Using Proxy Server 1.0 Port Investigation Mode Feature

 Last reviewed: December 30, 1997
Article ID: Q160672

The information in this article applies to:

  • Microsoft Proxy Server version 1.0

SUMMARY

Proxy Server 1.0 contains an "undocumented" feature called Investigation Mode that allows you to log the TCP ports requested by WinSock applications. With this information, you can add a port range for WinSock applications that are not common or require multiple ranges of ports to the WinSock Proxy service.

Because this feature has not been fully tested for general use, it is unsupported and has no warranties from Microsoft concerning the performance of Proxy Server while this feature is enabled. The results will vary depending on the WinSock application that is being tested. Multiple logs may have to be created to find a range of ports for a troublesome application.

MORE INFORMATION

To Set Up Investigation Mode

  1. Grant the user of the WinSock application "unlimited access" in the WinSock Proxy service permissions tab.

    The unlimited access permission allows users access to ALL ports through the proxy server. Make sure other "unlimited users" do not use the Winsock proxy during testing otherwise multiple ports will be logged.

  2. Enable investigation mode.

    WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

    Investigation mode is invoked and controlled via the registry. Add the following two values in the Parameters section of WSPSrv registry key: 

          Hkey Local Machine\System\CurrentControlSet\Services\
      WSPSrv\Parameters

    NOTE: Unlike most registry entries, a space should be between Investigation Mode and Investigation Log. Be sure to include the space.

    Entry 1 -------

    Investigation Mode REG_DWORD: 1

    Changing the Investigation Mode value to 1 will toggle investigation mode on. You do not need to restart WinSock Proxy service. Changing the value back to 0 will toggle the mode off.

    Entry 2 -------

    Investigation Log REG_SZ: <path>

    The path to the investigation log must include the file name. For example: c:\logs\investigate.txt

    When the Investigation Mode is on, the log file is denied for write, so some editors may not be able to open the file. You can use Notepad or the "type" command to view the log file while Investigation Mode is turned on. After you toggle the Investigation Mode off, you can load the log file into any text editor.

  3. Work with the application.

  4. Toggle Investigation Mode off and remove yourself from the Unlimited Access list.

  5. Check the investigation log for the ports that should be opened.

    The first entry in the log is the primary connection. The rest of entries are secondary connections.

Examples

HTTP - Using Web browser will leave only one entry in the investigation log: 

   <TCP OUT 80>
FTP - Using FTP will leave two entries: 

   <TCP OUT 21>
   <TCP IN 0>
The secondary TCP inbound range should be enabled for PORT_ANY.

VDOLive - VDOLive client will leave two entries in the log: 

   <TCP OUT 7000>
   <UDP IN 0>
The secondary UDP inbound range should be enabled for PORT_ANY.

AlphaWorld - AlphaWorld will create several entries in the log. Between them there will be two entries similar to the following: 

   <UDP OUT 3000>
   <UDP IN 3000>
The secondary ranges must be added. However, this will only work for a short time. Sooner or later users will report that they cannot talk to each other in the AlphaWorld (AW), but they are able to communicate with other AW citizens. Once again, the first thing you should try is to enable Investigation Mode. This time, add several users to Unlimited Access group and ask them to try a connection. Because the users have access to all ports, they will be able to connect to AlphaWorld with no trouble. When you analyze the investigation log, you will see additional entries similar to the following were in use: 

   <UDP OUT 3001>
   <UDP IN 3001>
   <UDP OUT 3002>
   <UDP IN 3002>
In this case, ranges of ports should be enabled. If you want to allow 10 people to use AlphaWorld at the same time, you can add the following ranges to the secondary list: 

   <UDP OUT 3000-3009>
   <UDP IN 3000-3009>

Keywords          : kbhowto
Version           : WINNT:1.0
Platform          : winnt
Hardware          : ALPHA x86
Issue type        : kbinfo

================================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: December 30, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.