Re: Network "sniffing"

To:	REALbasic NUG <realbasic-nug at lists dot realsoftware dot com>
Subject:	Re: Network "sniffing"
From:	Peter Truskier <peter at premediasystems dot com>
Date:	Sun, 30 Dec 2007 13:13:57 -0800
Delivered-to:	listarchive at realsoftware dot com
Delivered-to:	realbasic-nug at lists dot realsoftware dot com
References:	<D21F3866-9AEF-4B25-8711-5DC503E7FA4F at premediasystems dot com> <C935CFDF-4A75-466C-A24D-6504A9B3DC2C at oxalyn dot com>

Thanks, Eric. I haven't done exactly that (i.e., using two sockets -  
dont; think I can bind two sockets to the same port), but I have  
turned on the "SendToSelf" property of the UDP socket, and when the  
firewall blocks the UDP traffic, it does let through the loopback  
message, so I still can't tell it's been blocked.

--pt


On Dec 29, 2007, at 5:39 AM, Eric Williams wrote:

>
> On Dec 30, 2007, at 12:31 PM, Peter Truskier wrote:
>
>> I'd like to hear folks' thoughts about network "sniffing" strategies
>> for licensing/serial number enforcement. I will say that I'm not wild
>> about this approach in the first place, but a client has asked for  
>> it.
>>
>> I have code that uses UDP sockets to multicast queries at critical
>> points in execution to see if other copies of the application with
>> the same serial number are running on the LAN, and if so whether the
>> total number exceeds the license limitations.
>>
>> The problem with this strategy is that firewalls can easily be set up
>> to block UDP connections. It seems that if a UDP socket is blocked on
>> Windows, I get an error 107 when I try to multicast. On Mac OS X,
>> however, when the "Block UDP Traffic" option is selected in the
>> firewall's "Advanced" section, the socket gets no error, but just
>> acts as though the multicast went out, or perhaps it's the return
>> message that's blocked silently. In any case, I don't seem to be able
>> to detect the block on Mac OS X.
>
> I haven't tried this, so I don't know if it will work: set up a
> listening socket on your machine that listens on the same port you're
> using to transmit. Then send a test transmission. If you don't
> receive it on the listening port, you've got a problem.
>
> Would it be reasonable to then put up a dialog complaining that the
> firewall is enabled and your port must be open to run the
> application? Dunno. :)
>
> Eric Williams
> Oxalyn Software
> http://software.oxalyn.com/
>
> AE Monitor
> http://software.oxalyn.com/AEMonitor/
>
>
> _______________________________________________
> Unsubscribe or switch delivery mode:
> <http://www.realsoftware.com/support/listmanager/>
>
> Search the archives:
> <http://support.realsoftware.com/listarchives/lists.html>
>

_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives:
<http://support.realsoftware.com/listarchives/lists.html>

<Prev in Thread]	Current Thread	[Next in Thread>
Network "sniffing", Peter Truskier Re: Network "sniffing", Tom Benson Re: Network "sniffing", Peter Truskier Re: Network "sniffing", Eric Williams Re: Network "sniffing", Peter Truskier <= Re: Network "sniffing", Norman Palardy Re: Network "sniffing", Doug Neale Re: Network "sniffing", Peter Truskier

Previous by Date:	Mutex again ... Win32, Lennox Jacob
Next by Date:	Re: web application, James Sentman
Previous by Thread:	Re: Network "sniffing", Eric Williams
Next by Thread:	Re: Network "sniffing", Norman Palardy
Indexes:	[Date] [Thread] [Top] [All Lists]