드를 컴파일한후 테스트를 해보자.
[root@local ping]# ./icmp_echo 66.218.71.89
reply from 66.218.71.89
Type : 0
Code : 0
Seq : 15
Iden : 2323

ICMP ECHO REPLY(Type 0) 로 ICMP ECHO(Type 8) 에 대한 응답이 왔음을 알수 있다. 또한 Seq과 Iden값을 이용해서 icmp_echo 가 보낸 어플리케이션의 ICMP ECHO 에 대한 응답임을 알수 있다.

심심한데? tcpdump 를 이용해서 실제 패킷이 어떻게 이동하는지 알아보자. 아래는 위의 결과를 tcpdump 한 화면이다. -x 는 16진수 코드로 출력받기 원할때 사용하는 옵션이다.
[root@coco ping]# tcpdump icmp -x
11:08:00.763994 eth0 > localhost > w10.scd.yahoo.com: icmp: echo request (DF)
4500 0030 0000 4000 4001 8b6f c0a8 6482
42da 4759 0800 d5f6 1309 0f00 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
11:08:00.933994 eth0 < w10.scd.yahoo.com > localhost: icmp: echo reply (DF)
4500 0030 8352 4000 3501 131d 42da 4759
c0a8 6482 0000 ddf6 1309 0f00 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
...

위의 dump 화면에서 하나의 문자는 4비트를 나타낸다. 위의 dump 를 간단히 분석해 보자면 4500 ~ 4759 까지가 TCP 헤더이고, 나머지 부분이 ICMP 헤더+데이타 부분임을 알수 있다(IP표준 헤더의 크기는 160 bit 임으로). ICMP 헤더부분은 0800 에서 d5f6 까지의 부분이며(ICMP 표준 헤더크기는 32 bit 임으로), 1309 이하가 ICMP 데이타 부분임을 알수 있다.

또한 우리는 IP 의 버전이 4 이고 프로토콜이 1을 사용하고 있음을 알수 있다. IP 헤더의 처음 4비트가 Version 정보를 나타내므로 4500 의 4가 version 정보, 5가 IHL정보 임을 알수 있다. 이런식으로 찾아보면 protocol 정보가 72bit 후에 존재하고 8bit 크기를 가짐으로 dump 의 5번째 값인 4001 의 01 임을 알수 있다. 그러므로 40 은 TTL 임을 알수 있을것이다. 또한 source address 는 c0a8 6482 destination address 는 42da 4759 임을 유추해 낼수 있을것이다(IPv4 의 주소체계에서 주소는 32비트 크기를 가짐으로). IP헤더 정보는 IP 자세히보기 를 참조하기 바란다.

그럼 ICMP 를 분석해보도록 하자. Type와 Code 는 각각 8bit 크기를 가짐으로 0800 이 Type 와 Code 를 가리킴을 알수있다. d5f6 는 cheksum 이며 1309 가 바로 Identifier 이다. 1309 가 정말로 우리가 입력한 Identifier 번호인 2323 인지 확인해보길 원한다면 10 진수를 16진수로 변환 가능한 계산기를 이용해서 계산해 보면된다. 0f 는 우리가 입력한 Sequence Number 15 임을 알수 있다.

w10.scd.yahoo.com 에서 넘어온 ICMP ECHO REPLAY dump 화면의 Identifier 과 Sequence Number 가 일치함을 알수 있다. 그러므로 우리는 해당 ICMP ECHO REPLAY 패킷이 우리가 전송한 ICMP ECHO에 대한 응답 패킷임을 알수 있다.

위 프로그램은 ICMP ECHO 체크를 위한 최소한의 기능만을 가지고 있다. 만약에 ICMP REPLAY 가 되지 않는 IP에 대해서는 계속 블럭된 상태로 있게 될것이다. 이럴때는 기다리는 시간을 체크하는 방법등을 이용해서 체크를 해주어야 할것이다.

솔라리스도 위의 코드 수정없이 사용하능하지마,
추가시켜줘야할 헤더파일들이 몇개 있습니다.

#include <sys/socket.h> 
#include <sys/types.h> 
#include <arpa/inet.h> 
#include <stdlib.h> 
#include <errno.h> 
#include <unistd.h> 
#include <netinet/in_systm.h> 

#include <netinet/ip.h> 
#include <netinet/ip_icmp.h>

그리고 ICMP 메시지는 기본적으로 방송(브로드캐스팅) 됩니다.
간단한 테스트를 위해서 위의 icmp_echo 를 단지 응답만을 기다리도록
수정한뒤 한 2개 정도 띄워놓습니다.

그다음 ping 프로그램을 이용해서 아무 서버에나 ping 을 보내고 응답을
기다리면 ping 에도 응답이 가고 icmp_echo 2개 에도 모두 응답이 가는걸
확인하실수 있을겁니다.

RAW 소켓을 다루기 위해서는 root 권한이 필요합니다.
ping 프로그램을 보더라도 SID가 주어져 있음을 알수 있습니다 .
위 프로그램을 일반유저로 실행시킬려면 sid 권한이 주어져야 합니다.
chmod +s 를 이용하면 됩니다.

이러한 특징 때문에 icmp 패킷에 chksum 과 일련번호를 두어서 ICMP 응답을
구분할수 있도록 하고 있습니다.

출처 : http://joinc.co.kr/modules.php?name=new ··· 3Dnested

"Network Programming" 카테고리의 다른 글

IOCP Thread Pooling in C# (0)2007/07/26
UDP 프로그래밍의 기초 (0)2007/05/14
ICMP 프로그래밍 (0)2007/05/14
libpcap 프로그래밍 (0)2007/05/14
pcap 을 이용한 id,password 정보가져오기 (0)2007/05/14

Posted by webdizen

Tags ICMP, Network

No Trackback No Comment

Leave your greetings.

«Prev 1 Next»

7 Articles, Search for 'Network'

Trackback URL : http://www.webdizen.net/blog/trackback/3315

Leave your greetings.

Trackback URL : http://www.webdizen.net/blog/trackback/3314

Leave your greetings.

Trackback URL : http://www.webdizen.net/blog/trackback/3313

Leave your greetings.

Trackback URL : http://www.webdizen.net/blog/trackback/3096

Leave your greetings.

General Information

FAQ

Where can I get NBTscan?

Is there source code available ?

NBTscan lists my Windows boxes just fine but does not list my unixes or routers. Why?

I get some error message on a certain operating system while compiling or running NBTscan. What can I do?

Are there any docs in Russian?

How do I write NBTscan output into a file?

How do I make NBTscan write its output one screen at a time?

How do I export NBTscan output into an Excel file?

Why do I get "Connection reset by peer" errors on Windows 2000?

Is there a GUI for nbtscan?

Why nbtscan doesn't scan for shares? Are you going to add share scanning to nbtscan?

Why do I get 00-00-00-00-00-00 instead of MAC address when I scan a Samba box?

Usage

Installation

Installing from Win32 binaries

Installing from sources on Windows

Installing from sources under Unix

Perl version of NBTscan

Reporting bugs, sending comments, etc.

Trackback URL : http://www.webdizen.net/blog/trackback/3079

Leave your greetings.

Trackback URL : http://www.webdizen.net/blog/trackback/2944

Leave your greetings.

Trackback URL : http://www.webdizen.net/blog/trackback/2942

Leave your greetings.

Categories

Notice

Tags

Recent Articles

Recent Comments

Recent Trackbacks

Archive

Calendar

Bookmarks