"tracer" type program?

  • Thread starter Thread starter Robert Baer
  • Start date Start date
R

Robert Baer

Is there a program i can get that will "capture" out-going messages
by Netscape as it is trying to contact the email server?
This way, i could see exactly why the contact is not being completed.
 
Is there a program i can get that will "capture" out-going messages
by Netscape as it is trying to contact the email server?
This way, i could see exactly why the contact is not being completed.
Click to expand...

That program is called a "sniffer". There are several available - use
Google to find them.


--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

"Whatever crushes individuality is despotism."
--John Stuart Mill, "On Liberty"
 
Robert Baer said:
Is there a program i can get that will "capture" out-going messages
by Netscape as it is trying to contact the email server?
This way, i could see exactly why the contact is not being
completed.
Click to expand...


Once the recipients have been specified in the RCPT-TO command sent from
the e-mail client to the mail server, and once the data has been passed
for the body of the message in the DATA command sent from the e-mail
client to the mail server, and once the mail server responds with a
status of OK, you have no further way to trace the routing or delivery
of that message beyond why the targeted or receiving mail server might
send back (for a non-deliverable report). Look at the logfile for your
e-mail client if you want to see the commands being sent during a mail
session between your e-mail client and the mail server.

If the problem is that your e-mail client is not establishing a
connection to the mail server (so there is no mail session to view in
the e-mail client's logfile) then use your firewall's logfile. It will
show if your e-mail application ever actually attempted to send a
request (for a connection) to the mail server. You could use a packet
sniffer, like Ethereal (which is free), but the firewall should be
sufficient to see if a request ever got sent from your e-mail client.
 
Robert said:
Is there a program i can get that will "capture" out-going messages
by Netscape as it is trying to contact the email server?
This way, i could see exactly why the contact is not being completed.
Click to expand...

The only thing you can do is use a packet sniffer like Ethereal and a ports
program like Active Ports that will give port status as packets leave and
are returned from/to the machine.

And both tools are free.

Duane :)
 
The only thing you can do is use a packet sniffer like Ethereal and a ports
program like Active Ports that will give port status as packets leave and
are returned from/to the machine.

And both tools are free.
Click to expand...

You can use Port Detective and the logger for the router, such as Wall
Watcher for the Linksys BEFSR41.

PD has an agent in your computer send a packet to a server which then
responds. If a port is blocked by your ISP you will not see the return
packet.

--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

"Whatever crushes individuality is despotism."
--John Stuart Mill, "On Liberty"
 
Bob said:
You can use Port Detective and the logger for the router, such as Wall
Watcher for the Linksys BEFSR41.
Click to expand...

I use Wallwatcher for my WatchGuard Firebox 3 SOHO 6 FW appliance. However,
the OP made no mention of a router in play or that the router or FW
appliance if there is one was one that would work with Wallwatcher.

So based on that the OP didn't mention an appliance, WW is kind of a moot
point here.
PD has an agent in your computer send a packet to a server which then
responds. If a port is blocked by your ISP you will not see the return
packet.
Click to expand...

Some ISP's do block ports like known gaming ports but in general ISP's don't
block ports. What they will do like my ISP does is if they see services
running like Web services which they do look for, they will send an email
saying close the ports or your service will be terminated.

Duane :)
 
Vanguard said:
Once the recipients have been specified in the RCPT-TO command sent from
the e-mail client to the mail server, and once the data has been passed
for the body of the message in the DATA command sent from the e-mail
client to the mail server, and once the mail server responds with a
status of OK, you have no further way to trace the routing or delivery
of that message beyond why the targeted or receiving mail server might
send back (for a non-deliverable report). Look at the logfile for your
e-mail client if you want to see the commands being sent during a mail
session between your e-mail client and the mail server.

If the problem is that your e-mail client is not establishing a
connection to the mail server (so there is no mail session to view in
the e-mail client's logfile) then use your firewall's logfile. It will
show if your e-mail application ever actually attempted to send a
request (for a connection) to the mail server. You could use a packet
sniffer, like Ethereal (which is free), but the firewall should be
sufficient to see if a request ever got sent from your e-mail client.
Click to expand...
*What* e-mail clients logfile?
Does NS7.2 have one, and where can i find it?

I do not think any e-mail info is being passed; something must go out
in an attempt to contact the external email server, and i think that
something is botched.
 
