How do I change a process's socket connection - reverse-engineering

A process is connecting to a certain ip or domain, but I do not know what it is. The process can't connect to the server. How do I find and change it?

TCPView and netstat work best for connections already established, which isn't the original poster's position.
A better tool for this task is a packet sniffer, which can observe the connection attempt. I recommend Wireshark, which is available for all major platforms.
Details:
Install, then start Wireshark
Press Ctrl-K to start capturing
Select the network interface that you expect the program to use
Type "tcp[tcpflags] & (tcp-syn|tcp-ack) == tcp-syn" in the Capture Filter box (no quotes)
Start the capture, go make your program try to connect, and then stop the capture.
If you do the last step fast enough on a machine without a lot of other network activity, you will have only one captured packet. Otherwise, you'll have to dig through a list to find the one you want. This packet will show the TCP port the program is trying to use.

Type netstat at the cmd prompt to see what ports are being used by active processes. Aside from that, you can't change the port being used by the proc to connect (unless you built the app obviously)

TCPView is a nice little utility that will show you all the open connections and endpoints on the local machine.
If the program is connecting using a DNS name (e.g., example.com), you can use the hosts file (c:\windows\system32\drivers\etc\hosts) to make that name map to a different IP address.
If you mean redirect the connection programmatically, that is a lot more complicated. You're not writing malware, are you?

Related

How do I ensure my JDBC source is possible to connect to from Foundry?

I want to ensure I can connect to my JDBC-capable source, but I want to ensure my firewall rules are correctly set up to allow this. How can I ensure my network infrastructure is correctly set up to connect?
One way to validate this is to use an SSH session to the Agent VM and using the ping command (or similar netstat / traceroute) to ensure a simple route to your host is available.
This would look like:
ssh onto the Agent VM
Run ping my.hostname.com:PORT
If no route to host comes back, this means your firewall rules aren't correctly set up, so the Agent VM owner will need to change configuration to allow the traffic.
If a notice indicating X bytes received from my.hostname.com comes back, this means you can hit the host and your firewall rules are correctly set up.

How can I connect a local MySQL database to the IBM Node-Red platform

I am using MySQL workbench on windows, which I want to connect to a Node-Red running on the IBM cloud. Since I don't run them on the same server the host 127.0.0.1 and port 3306 does not seem to work. What permissions should I give?
I'm going to make a LOT of assumptions here, because there really isn't enough information in your question.
First assumption, by "running on IBM" you mean that Node-RED is running on the IBM Cloud hosting service.
The short answer is you can not do what you want.
The longer version is that you probably could actually make this work but doing it is a REALLY bad idea.
Second assumption, you are doing this from home (even if you are doing it from a office location the same problems are likely to apply). This means you are connected to a local LAN using RFC 1918 address range (e.g. 192.168.0.x), this means you are behind a router that is performing NAT (Network Address Translation). This means you are going to need to set up portforwarding on the router so that when traffic arrives at the router it will send it on to your Windows machine. How you do this will depend on your router.
Next problem, your broadband probably doesn't have a static IP address which means it will change every time your connection drops. There are work arounds for this using things like Dynamic DNS. But that's too complicated to get into here.
Assuming you get all of that sorted out you still have the problem that you have now exposed your mysql database to the internet, so you need to make sure you have enabled all the right security measures to prevent people logging in and at best seeing all your data.
There are 2 much better solutions to this
Run Node-RED on the same machine or at least on the same local network as the database.
Use one of IBM Clouds hosted database solutions, these are a lot easier to connect to a IBM Cloud instance of Node-RED.
If you do not want to open ports to your network I recommend using a free MYSQL remote server
A simple website is https://remotemysql.com
Just take the screenshot of the credentials of your database after registration.
Keep in mind if your database is empty it will get deleted after some time.

How to run a QEMU monitor command from inside the guest?

For example, I'm running a Linux guest, and I want to do something like this in my init script just after boot:
savevm-somehow
run-lengthy-benchmark
I know how to use the monitor from the host, but it is hard to stop at the correct point to do the savevm: I could GDB step debug until there and then connect to the monitor, but that would be annoying.
In theory you could tell QEMU to put its monitor on a TCP port, and then also tell QEMU's networking to forward that port to the guest, and then from the guest connect to the forwarded port. I would worry about the possibility of deadlocks in this setup, though...
An approach I've used in the past is to script the QEMU monitor prompt using expect. There's an example here:
https://translatedcode.wordpress.com/2015/07/06/tricks-for-debugging-qemu-savevm-snapshots/
which uses a hardcoded delay time, but you ought to also be able to get expect to look at the serial port output to decide when to send the commands.

Can you run a true ping in Java?

I have done a fair amount of research these last few weeks trying to create a connection diagnostic tool, I don't so much want to just check to see if the connection is available but to diagnose if there is jitter, packet loss, etc..
So far it seems that Java doesn't support a true ICMP request and that there are a few workarounds out there but none of which achieve what I'm trying to do.
Does anyone know if this sort of tool can be built or should I start looking into other options?
It seems that InetAdress is using ICMP when its possible:
https://docs.oracle.com/javase/7/docs/api/java/net/InetAddress.html
take a look at public boolean isReachable(int timeout)
Test whether that address is reachable. Best effort is made by the
implementation to try to reach the host, but firewalls and server
configuration may block requests resulting in a unreachable status
while some specific ports may be accessible. A typical implementation
will use ICMP ECHO REQUESTs if the privilege can be obtained,
otherwise it will try to establish a TCP connection on port 7 (Echo)
of the destination host.
You can find a simple use example here:
How to test if a remote system is reachable
or here How to ping an IP address
I believe ICMP4J does exactly what you need: Internet Control Message Protocol for Java
You can use 'Exec' to run ping at the command line (assuming your OS supports this), or JNI to interface to a native application to do the pinging.
Creating your own implementation of the ICMP protocol would not be trivial.
If you do use Exec be aware of it's limitations which are not always obvious in initial testing:
http://www.javaworld.com/article/2071275/core-java/when-runtime-exec---won-t.html

TUN/TAP write back to tunnel

My app is using a TUN say tun0. In the design, my app will receive an UDP which includes an full IP layer, then I will take the IP layer out and then use 'file write' to put them into my own tun0 device, supposedly in design, I should can read the packet out again from tun0.
Now the situation is I can see through tcpdump the package is wrote into the tunnel, but I couldn't read them back.
Something wrong with tunnel setting or route setting?
Thanks in advance
Yang
Your second tun0 is not a FIFO queue. You may have a problem in your design of how and why your are using the second tun0 device. Clarify why you are using it and which process should be reading. The proper approach should flow from that clarification.
If you want to read the data you send into you have some options.
Connect tun0 to an TCP or UDP echo service when you open it. This will then send you back the packets you stuff into it.
Open a listener for the second tun0 to connect to. Then connect to it and send the packets out that connection. Read your data from the listener side.
Open a pipe with two file descriptors. Write to one descriptor and read from the other. Pipes are often used for IPC (Inter-Process Communication) when forking children.
Create a socket and read data from it. Open the other end of the socket for writing. Sockets are often used to allow other processes to communicate with a process. This works well when the calling processes may have a different lifetime than the listening process.
Create a buffer or queue in memory to store the data.