Recently one of my machines was infected with malware using IRC to communicate back to it's command and control center.
This just sparked interest within me to see if there was a program I could create in C# that is capable of monitoring traffic over TCP that contains strings such as PONG / NICK / USER (strings the irc rfc needs to communicate), and then can tell me the process that that traffic is coming from.
It would be an interesting learning experience for me, and it's something that I want to attempt.
I've done some research and I found something that did make use of WinPcap but i think I'd like to avoid a solution using pcap if possible, can anyone send any suggestions my way?
I know I may be able to view connections between my computer and other hosts using System.Net.NetworkInformation.TcpConnectionInformation and possibly IPGlobalProperties but I'm not sure if there is anyway I can view the information in realtime, or easily trace it back to a process on my PC.
Thank you.
This is going to be hard. The API you need is native, Windows Filtering Platform (WFP). According to Microsoft, this is not accessible from C#, you would have to wrap it in C++/CLI first.
See here and here for discussion. The second thread has some 'could be useful' stuff for you.
Related
I'm working on a client/server project which requires I write my own solution instead of using an already made solution. One of my requirements is that I need the server to run on Linux and the client to run on Windows. Another requirement is that I need my solution to support as many Windows Operating Systems as possible. These requirements lead me to developing in C#, targeting the .NET Framework 2.0, for both the client and server - the client will be built using Visual Studio while the server will be built using Mono.
Part of the solution I'm developing will require that I transfer both messages (not like a chat program, these will be more of operational instructions for the client and server applications themselves), as well as transferring files to and from the client and server.
Here's where I'm stuck - sockets. I'm trying to figure out how to transfer a file and why I'm banging my head against the wall trying to write my own protocol when I don't believe I need to. I'm using sockets and not a TCPClient, I've followed the examples on MSDN for creating an Async client and server, but completely stuck just trying to send a file.
I think the reason I'm stuck is because of my ignorance in socket development (on top of that, I'm not a developer - I'm just good at researching and learning on the fly). All of the examples I can find for transferring a file simply show a code example of how to do it. I'm not interested in more code examples, I need to understand what's happening behind the scenes. When I call the Socket.BeginReceive method, what is it expecting and how do I know that the client will send more? Do I need to break up the data being sent into chunks that will fit inside a TCP packet, or is .NET doing that for me? If .NET is breaking up the data, then what goes into the buffer I've defined for the socket? Does the buffer wait until the TCP packets have filled it up before handing it over to my code?
In short, I think what I need is for someone to explain how a socket file transfer is accomplished - not how to accomplish it.
I would like to write a simple application to send text messages between a server (Windows) and a client (a Xamarin App running on android), which would remotely control music (played by the server) with basic text commands (like "pause", "skip", "play " ...).
The setup I had tought about would work like this:
When I start the android app, it tries to connect to the server (they are in the same local network using LAN/WiFi, so I'd just use my local IP for that). Then, with the connection established, both would be able to send messages to the other one (client -> server: play this song etc, server -> client: song finished, song not found, etc). Of course, that should be done in a threaded or asynchronous manner so that both applications do not block up their UI. The server would run in the background and wait for the next message, which would trigger an event taking care of doing the requested action.
I already searched on how to do this in a beginner friendly way, but haven't found much that I could work with. I only have basic knowledge on asynchronous/threaded programming, and not enough on networking (in .net). Each solution I found wasn't made for a connection to stay open but rather "read stream, send answer, close connection" (which is not what I want) or was far to complex.
I know that there are countless tutorials available, but I simply couldn't make up how to use them for my scenario. Example Code or easy to understand explanations on how to accomplish things like keeping the connection open in a non-blocking way, and how to send and receive a complete, self-contained message, because I can't quite wrap my head around that (if I just read a fixed size of bytes, how can I be sure to get exactly one message ?).
So, I'd be grateful for every tip showing me in the right direction, like for example which of the many classes would be best to use for this (there seems to be an awful lot of them, without notion which is suited for what). I apologize if this question seems rather dumb, but I'm an absolute beginner in this. Thank you very much in advance !
