Using the Proxy Server 1.0 Port Investigation Mode Feature

ID: Q160672

The information in this article applies to:
  • Microsoft Proxy Server version 1.0

SUMMARY

Proxy Server 1.0 contains an "undocumented" feature called Investigation Mode that allows you to log the TCP ports requested by WinSock applications. With this information, you can add a port range for WinSock applications that are not common or require multiple ranges of ports to the WinSock Proxy service.

Because this feature has not been fully tested for general use, it is unsupported and has no warranties from Microsoft concerning the performance of Proxy Server while this feature is enabled. The results will vary depending on the WinSock application that is being tested. Multiple logs may have to be created to find a range of ports for a troublesome application.


MORE INFORMATION

To Set Up Investigation Mode

  1. Grant the user of the WinSock application "unlimited access" in the WinSock Proxy service permissions tab.

    The unlimited access permission allows users access to ALL ports through the proxy server. Make sure other "unlimited users" do not use the Winsock proxy during testing otherwise multiple ports will be logged.


  2. Enable investigation mode.

    WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

    Investigation mode is invoked and controlled via the registry. Add the following two values in the Parameters section of WSPSrv registry key: 
    
      Hkey Local Machine\System\CurrentControlSet\Services\ 
      WSPSrv\Parameters
    NOTE: Unlike most registry entries, a space should be between Investigation Mode and Investigation Log. Be sure to include the space.

    Entry 1

    
   Investigation Mode
   REG_DWORD: 1
    Changing the Investigation Mode value to 1 will toggle investigation mode on. You do not need to restart WinSock Proxy service. Changing the value back to 0 will toggle the mode off.

    Entry 2

    
   Investigation Log
   REG_SZ: <path>
    The path to the investigation log must include the file name. For example: c:\logs\investigate.txt

    When the Investigation Mode is on, the log file is denied for write, so some editors may not be able to open the file. You can use Notepad or the "type" command to view the log file while Investigation Mode is turned on. After you toggle the Investigation Mode off, you can load the log file into any text editor.


  3. Work with the application.


  4. Toggle Investigation Mode off and remove yourself from the Unlimited Access list.


  5. Check the investigation log for the ports that should be opened.

    The first entry in the log is the primary connection. The rest of entries are secondary connections.


Examples



HTTP - Using Web browser will leave only one entry in the investigation log: 

   <TCP OUT 80>
FTP - Using FTP will leave two entries: 

   <TCP OUT 21>
   <TCP IN 0>
The secondary TCP inbound range should be enabled for PORT_ANY.

VDOLive - VDOLive client will leave two entries in the log: 

   <TCP OUT 7000>
   <UDP IN 0>
The secondary UDP inbound range should be enabled for PORT_ANY.

AlphaWorld - AlphaWorld will create several entries in the log. Between them there will be two entries similar to the following: 

   <UDP OUT 3000>
   <UDP IN 3000>
The secondary ranges must be added. However, this will only work for a short time. Sooner or later users will report that they cannot talk to each other in the AlphaWorld (AW), but they are able to communicate with other AW citizens. Once again, the first thing you should try is to enable Investigation Mode. This time, add several users to Unlimited Access group and ask them to try a connection. Because the users have access to all ports, they will be able to connect to AlphaWorld with no trouble. When you analyze the investigation log, you will see additional entries similar to the following were in use: 

   <UDP OUT 3001>
   <UDP IN 3001>
   <UDP OUT 3002>
   <UDP IN 3002>
In this case, ranges of ports should be enabled. If you want to allow 10 people to use AlphaWorld at the same time, you can add the following ranges to the secondary list: 

   <UDP OUT 3000-3009>
   <UDP IN 3000-3009>

Keywords :
Version : WINNT:1.0
Platform : winnt
Issue type : kbinfo


Last Reviewed: August 10, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.