Duane said:
Robert Baer wrote:




The only thing you can do is use a packet sniffer like Ethereal and a ports
program like Active Ports that will give port status as packets leave and
are returned from/to the machine.

And both tools are free.

Duane :)
Click to expand...
Thanks. Will try the TCPView first.
 
Robert said:
Thanks. Will try the TCPView first.
Click to expand...
**
Ethereal was not useful; all it indicated was that i had a problem;
and i *knew* that.
I was unable to save the screen info in text format.
The basic info was: <various stuff not related to problem>, ARP -
broadcast, ICMP - destination unrechable, SSLv3 - encripted alert, <more
stuff unrelated to problem>.
Saving as a text file gave me binary with embedded text messages
saying i had a corrupted registry, and to go to a certain URL. That URL
had a program that supposedly would analyze and fix the registry.
Well, maybe - BUT it indicated that all was not fixed and wanted
money to do the rest.
BUT the worst part was that it left GTEK behind!
And that is why i am *not* saying where that damn website is, so
nobody else will be caught!
**
TCPView was a *LOT* more informative, but did not give enough info
for me to fix the original problem.
I am trying to patch NetScape's PREFS.JS so that Norton AntiVirus
2001 will work.
Online info for that is wrong (written for old versions) and unuseable.
I was hoping that i could "see" messages passed around - maybe see
what NAV was getting and what NAV was sending.
Looking at what TCPView logged, i am guessing that NAV may have
received a message of some sort - and that is all.
This is what TCPView captured in 2 cases:

** No patches, default PREFS.JS meaning NAV 2001 cannot work.
TCP mine:1039 localhost:1040 ESTABLISHED
TCP mine:1040 localhost:1039 ESTABLISHED
TCP mine:5180 mine:0 LISTENING
TCP user-2ini87c.dialup.mindspring.com:137 mine:0 LISTENING
TCP user-2ini87c.dialup.mindspring.com:138 mine:0 LISTENING
TCP user-2ini87c.dialup.mindspring.com:nbsession mine:0 LISTENING
TCP user-2ini87c.dialup.mindspring.com:1047 pop04.earthlink.net:pop3
TIME_WAIT
UDP user-2ini87c.dialup.mindspring.com:nbname *:*
UDP user-2ini87c.dialup.mindspring.com:nbdatagram *:*
** I note the "dialup" above, so that means something goes out, and
a query is made. File on server can be accessed.

Now, a change is made offline; changes according to manual configuration
guide made by NAV, but guesses on implimentation were made as NetScape 7.2
does not conform to anything described by Symantec or Netscape concerning
configuration purposes.

** With patches to PREFS.JS that activate the "timer" bar when Send is tried
TCP mine:1026 localhost:1025 ESTABLISHED
TCP mine:1025 localhost:1026 ESTABLISHED
TCP mine:5180 mine:0 LISTENING
TCP user-2ini86s.dialup.mindspring.com:137 mine:0 LISTENING
TCP user-2ini86s.dialup.mindspring.com:138 mine:0 LISTENING
TCP user-2ini86s.dialup.mindspring.com:nbsession mine:0 LISTENING
TCP mine:1034 mine:0 LISTENING
TCP mine:1035 mine:0 LISTENING
TCP mine:pop3 localhost:1034 FIN_WAIT2
TCP mine:1034 localhost:pop3 CLOSE_WAIT ** tried send 3 times **
TCP mine:1035 localhost:pop3 CLOSE_WAIT
TCP mine:pop3 localhost:1035 FIN_WAIT2
TCP mine:1036 mine:0 LISTENING
TCP mine:pop3 localhost:1036 FIN_WAIT2
TCP mine:1036 localhost:pop3 CLOSE_WAIT
TCP mine:1037 mine:0 LISTENING
TCP mine:pop3 localhost:1037 FIN_WAIT2
TCP mine:1037 localhost:pop3 CLOSE_WAIT
TCP mine:1038 mine:0 LISTENING
TCP mine:pop3 localhost:1038 FIN_WAIT2
TCP mine:1038 localhost:pop3 CLOSE_WAIT
UDP user-2ini86s.dialup.mindspring.com:nbname *:*
UDP user-2ini86s.dialup.mindspring.com:nbdatagram *:*
** I see *no* mention of "dialup" and so presume that nothing is sent.
 
I use Wallwatcher for my WatchGuard Firebox 3 SOHO 6 FW appliance. However,
the OP made no mention of a router in play or that the router or FW
appliance if there is one was one that would work with Wallwatcher.
Click to expand...
So based on that the OP didn't mention an appliance, WW is kind of a moot
point here.
Click to expand...

