Detect IIS tcp connection on Vista
Brought to you by:
apnadkarni
Menu
▾
▴
#62 Detect IIS tcp connection on Vista
Hi,
I am trying to use twapi to programmatically find out if port 80 is in use. I use twapi::get_tcp_connections -matchlocalport 80
This work when Apache is using that port. However, it fails (returns nothing) when running IIS on Vista. My take is that it seems http.sys is interfering.
If I do netstat -a with IIS I get
TCP [::]:80 laptop:0 LISTENING
With Apache:
TCP 0.0.0.0:80 laptop:0 LISTENING
In both cases, if I point my browser to localhost:80, I get the expected web page.
Any idea how I could use twapi to find out if the port is taken? I could use socket -server but that triggers the firewall check in the end-user computer
Thanks!
Discussion
Anonymous
Logged In: NO
I don't have Vista to test with (which is why Vista support for TWAPI is still pending but that's another matter)
To try and narrow down whether there might be a bug in the Tcl code, could you try running the following command and go through the returned list to see if port 80 is listed anywhere?
::twapi::AllocateAndGetTcpExTableFromStack 0 0
Also, once you connect to IIS, does the active/open Tcp connection show up if you use get_tcp_connections?
Meanwhile, I'll poke around a bit
/Ashok
Logged In: NO
Actually, better still, could you post back the output of the command
::twapi::AllocateAndGetTcpExTableFromStack 0 0
Thanks
/Ashok
Logged In: NO
And also post output of
netstat -b -n
please.
Thanks
/Ashok
Logged In: NO
Hi
Sorry it took me a bit to get back to you. Here is the requested information. Thanks a lot for your help. Please let me know anything else I can do to try to track this issue down.
% twapi::AllocateAndGetTcpExTableFromStack 0 0
{2 0.0.0.0 135 0.0.0.0 0} {2 192.168.1.147 139 0.0.0.0 0} {2 0.0.0.0 49152 0.0.0
.0 0} {2 0.0.0.0 49153 0.0.0.0 0} {2 0.0.0.0 49154 0.0.0.0 0} {2 0.0.0.0 49155 0
.0.0.0 0} {2 0.0.0.0 49156 0.0.0.0 0} {2 0.0.0.0 49157 0.0.0.0 0}
Connected to localhost
% twapi::AllocateAndGetTcpExTableFromStack 0 0
{2 0.0.0.0 135 0.0.0.0 0} {2 192.168.1.147 139 0.0.0.0 0} {2 0.0.0.0 49152 0.0.0
.0 0} {2 0.0.0.0 49153 0.0.0.0 0} {2 0.0.0.0 49154 0.0.0.0 0} {2 0.0.0.0 49155 0
.0.0.0 0} {2 0.0.0.0 49156 0.0.0.0 0} {2 0.0.0.0 49157 0.0.0.0 0} {11 192.168.1.
147 49604 74.125.19.103 443} {11 192.168.1.147 49605 209.85.199.18 443} {5 192.1
68.1.147 49619 207.68.183.32 80} {5 192.168.1.147 49621 128.241.21.14 80} {5 192
.168.1.147 49622 207.68.178.134 80} {5 192.168.1.147 49623 207.68.178.56 80} {5
192.168.1.147 49624 207.68.178.61 80} {5 192.168.1.147 49625 207.68.178.134 80}
{5 192.168.1.147 49626 207.68.178.56 80} {5 192.168.1.147 49627 207.68.179.219 8
0}
%
No.
connected to http://localhost is shows:
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.147:49524 207.68.173.76:80 ESTABLISHED
[iexplore.exe ]
TCP 192.168.1.147:49527 207.68.178.239:80 ESTABLISHED
[iexplore.exe]
TCP 192.168.1.147:49528 207.68.178.239:80 ESTABLISHED
[iexplore.exe]
TCP 192.168.1.147:49529 207.68.178.153:80 ESTABLISHED
[iexplore.exe]
TCP 192.168.1.147:49530 207.68.178.153:80 ESTABLISHED
[iexplore.exe]
TCP 192.168.1.147:49531 207.68.178.56:80 ESTABLISHED
[iexplore.exe]
TCP 192.168.1.147:49533 207.68.179.219:80 ESTABLISHED
[iexplore.exe]
TCP [::1]:80 [::1]:49536 ESTABLISHED
Can not obtain ownership information
x: Windows Sockets initialization failed:5
TCP [::1]:49536 [::1]:80 ESTABLISHED
[iexplore.exe]
Logged In: NO
Hi Ashok,
Are there any updates on this? Is there any other information I can gather that would be useful?
Thanks!!
Logged In: NO
I have found that the allocateandgettcpextablefromstack function is not supported on Vista. That could be the problem. There is another API I could use but I don't have a Vista system for testing. Would you be able to test it if I send you a new twapi distribution in a couple of days?
/Ashok
Logged In: NO
Sorry for the delay. Yes, of course, I will be more than happy to test
Logged In: NO
I'll be putting out an alpha release in a couple of days which will include the (attempted) fix.
/Ashok
Logged In: NO
I'll be putting out an alpha release in a couple of days which will include the (attempted) fix.
/Ashok
Logged In: YES
user_id=295103
Originator: NO
Mr. Nobody :-)
Could you please try the 2.0.6alpha release and report back the results?
Thanks
/Ashok
Logged In: NO
Hi Ashok,
Unfortunately, the results are the same as with previous versions of twapi
I have checked the code and this part is correctly executed (meaning that GetExtendedTcpTable is correctly called and there is no exception raised, so the 'if' body is not called)
if {[catch {twapi::GetExtendedTcpTable NULL 0 $sort 2 $level} bufsz]}
No workee, try AllocateAndGetTcpExTableFromStack
return [AllocateAndGetTcpExTableFromStack $sort 0]
}
Logged In: YES
user_id=295103
Originator: NO
Sigh, too bad. It will be hard for me to proceed without a vista system to test on. I was poking around if there was some other way using WMI but it does not have any classes to return network connection info (the Win32_NetworkConnection class returns lanman connections).
As a workaround, since there's no telling how long this might take to figure out, could you exec netstat and grep the output ?
Also, is it possible that your PC firewall is somehow interfering if the port is allocated in the kernel (yes, a complete shot in the dark, just looking for something to blame!)
/Ashok