1

Well I get a "host was not accessible" error when trying to use a software. I don't know which port they use nor which address they are trying to reach. Is there a more or less easy way to figure that out?

I got a program called wireshark - but the data is just huge. Is there an alternative or way to filter data to get a good overview?

Toskan
  • 115
  • 2
  • 2
  • 9

7 Answers7

3

If you have access to the firewall logs look in them.

Chopper3
  • 101,299
  • 9
  • 108
  • 239
  • well this is a good idea, but I asked them and as it turned out, there wasn't a problem with the firewall. It was a new installation and the personal firewall on the windows blocked the traffic. – Toskan Nov 01 '12 at 13:37
2

If it's not in the documentation, you're going to have to sift through a Wireshark or Netmon dump. That being said, a quick call to the mystery application's support staff should resolve your problem.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
1

Are you using Linux? If so, as others mentioned, you access the data using wireshark/tcpdump, filtered for the IP, while using that software.

On the server, you can try running netstat or a similar program depending on your OS that will tell you what ports are being listened to. Use the man page to see if further options (such as what the program command line is for each listened port) can help you narrow it down.

Or you can drop the firewall temporarily and run NMap against the server, scanning all ports, to see what's open. Or scan it from behind your firewall if you're not running a software firewall. Note the open ports and investigate.

If it is on Linux (or some Windows machines) you can look in the config files to see if they have a port specified.

Last, see if you can get in touch with any of the ex-developers from that company, or other customers of that software and see if they can help; if you can find any of them, maybe they know of other customers or have a support forum or other admins that are running the software that can get into a mailing list to help each other out.

Bart Silverstrim
  • 31,172
  • 9
  • 67
  • 87
  • as I was running a software firewall, I'll accept this answer since it mentions it. It was btw an attempt to active ftp on port 20 (*grmpf*) – Toskan Nov 01 '12 at 13:39
0

Contacting the supplier/manufacturer of the software would seem like a sensible thing to do in this situation.

user9517
  • 115,471
  • 20
  • 215
  • 297
0
  • stop to hear lamers
  • nestat -nab 1 (in case of Windows, change some parameters in case of Linux)
  • run
  • monitor output of netstat
Lazy Badger
  • 3,137
  • 15
  • 13
0

There are a couple of different options, ranging from "simple and a long shot" to "sure to work but tedious".

You say the network trace is huge. Have you tried to shut down all unnecessary programs and network communication first? A surefire way is to use a Virtual Machine to start the program. This makes it a lot easier for you to trace its activity, since it is limited to a specific IP.

If it is really difficult for you to find the correct network activity, attach a debugger and do a trace on the program. You can filter out calls to well-known application libraries like WinSock, or even set a breakpoint on when the "host was not accessible" error dialog is shown. This is however very tedious and will require some reverse engineering voodoo.

parasietje
  • 188
  • 7
0

If you have the source code, grep it for the word socket. When you find it, the port will be around that line of code.

Jonathan Henson
  • 979
  • 2
  • 10
  • 16