Figured it out myself, after some more research. System.Net.Sockets.UdpClient is working like a charm, and, more importantly, available and working on both platforms I want to target, so I will just go with it.
I've worked on a program that uses databases to send small messages from one PC to another. What I've done is put the database in a shared folder, have the program on the other PC connect to it (via a Path, no less), and there it is, a simple and easy way to get messages to and fro PCs on a network. Not the best option, but it's just homework, and the quick and dirty approach got me a grade.
But now the homework is done, and I'd like to improve upon what I did. The problem with the program is in the deployment stage. There are too many folders / installation paths and administrative / sharing issues regarding pathing directly to a database on a shared folder.
So the good folks here in stackoverflow advised me to try Socket Programming, which I think is a bit out of my league. But you never know...
Also, I'm aware of the difference between Sync and Async socket programming. One blocks, the other doesn't. The program I'm working on is a simple turn-based game, so I thought Synchronous might be good enough, since if it's not your turn, you really can't do anything. The issue however is that the program is treated as "not responding". I tried asynchronous, but ran into problems with threading, something I consider WAY out of my league.
Logically, the program is simple. One host, one client. Upon client connection, host sends data. Then client receives, send out its own data. And so on, until one player loses.
I'm sorry to say only .NET 2.0 is installed in my school. No WCF or anything. Also, it must be done in C# Windows Forms, so XNA is out.
So, I'd like to ask... is there an easy way to get into Socket Programming? Any guides / sample projects that can help? Pre-made codes that can be studied, and adapted?
Majority of the samples I found and adapted are chat applications, which I thought good enough, but making it modular simply breaks it.
The chat application examples you encountered should be enough. It is not clear to me what you refer to as "making it modular".
What you need is to design a protocol to be sent over the connection, an agreement of rules so to say, so that one knows what the other is talking about. So instead of sending plain text (chat) you can send the following:
0x03 (length of the message)
0x0A (move command in this fictional protocol)
0x02 (parameter 1 of the command, X coordinate in this case, it's all defined in the protocol design)
0x05 (parameter 2 of the command, Y coordinate in this case, it's all defined in the protocol design)
Now it's entirely up to you what happens after you received and interpreted the data. Personally I would go for the Async solution, since it leaves your program to do other stuff (graphics?). And it's more easily adaptable in code, in my experience.
I've made some classes which can be used to transport objects over a socket using the BinaryFormatter.
Here are some tests for my BinaryTransport class:
http://fadd.codeplex.com/SourceControl/changeset/view/67972#1055425
The actual class:
http://fadd.codeplex.com/SourceControl/changeset/view/67972#1054822
Do note that it's a while ago that I wrote them. I just noticed some small bugs. But either use them or just study the classes to learn more.
I remember when I started with socket communication in C# I tried to implement a simple chat program between a client and a server and then between multiple clients. Here is the tutorial that I was reading then: http://www.codeproject.com/KB/IP/TCPIPChat.aspx
If you want the full code I can upload my final project and you can study the code. It also uses multithreading so you can see how to handle this situation in GUI applications.
Side note: Wow, that database idea is the craziest thing I've seen in terms of PC-to-PC communication. Well done!
One interesting, useful and easy exercise you can do to learn about sockets (which C# makes it easier even) was creating a TCP-based logger.
During development every programmer needs a way to know what's happening under the hood at certain points. Without a logger you would normally write something like:
Console.WriteLine( "blah" );
which results in a dull, unfiltered, unorganized string thrown to the output window.
I created a TCP-based logger very easily using sockets. In one hand you have a separate Winforms application (the server), which is in charge of listening to incoming messages and beautifully displaying them on a rich-content control. In the other hand, you write a very simple class (the client) with a single function like:
public static class MyConsole
{
public static void WriteLine( string message, string whatever )
{
// send to the net
if( mTcpSocket.Connected )
mTcpSocket.Send( message );
// in case the server is not there we still have regular output
Console.WriteLine( message );
}
}
I created this logger once and have been using it ever since. Furthermore, given its tcp nature, with minor changes on the server side I've been successfully using it from different languages, as C# and Java, and now using it from ActionScript.
