Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Finding ports/IP's accessed by a device
New Posts  All Forums:Forum Nav:

Finding ports/IP's accessed by a device

post #1 of 12
Thread Starter 
Hai...

We're having some weird problems with some clients network where the device we sell can not download some of the data it needs from an external location.
The problem is that the device we sell have no documentation on what ports/IP's its trying to access, and their tech support says its not a problem for any network.
So if there is somehow i can snap up what a specific port on my router and/or IP is trying to access via PC based software, or maybe a 3rd party router software(tomato/dd-wrt etc) that could save our asses here at work tongue.gif

Right now we are bringing 3g routers to the client and hooking that up to the directly to it, and this works every time.
The device do not use the network for anything else than uploading/downloading some data once or twice every month, depending on configuration.

So if anyone has any tips, this would be great.
post #2 of 12
Wireshark, or tcpview from Sysinternals if you need something more basic.
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #3 of 12
Thread Starter 
Awesome fast reply thumb.gif

Will try tcpview first, hopefully that'll help me out

EDIT:
Well I have now tried TCPView, but the problem, atleast for me, is that I can only see my own connections, not another computer/IP's connections. I have no ability to install any software on the device itself as its a closed off, in house made software from the device manufacturer.
Edited by MiiX - 5/18/15 at 11:54pm
post #4 of 12
Clearly this is a firewall issue. Your clients firewall is blocking the outgoing/incoming connections to whatever IP/host name the device needs to access and/or whichever ports it's using. Do they not have any live logs that can view these connections?
post #5 of 12
Here's what you do - get a network hub (hub!! not a switch - or you can use a switch that supports port mirroring). Plug the device into the hub and then plug a PC into the hub. Because hubs are primitive, they basically broadcast all frames across all ports that wasn't the originating port. Then you can use Wireshark on the PC to see the traffic biggrin.gif
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #6 of 12
What device is it anyway? I don't think I would deploy something so limited in a professional environment..
Quote:
Originally Posted by tompsonn View Post

Here's what you do - get a network hub (hub!! not a switch - or you can use a switch that supports port mirroring). Plug the device into the hub and then plug a PC into the hub. Because hubs are primitive, they basically broadcast all frames across all ports that wasn't the originating port. Then you can use Wireshark on the PC to see the traffic biggrin.gif

I was just about to suggest this too biggrin.gif
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #7 of 12
Thread Starter 
Quote:
Originally Posted by PuffinMyLye View Post

Clearly this is a firewall issue. Your clients firewall is blocking the outgoing/incoming connections to whatever IP/host name the device needs to access and/or whichever ports it's using. Do they not have any live logs that can view these connections?
Where we have tried to get the IT to work with us, the answer has _allways_ been "Its all open, there is nothing blocking anything". We know there's something, but its a problem finding out what. We also linked them to this which is all the network specefic information we have: http://www.pitneybowes.com/content/dam/pitneybowes/canada/en/doc/equipment/digital-meter-pcmc-and-lan-connectivity.pdf

Quote:
Originally Posted by tompsonn View Post

Here's what you do - get a network hub (hub!! not a switch - or you can use a switch that supports port mirroring). Plug the device into the hub and then plug a PC into the hub. Because hubs are primitive, they basically broadcast all frames across all ports that wasn't the originating port. Then you can use Wireshark on the PC to see the traffic biggrin.gif
I might have to try this, i got a old hub somewhere....

Quote:
Originally Posted by beers View Post

What device is it anyway? I don't think I would deploy something so limited in a professional environment..
I was just about to suggest this too biggrin.gif
Its a digital postage meter from Pitney Bowes, its not supposed to have any problems communicating with anything unless the network security is higher than normal, usually this only happens with "medium to large" business, because the large ones just set it up on a guest network that has no access restriction to the internets wink.gif
The "medium to large" ones usually have some kind of IT personnel, but usually outsourced techs or the janitor taking care of things...
post #8 of 12
Quote:
Originally Posted by MiiX View Post

Its a digital postage meter from Pitney Bowes, its not supposed to have any problems communicating with anything unless the network security is higher than normal, usually this only happens with "medium to large" business, because the large ones just set it up on a guest network that has no access restriction to the internets wink.gif
The "medium to large" ones usually have some kind of IT personnel, but usually outsourced techs or the janitor taking care of things...

Ah, I was under the assumption it was a router or something.

The client should easily be able to see this traffic within their environment..

Should be able to verify the source/destination at each routed hop.
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #9 of 12
Thread Starter 
And normally that would be 100% right, but the clients having problems with this have little/no knowlegde of how to do this with their equipment. What most of them do, or atleast try to do is to open all in and outgoing ports for this device, but still no go.

Il make a try at Wireshark later this week if I have time.
post #10 of 12
Does the firewall have some sort of realtime TCP/UDP traffic monitor?

If I was in your shoes and back at my old company, I'd fire up this monitor and filter for logs that contained the correct host IP. The logs where the host was either the source or destination would show up, and ultimately any packets that were blocked by a rule would show up as red. That is probably just specific to my exact brand - Watchguard Firewall - but surely there's something similar on your end.

This method was helpful MANY times. MANY MANY MANY MANY times
Main Rig
(13 items)
 
Secondary Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Gigabyte 780 OC 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsGraphics
i7 3770k ASRock Z77 Pro4-M 290 XFX DD R9 280X Gigabyte 
GraphicsGraphicsRAMHard Drive
R9 280X MSI Gaming R9 280X Power Cooler Crucial Ballistix  Samsung 830 series 
Hard DriveOptical DriveOSMonitor
WD Black Asus 24x Windows 7 Asus 24in  
MonitorPowerCase
27in 1440p Auria CM 750 600T 
  hide details  
Reply
Main Rig
(13 items)
 
Secondary Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Gigabyte 780 OC 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsGraphics
i7 3770k ASRock Z77 Pro4-M 290 XFX DD R9 280X Gigabyte 
GraphicsGraphicsRAMHard Drive
R9 280X MSI Gaming R9 280X Power Cooler Crucial Ballistix  Samsung 830 series 
Hard DriveOptical DriveOSMonitor
WD Black Asus 24x Windows 7 Asus 24in  
MonitorPowerCase
27in 1440p Auria CM 750 600T 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Finding ports/IP's accessed by a device