Although I cannot argue with the logic of your conclusion, I find it
rather difficult to accept the premise that someone concerned about
network traffic at the level the OP has expressed would not have a NAT
router.
Some ISP's do block ports like known gaming ports but in general ISP's don't
block ports.
Click to expand...

Road Runner in Houston blocks ports. I know that for fact. Road Runner
is owned by Time Warner which is owned by AOL. That's a lot of
subscribers.

What game ports are you talking about? My son plays Half Life or one
of its incarnations all the time.
What they will do like my ISP does is if they see services
running like Web services which they do look for, they will send an email
saying close the ports or your service will be terminated.
Click to expand...

That is not how Time Warner in Houston operates. They simply blocked
the usual low-numbered ports one day. They do leave port 1723 open for
PPTP VPN, as well as few others like IPSec.


--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

"Whatever crushes individuality is despotism."
--John Stuart Mill, "On Liberty"
 
Bob said:
Although I cannot argue with the logic of your conclusion, I find it
rather difficult to accept the premise that someone concerned about
network traffic at the level the OP has expressed would not have a NAT
router.
Click to expand...


And what level is that? And what makes you think that by asking such
questions that someone needs to be using a NAT device? All you have to do
is read the OP's final reply posts to one poster about TCPview and to my
post abount Active Ports to know that the OP was NOT concerned about a NAT
device. It's programs that communicate with each other and not devices.
Road Runner in Houston blocks ports. I know that for fact. Road Runner
is owned by Time Warner which is owned by AOL. That's a lot of
subscribers.

What game ports are you talking about? My son plays Half Life or one
of its incarnations all the time.
Click to expand...

Some ISP(s) block game ports from what I have been told by other posters on
the Internet for those ISP's that don't allow game servers on their
network. My ISP doesn't do it.

Hey, different strokes for different folks or ISP(s) in this case.

And I'll remind you that you're not suppose to be responding to me. And to
be blunt about it again, I have no intrest in what you're talking about
here. ;-)

Duane :)
 
Robert said:
**
Click to expand...

I use to use TCPview too but switched to Active Ports which not only told me
the connection statues by a program but what program was doing it or was
being used as a host by another program. You can set AP's refresh rate to
high to get a good pitcure of traffic flow on the machine.

You may be able to use Process Explorer to reveal some more information to
you about a running process. You can right-click a process in the upper
pane/Properties and it will give a lot info about the process and what is
using it.

http://www.sysinternals.com/Utilities/ProcessExplorer.html

Duane :)
 
And I'll remind you that you're not suppose to be responding to me.
Click to expand...

And I'll remind you that I was not responding to you. I was responding
to your made up bullshit.
And to
be blunt about it again, I have no intrest in what you're talking about
here. ;-)
Click to expand...

At least take an interest in posting the truth as it exists in reality
and not some made up bullshit in your fantasy world.


--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

"Whatever crushes individuality is despotism."
--John Stuart Mill, "On Liberty"
 
Sure you're right Bobby I agree with you. ;-) Now please Bobby go stand in
the corner and take a Porzac. Maybe, there is something in the water
you're drinking in your neck of the woods or maybe you need to put that
*Crack* pipe down.


I am just looking out for your best interest I got your back.

Duane :)
 
Bob said:
As long as you realize that your sweeping generalization was
completely incorrect.
Click to expand...

And yours are too now go play with Kerio and play some games on your
computer.

Duane :)
 
Sure you're right Bobby I agree with you. ;-) Now please Bobby go stand in
the corner and take a Porzac. Maybe, there is something in the water
you're drinking in your neck of the woods or maybe you need to put that
*Crack* pipe down.
Click to expand...

Common ordinary troll.
I am just looking out for your best interest I got your back.
Click to expand...

<yawn>

--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

"Whatever crushes individuality is despotism."
--John Stuart Mill, "On Liberty"
 
Common ordinary troll.
Click to expand...


That's EOR to you -- Equal Opportunity Ragger. ;-)

You're nothing but a dumb-ass home user that has a home network and went and
got yourself a Linksys using Kerio on the machines , and you sneaked up on
Win 2K and think you know something. I think your son knows more than you
and held your hand every step of the way. ;-)


Hey, I was minding my own business and here you come Sky King Bobby.

LOL

Duane :)
 
Back
Top