I'm sure this has already been done, but Google isn't helping me - I'm getting swamped with answers for similar but different problems:
My boss has asked me to find or build a system that will log uses of our kiosk installations. We build kiosks using java, native c++, c#, python and using things like Unity. We saw another company we worked with using a simple system where a post call with data was logged on a remote site to be checked later. The system allowed the application programmer to decide the contents of the message, and was able to allocate it to either debug or release according to the programmer's wishes.
An example of the log output might be:
[Debug] 28-11-2011 10:10:20 Kiosk1: Pulse
[Debug] 28-11-2011 10:10:25 Kiosk1: Button pressed
[Debug] 28-11-2011 10:10:45 Kiosk1: Widget used
[Debug] 28-11-2011 10:11:20 Kiosk1: Pulse
I looked at log4net/log4j, but that doesn't seem to be compatible with native c++ or python. I'm probably mistaken there :).
Does anyone know of a system that works like this, or that will otherwise be suitable for logging from such diverse languages? If not, I can write my own easily enough. I just don't want to have to support it :)
Regards,
Steve
I'm not sure, but I think what you're looking for is SPLUNK. This can parse almost every log and display it in a unified manner. It can listen to ports, read log files via polling and parses and indexes anything you throw at any point of time.
You can use this to set up you're own multi-language logging server/system. We've been using this and it seamlessly works in our distributed environment.
While writing a specialized logging backend to handle logging both locally and to the network is quite possible, I would advise against it. The reason being that network latency can be to long so it either stops your application, or logging messages can be queued up if using another process/thread to do the actual network pushing.
A much simpler solution is to use little script that is scheduled to run once or a couple of times per day, and that copies the log file(s) to the remote location.
For C++ I highly recommend Poco logging. It allows you to specify the formatting and log level/output using e.g. a properties file.
the python logging library that is included with python is quite similar to log4net, so if you are used to those, the other will be quite easy to understand, but they do not share code (as far as I know)
Use log4j/log4net with a socket appender or log remotely via rsyslog.
You might be interested in something like web beacons. I know it's not exactly what you're asking for, but you ought to think about it for the same reason that web developers do: it's good to know what users are doing.
im working on a project where i should transfer data from a c# server to an Java client (running on android device).
i need to use UDP protocol for a real time data and to maintain performance.
searching the web. didnt find any similar example and i really dont know where to start.
can you please suggest if this can be done ?
Thanks in advance.
Yes, it can be done. That's one of the beautiful things about the Internet protocols: support for standard sockets is so widespread and common that disparate devices running vastly different CPU architectures and software environments can interoperate with nearly no trouble.
Please make sure that UDP is really the best tool for the job. Do you need reliable delivery? Do you need in-order delivery? How much packetloss can you tolerate? How much packet re-ordering can you tolerate? Will your application handle 540 byte packets as gracefully as it will handle 1500 byte packets? Does your application need to protect against man in the middle attacks? How?
TCP is an incredible protocol. Many attempts to use UDP "for speed" wind up re-implementing many of the things that TCP provides for you already -- but most re-implementations are not done nearly as well as the real thing. Please don't be so quick to dismiss TCP.
To get started, just about any network tutorial for Java and C# should include something like a chat or echo server, the network programming equivalent of "Hello World". And that'd be good enough for a simple environment. If you intend for your server to handle dozens of clients simultaneously, it'll be more work, and if you intend for your server to scale into the hundreds or thousands, it'll be a different style of programming altogether.
Have you tried reading this:
http://nickstips.wordpress.com/2010/09/03/c-creating-and-sending-udp-packets/
The client is irrelevant, it can be Java, C++, or any other language/platform. Doesn't matter.
The protocol is still the same.
Hope this helps.
Try the Oracle Documentation as a starting point with UDPs, there you can find an example which i in java but as mentioned the idea of the protocols is to support a language independent communication.