Query a UDP port ...

[Cider]

Hi guys,

Got an issue with software that needs a certain UDP port open. Now UDP is conenctionless so I cant test it with telnet. I have used port Query from MS (http://support.microsoft.com/?id=832919 and I have ran it against that UDP port.

I basically get a response of listening or filtered. Listening is what I am looking for but filtered means there is no response so that answer is not definitive.

Does anyone know a tool that I can run on our a windows machine (XP / VISTA) that will give me a clear indiciation that X computer is in fact listening on UDP port XXXX.

It also needs TCP but I can use telnet to test the connectivity for that.

I am open to suggestions.

Thanks

[Cheap Scotch Ron]

In windoze env, I use netstat from the command line and a GUI shareware app called netinfo.
http://www.tucows.com/preview/194676

[HTRegz]

UDP is a different sort of beast because it is Connectionless. You don't have the S, SA, A of TCP to confirm if a port is open, instead you have to rely on ICMP error messages, which are often filtered... meaning detection can't always be as reliable as you'd like it to be.

nmap does UDP port scanning and includes ncat which will allow you to connect to a UDP port and send/recv data.

[The-Spec]

I seem to remember being able to do normal syn scans and everything would appear to be in an open state except for the ones sending datagrams.

[Cheap Scotch Ron]

Use this to test the connection
http://www.simplecomtools.com/udptesttool.html

You can also catch the packets re: man-in-the-middle with something like ethereal/wireshark.

[gore]

HT, you didn't mention Hping OR IPSorcery Those are probably two of the best free hand packet making tools ever.

[Cheap Scotch Ron]

you didn't mention Hping

gore, have you compiled this on any OS other than Solaris (the install doc specifically mentions solaris)? I downloaded the hping source from hping.org, but I cant get it to compile on OSX or linux. Here's the log of the compile. Any thoughts?

CSR

MBA:hping2-rc3 rtb$ make
gcc -c -O2 -Wall -g main.c
gcc -c -O2 -Wall -g getifname.c
getifname.c: In function ‘get_output_if’:
getifname.c:345: warning: pointer targets in passing argument 3 of ‘getsockname’ differ in signedness
gcc -c -O2 -Wall -g getlhs.c
gcc -c -O2 -Wall -g linux_sockpacket.c
gcc -c -O2 -Wall -g parseoptions.c
gcc -c -O2 -Wall -g datafiller.c
gcc -c -O2 -Wall -g datahandler.c
gcc -c -O2 -Wall -g gethostname.c
gcc -c -O2 -Wall -g binding.c
gcc -c -O2 -Wall -g getusec.c
gcc -c -O2 -Wall -g opensockraw.c
gcc -c -O2 -Wall -g logicmp.c
gcc -c -O2 -Wall -g waitpacket.c
gcc -c -O2 -Wall -g resolve.c
gcc -c -O2 -Wall -g sendip.c
gcc -c -O2 -Wall -g sendicmp.c
gcc -c -O2 -Wall -g sendudp.c
gcc -c -O2 -Wall -g sendtcp.c
gcc -c -O2 -Wall -g cksum.c
gcc -c -O2 -Wall -g statistics.c
gcc -c -O2 -Wall -g usage.c
gcc -c -O2 -Wall -g version.c
gcc -c -O2 -Wall -g antigetopt.c
gcc -c -O2 -Wall -g sockopt.c
gcc -c -O2 -Wall -g listen.c
gcc -c -O2 -Wall -g sendhcmp.c
gcc -c -O2 -Wall -g memstr.c
gcc -c -O2 -Wall -g rtt.c
gcc -c -O2 -Wall -g relid.c
gcc -c -O2 -Wall -g sendip_handler.c
gcc -c -O2 -Wall -g libpcap_stuff.c
In file included from libpcap_stuff.c:20:
/usr/include/net/bpf.h:105: error: redefinition of ‘struct bpf_program’
/usr/include/net/bpf.h:130: error: redefinition of ‘struct bpf_version’
/usr/include/net/bpf.h:342: error: redefinition of ‘struct bpf_insn’
libpcap_stuff.c: In function ‘pcap_recv’:
libpcap_stuff.c:61: warning: pointer targets in assignment differ in signedness
make: *** [libpcap_stuff.o] Error 1
MBA:hping2-rc3 rtb$

[gore]

gore, have you compiled this on any OS other than Solaris (the install doc specifically mentions solaris)? I downloaded the hping source from hping.org, but I cant get it to compile on OSX or linux. Here's the log of the compile. Any thoughts?

CSR

I usually keep two versions around on my server as a back up because it can be a little tricky to get going. I have it installed though on Slackware and SUSE, and it does work depending on the version.

I can't remember f you have to do ./configure first or not though, either Hping or IPSorcery requires it, I just don't remember as I'm a bit half asleep at the moment.

I'll boot up my Laptop in a bit and check which one I used and reply here. I have Solaris but I don't think I've ever actually compiled it on there. I'll see which exact version number I have working. I know Hping3 was giving me a problem not to long ago on a machine with FreeBSD. Think I went with a port for that.

Which distro are you using this on?

[Cheap Scotch Ron]

Which distro are you using this on?

I tried to compile on OSX 10.5.8 and OpenSuse 10.3 (64 bit)

[gore]

I tried to compile on OSX 10.5.8 and OpenSuse 10.3 (64 bit)

Ahh, OK, 10.3 I think had an RPM I just can't remember which server it was that I added to YAST2 for packages. But some other versions may work better. OS X I can't do much with since I've got nothing with that on it and no Macs here. But SUSE as long as you have the compilers installed (Which by default, if you do a basic install, will need to be installed since the basic default is for home users who don't code or compile) but once the rest of that is installed, there is a version of Hping that works on SUSE, I've used it on there a lot in the past.