Recently I've been trying to figure out how to keep track of computers for inventory and then manage them remotely. I've stumbled upon WMI and Psexec. Psexec seems to be using port 135 to talk to RPC to execute remote PC services. (If I'm understanding correctly) However, I can't say that I understand exactly how WMI works, and I can't find any resources to help me with that. As far as I know, it uses ports 135, 445, and a group of IPs that are defined in registry. Port 135 doesn't surprise me because I know that WMI can do a lot of the things that Psexec can do, but what does is port 445. Normally that port is for TCP/IP SMB if I recall correctly. Why does WMI need access to that, what are the range of IPs for, and generally - how does WMI inner-workings work?
I'm going down the same path you are: using WMI to inventory or manage devices. It has been working well for the last year, but there is always more to add or do (like inventorying monitors).
So, port 445 does SMB, but it also does AD authentication.
Related
I have a problem understanding remote WMI traffic.
Let's say I have 2 PC's in a LAN (PC-A and PC-B).
From PC-A i type in CMD:
wmic /node:"PC-B" /user:"B" /password:"whatever" computersystem get "name"
There now should be traffic inside the LAN between the two PCs, and the answer to that query should be sent back to PC-A, from PC-B.
I tried using Wireshark, but the traffic is too overwhelming for me.
As of right now, what I understand going on goes like this (I barely understand it):
llmnr/mdns trying to resolve the node parameter (the PC domain inside the LAN)
TCP 3-way-handshake over port 135 (of PC-B)
What happens next is completely out of my understanding, i think it should go like:
dcom (establishing something) over port 135
dcom, session moved to a different port
I'm completely clueless... I am having trouble finding useful information.
I'm thankful for any of you who can share knowledge with me.
Edit:
This is the PCAP file:
https://drive.google.com/file/d/1FpvNujHlAIsY2aXxZdB0uGZd6RC4islm/view?usp=sharing
I need to get all PCs IP-adresses in my local network. How should I properly do that if I can using QtNetwork?
I tired use
QNetworkInterface::allAddresses();
QNetworkInterface::allInterfaces();
but it's definently not what I need.
P.S.
I need get IP's to able connect to some Postgresql servers, is there some Postgresql driver features maybe to make things easier?
What you need is called "Network discovery". There's a lot of different approaches each dedicated to a specific subdomain. The approach of the lower level is called ARP, Address Resolution Protocol see a nice tutorial e.g. here http://tournasdimitrios1.wordpress.com/2011/01/26/discover-your-local-network-with-arp-scan-on-linux/ . If you need a service discovery then you probably should go with ZeroConf & friends http://doc.qt.digia.com/qq/qq23-bonjour.html
I'm building an app which upon login will connect you to certain ip addresses of which will also be running the same app.
The method of which i believe i should be using is direct tunnelling but as i say im a little new to c++, i have general coding skills, and i have sifted through a lot of forums and sites yet im still very unclear on what the best way forward is to achieve the requirement.
The reason for the connection will be to enable a secure chat, file transfer, and update software auto when connected to the program admin.
All those that have the app installed will once authorised, will be connected to admin client, then from that client all available ip's to connect to will become available to slave clients, this will increase the network size avilable to all users.
so the app needs to be able to handle ports but not via a server, instead it would be direct.
The connections also must ideally be encrypted.
Im kind of looking for what the application RetroShare does, but in text app.
(This is using C++ within Dev C++)
so just to recap, What method should i use to achieve the above?
I would take a look at SDL net to start with, its really simple to learn if you have never done any socket programming before.
for a secure connection you will probably want to start with TCP and then once you get the hang of network programming, start looking at other protocols.
Hope this helped! and good luck.
I have an application which communicates over the local area network. However, I want to instead make it communicate over the internet. To do this I propose making an intermediate program which will read the network traffic generated from the application on one computer and send it to the application on another computer.
This involves:
Reading the outgoing network traffic of the application
Sending a copy of this traffic over the internet to another computer
Giving this copy to the application on the other computer
Instead of this:
Application on computer A <-LAN-> Application on computer B
I want to achieve this:
Application on A <--> My Program on A <-INTERNET-> My program on B <--> Application on B
I can accomplish (2), but with (1) and (3) my problem is that I have very little experience with networking and I do not know where to start. I can program in python but would be willing to use c++ to accomplish this.
