Ping a Specific Port

Question

Alex

Asked: 2009-12-07 12:02:58 +0800 CST2009-12-07 12:02:58 +0800 CST 2009-12-07 12:02:58 +0800 CST

Route local machine traffic to gateway

772

I have two applications a client and a server running on my local machine and want to monitor their network traffic through NetMon.

One solution is to route the local traffic through the default gateway. However, I never got this working. It should be as easy as adding the following route:

net add <localip> MASK <mask> <defaultgatway> METRIC 1 IF 1

Result:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
      87.198.54.0    255.255.255.0      87.198.54.9     87.198.54.9       25
--->  87.198.54.0    255.255.255.0      87.198.54.1     87.198.54.9       1
      87.198.54.9  255.255.255.255        127.0.0.1       127.0.0.1       25
   87.255.255.255  255.255.255.255      87.198.54.9     87.198.54.9       25
Default Gateway:       87.198.54.1
===========================================================================

--->  87.198.54.0    255.255.255.0      87.198.54.1     87.198.54.9       1

So I would expect that this route routes everything to 87.198.54.9 to the gateway. It doesn't.

The approach is described in the following Technet slides. So I am pretty sure there must be a way to make this work....

http://download.microsoft.com/download/2/F/3/2F3ABBCF-E3BD-4FC0-85CA-134763E7A129/2009-03-12_TechDays_TechNet_037.pptx

Any ideas why the route doesn't work?

QUESTION MADE MORE SPECIFIC:

I run a ping on local machine to my local machine.

How can I see the ICMP packets in MS NetMon?

Thanks, Alex

2 Answers

Voted

Evan Anderson · Answer 1 · 2009-12-07T15:41:32+08:00

Best Answer

Evan Anderson

2009-12-07T15:41:32+08:002009-12-07T15:41:32+08:00

Monitoring local traffic on Windows is dodgy, at best. The method you're describing won't work for traffic bound for 127.0.0.1. As far as I know, there's no simple way to get that traffic into any sniffer.

Assuming you're looking to capture a TCP-based protocol, I'd install a build of rinetd (Windows binary available at that link) on a remote computer with a configuration to listen on the appropriate port and send the traffic back to the listening program back on your machine. Then the traffic will be sent across the wire and you can catch it with NetMon.

I've used this "remote proxy back to the local machine" technique on many occasions to great success.

1

Alex · Answer 2 · 2009-12-07T16:47:20+08:00

Alex

2009-12-07T16:47:20+08:002009-12-07T16:47:20+08:00

The problem was in the route:

Instead of:

87.198.54.0 255.255.255.0 87.198.54.1 87.198.54.9 1

The route should have been:

87.198.54.9 255.255.255.255 87.198.54.1 87.198.54.9 1

I still wouldn't see a ping in the network monitor but a telnet connection does.

So this approach works e.g. for HTTP traffic when you're not using 127.0.0.1

0

Route local machine traffic to gateway

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?