|
|
|
|
IpPortMon User GuideSUMMARYThis document provides a brief guide for the use of the IpPortMon application. It is assumed that the reader is familiar with the use of Windows console (command-line) applications, opening a Command Prompt window and understands the need and impact of using Administrator Privileges to install device drivers. RUNNING the IpPortMon ApplicationThe IpPortMon application is a Windows console application. You must open a Command Prompt window and then change to the directory containing the application and support files. If you have downloaded IpPortMon from the PCAUSA website, then the installer has places these files in this folder: C:\Program Files\PCAUSA\IP Port Monitor When you run the IpPortMon application it will install device drivers. You can only install device drivers if you are running with administrator privileges.
Like many Windows console applications, IpPortMon is controlled by providing arguments to the application when you start it. You can get a list of these options by using the “/?” option. When you do, you will get a “usage message” similar to what is shown below:
You must specify either a local or a remote port to monitor. You would select a local port if the server you are monitoring is on the local host. You would select a remote port if you want to monitor a connection between a local client and a remote host. Most of the options are self-explanatory. Less obvious options are: MAX Number of Cached Log Entries (-maxlog) This parameter specifies the maximum number of log records that driver can allocate. Each log record consists of a small amount of fixed overhead plus a variable size memory allocation for the data being logged. When the maximum number of cached log entries is exceeded the driver stops creating log entries. If records are read faster than they are created, then this limit won’t be reached. However, when monitoring large transfers between client and server at memory copy speeds it is certain that the limit will be reached and some monitor data will be lost. Number of Bytes to HEX Dump to Console (-hexlen) This parameter specifies the maximum number of bytes of data to HEX dump to the console. In many cases only the first few bytes of a monitored operation is of interest. Remember that output to the console is a slow process; dumping fewer bytes may reduce the number of log record overruns. Saving IpPortMon Output to a File You can save the IpPortMon output to a file by using the redirection operator. Operation of the TDI filter on pre-Vista platforms requires the TDI filter to be running before the local host sockets on the port to be monitored is created.
This restriction does not apply to the WFP driver used on Vista and later platforms.
Example: Monitoring a Telnet SessionThe command line below tells IpPortMon to monitor in the Telnet port (port 23) on the local host and use HEX dump to dump all monitor data to the console: E:>ipportmon -lport 23 -hexlen -1 Example: Monitoring a TCP Echo SessionThe command line below tells IpPortMon to monitor in the TTCP port (port 5001) on the local lost and use HEX dump to dump all monitor data to the console: E:>ipportmon -lport 5001 -hexlen -1 Example: Monitoring HTTP Transactions to a Remote ServerThe command line below tells IpPortMon to monitor in the HTTP port (port 80) on the PCAUSA website lost and use HEX dump to dump all monitor data to the console. The URL to be monitored is http://www.pcausa.com/filters/smallpage.htm, and the IP address of the PCAUSA server is 198.173.253.120. E:>ipportmon -rport 80 -raddr 198.173.253.1 20 -rmask 255.255.255.255 -hexlen -1 > smallpage.log |
|
PCAUSA Home ·
Privacy Statement ·
Products ·
Ordering ·
Support ·
Utilities ·
Resources
|
Use
the system Run as Administrator feature to open the Command Prompt
window that you will use to run the IpPortMon application.