(Hamachi does not work for this application, I do not know why.)
In response to comments
I do not intend to manipulate any data unless it is necessary to make the connection work. I have no control over the application itself and it does not provide me with any methods to configure the connection with the exception of a port number.
TCP and UDP are both used on the port 6112. The IP addresses used are first 255.255.255.255 for a generic broadcast used to discover other applications on the LAN (with UDP), then a TCP connection is established.
The term you are missing in your original question is proxy. You specifically need a transparent forwarding proxy.
Here is a link to some source code in Python that will get you started with writing a proxy.
That said, if you search around you should be able to find a transparent forwarding proxy that you don't have to write yourself.
If you want to do this the most robust way, you can do it in hardware and setup a managed router/switch/firewall to route things to where ever you need without having to write anything.
Why re-engineer the wheel? Why not just use OpenVPN, n2n or vtun etc etc.
I need to write a win32 c/c++ application which will be able to determine whether the PC it's running on is connected to one of 2 networks. The first network is the company LAN (which has no internet connection) and the second network is a standalone switch with a single PC connected to it (the PC that the program is running on).
I'm pretty new to network programming but so far I have tried testing to see if a network drive which is held on our LAN can be mapped. This works fine if the PC is connected to the LAN, the drive mapping succeeds so so LAN detection is successful. However, if the PC is connected to the switch, this results in a VERY long timeout which is not a suitable as it will delay the program so much as to make it unusable.
Does anyone have any alternative suggestions?
I'm using c/c++ in VS 6.0
[Update]
Whilst trying a few different ideas and looking at some of the suggestions below I thought I should update with some additional information as many (if not all) of the suggestions I don't think will work.
(1) The aforementioned LAN has no external connections at all, it is completely isolated so no resolving of external DNS or pinging websites is possible.
(2) Hostname, MAC address, IP, Default Gateway, Subnet etc etc (basically everything you see in ipconfig -all) are all manually configured (not dynamic from the router) so checking any of these settings will return the same whether connected to the LAN or the switch.
(3) Due to point (2), any attempts to communicate with the switch seem to be unsuccessful, in fact almost all networking commands (ping, arp etc) seem to fail - I think due to the machine trying to connect to the LAN when it isn't there :-(
One thing I have found which works is pinging the default gateway IP which times out when connected to the switch. This is sort of ok as I can reduce the timeout of ping so it doesn't just hang for ages but it feels like a bit of a hack and I would certainly appreciate any better solutions.
Thanks
As far as TCP/IP is concerned there is no such thing as a LAN on WAN. There are a set of non-internet routable addresses like 192.168.x.x and 10.x.x.x but these are sometimes used by ISP short of IP addresses.
You best bet is to use Asynchronous APIs when making TCP/IP connections. WIN32 defines a whole buch of OVERLAPPED APIs for this purpose. This will prevent your application from grinding to a halt while waiting for a remote connection.
Alternatively put the socket stuff into another thread and then only notify the UI when the operation is done.
I would first try to differentiate between the two using information available locally--that is, from your computer. Does the output of ipconfig /all differ depending on which network you're connected to? If so, exploit that difference if you can.
Is it possible to get the MAC address of the standalone switch? Of the switch that controls the company LAN? That would be a sure way to tell. Unless somebody cloned the MAC address.
If you try using the existence or non-existence of some network service to determine which network you're connected to, you can never be sure. For example, if you failed to map that network drive, all you know is that the network drive isn't available. You can't say for certain that you're not connected to the company LAN. Same is true if you use ping. Lack of response from a particular machine means only that the machine didn't respond.
Various things you can look at for differentiation:
DNS domain name (GetComputerNameEx)
MAC address of gateway (ping it, then GetIpNetTable)
Routing table(do you have a gateway and default route on the company LAN)
WNet discovered network resources (WNetOpenEnum, WNetEnumResource)
Ability to resolve external hostnames (try a 5-10 names like www.google.com, www.microsoft.com and so on, if one resolves you should have internet)
You'll have to decide how many indicators are "enough" to decide you're on one or the other LAN though if tests fail. Then keep retrying until you have a definite result.
http://msdn.microsoft.com/en-us/library/aa366071%28v=VS.85%29.aspx has a lot of network related functions that you can experiment with to create further indicators.