Using Proxy Server 1.0 Port Investigation Mode Feature

ID: Q160672

The information in this article applies to:

Microsoft Proxy Server version 1.0

SUMMARY

Proxy Server 1.0 contains an "undocumented" feature called Investigation Mode that allows you to log the TCP ports requested by WinSock applications. With this information, you can add a port range for WinSock applications that are not common or require multiple ranges of ports to the WinSock Proxy service.

Because this feature has not been fully tested for general use, it is unsupported and has no warranties from Microsoft concerning the performance of Proxy Server while this feature is enabled. The results will vary depending on the WinSock application that is being tested. Multiple logs may have to be created to find a range of ports for a troublesome application.

MORE INFORMATION

To Set Up Investigation Mode

1. Grant the user of the WinSock application "unlimited access" in

   the WinSock Proxy service permissions tab.

   The unlimited access permission allows users access to ALL ports
   through the proxy server. Make sure other "unlimited users" do not
   use the Winsock proxy during testing otherwise multiple ports will
   be logged.

2. Enable investigation mode.

   WARNING: Using Registry Editor incorrectly can cause serious,
   system-wide problems that may require you to reinstall Windows
   NT to correct them. Microsoft cannot guarantee that any problems
   resulting from the use of Registry Editor can be solved. Use this
   tool at your own risk.

   Investigation mode is invoked and controlled via the registry. Add
   the following two values in the Parameters section of WSPSrv
   registry key:

      Hkey Local Machine\System\CurrentControlSet\Services\
      WSPSrv\Parameters

   NOTE: Unlike most registry entries, a space should be between
   Investigation Mode and Investigation Log. Be sure to include the
   space.

   Entry 1
   -------

   Investigation Mode
   REG_DWORD: 1

   Changing the Investigation Mode value to 1 will  toggle
   investigation mode on. You do not need to restart WinSock
   Proxy service. Changing the value back to 0 will toggle the
   mode off.

   Entry 2
   -------

   Investigation Log
   REG_SZ: <path>

   The path to the investigation log must include the file name.
   For example: c:\logs\investigate.txt

   When the Investigation Mode is on, the log file is denied for
   write, so some editors may not be able to open the file. You can
   use Notepad or the "type" command to view the log file while
   Investigation Mode is turned on. After you toggle the Investigation
   Mode off, you can load the log file into any text editor.

3. Work with the application.

4. Toggle Investigation Mode off and remove yourself from the

   Unlimited Access list.

5. Check the investigation log for the ports that should be opened.

   The first entry in the log is the primary connection. The rest of
   entries are secondary connections.

Examples

HTTP - Using Web browser will leave only one entry in the investigation log:

   <TCP OUT 80>

FTP - Using FTP will leave two entries:

   <TCP OUT 21>
   <TCP IN 0>

The secondary TCP inbound range should be enabled for PORT_ANY.

VDOLive - VDOLive client will leave two entries in the log:

   <TCP OUT 7000>
   <UDP IN 0>

The secondary UDP inbound range should be enabled for PORT_ANY.

AlphaWorld - AlphaWorld will create several entries in the log. Between them there will be two entries similar to the following:

   <UDP OUT 3000>
   <UDP IN 3000>

The secondary ranges must be added. However, this will only work for a short time. Sooner or later users will report that they cannot talk to each other in the AlphaWorld (AW), but they are able to communicate with other AW citizens. Once again, the first thing you should try is to enable Investigation Mode. This time, add several users to Unlimited Access group and ask them to try a connection. Because the users have access to all ports, they will be able to connect to AlphaWorld with no trouble. When you analyze the investigation log, you will see additional entries similar to the following were in use:

   <UDP OUT 3001>
   <UDP IN 3001>
   <UDP OUT 3002>
   <UDP IN 3002>

In this case, ranges of ports should be enabled. If you want to allow 10 people to use AlphaWorld at the same time, you can add the following ranges to the secondary list:

   <UDP OUT 3000-3009>
   <UDP IN 3000-3009>

Keywords          : kbhowto
Version           : WINNT:1.0
Platform          : winnt
Hardware          : ALPHA x86
Issue type        : kbinfo

Last Reviewed: December 30, 1997