![]() Do a reverse name lookup on the IP addresses if you are unsure what they are about. That should point you toward what ports WeChat uses to communicate with its central servers. WinMerge is fairly competent, free, and open source, although there certainly are others out there, both gratis and paid.) (You'll likely need to grab a diff tool from somewhere else, however. Again, note that Windows' implementation of netstat may be somewhat different in details, but it allows you to do essentially the same thing. The output will tell you the source and destination IP address and port number for anything where the status has changed during the sleep period. You'd adjust the delay time so that you have time to tell WeChat to connect note that a longer delay will give more false positives in the diff output. In our case, the commands are identical except the second one first calls sleep 10 to give a ten-second delay. What this does is execute the two commands given, and show the difference between their outputs (the outputs are taken as the respective inputs to the diff tool the -u0 basically says do not print any context, because the context provides no useful information in our case). On Linux, you can do that in a single command with a little bit of shell magic: $ diff -u0 <(netstat -an -A inet) <(sleep 10 netstat -an -A inet) The exact syntax varies, but on Linux (Windows is similar but probably not identical), you'd start with something like netstat -an -A inet which gives you a list of basically everything related to IPv4 without doing host name lookups. ![]() Such a connections list can be obtained through the netstat utility. By comparing them, we should be able to identify which ports are used by the application we are interested in. The first step would be to take two dumps of the set of open connections: once without WeChat connected, and once with. This works best for TCP, but certainly shouldn't be impossible to generalize to UDP. Other types of applications that communicate over the Internet has the same need, but if it's only a very brief burst-type connection or even datagram transmission it can be difficult to catch, necessiting other techniques to identify the details (for example, network monitoring or firewall logging). If you are able to block that, the application should be unable to connect, and you have achieved your objective. Most applications that have some form of persistent monitoring (as instant messaging applications tend to) will need to connect to some sort of central server or messaging hub initially. We can likely find that out for ourselves, and in the process, have a way to solve the problem generally. If the scan finds open ports, make sure you know what services are listening to them.It is usually possible to, in a general manner, find out what ports (relatively "well-behaved") applications use to communicate, so we don't necessarily need to know ahead of time what ports WeChat specifically uses. You can also specify the protocol(s) to scan, for example: ?tcp=1&udp=1&port=12345 ![]() You can scan any one single port by adding "?port=xxxxx" to the above URL, for example: ?port=12345. List of all currently scanned ports and corresponding descriptions can be found - here -, as a part of our full known ports database. We have send a few requests without response, and it is reasonable to believe the ports Therefore, the lack of response does not guarantee that a port is being filtered. Note that the UDP protocol is not lossless, and does not respond to all requests by definition. black hole).įiltered UDP ports that do not respond to the scan. This is the best security level for your ports, as it provides no information about your system or its existence (a.k.a. It still reveals that your system is up, and might provide some additional fingerprinting information to potential intruders.įiltered ports do not respond to a portscan at all, they don't appear to exist. Ports in this category respond to our scan, however appear to be closed. Open ports offer services that are potentialy vulnerable to attacks! All ports should be closed or filtered, unless you specifically require some open (and know exactly what they are).
0 Comments
Leave a Reply. |