Hi I have a bit of software which seems to be calling home, cause it stops working as it should after a wee while. I block the .exe via the firewall but it still goes funny. I wonder if there might be a address I could add to the HOSTs file. Just like we do when install Photoshop and the like. I would have no idea what addy to add to the HOSTs file. is there a way to find out ?
@tnx: Firstly, as fkar says, please tell us what program it is, and what OS it is. Do You have Wireshark? You can get it here. It's free. https://www.wireshark.org/download.html You'll need to install WinPCap as well. It comes with Wireshark.
Okay...So I installed the Wireshark program. I told it not to allow WinPCap to start with Windows. I went to The installation folder (C:\Program Files\Wireshark) and I ran Wireshark.exe When it starts, look to the lower left, in the welcome screen.You will see "How To capture". If You click that, it will open a web page with online help and a tutorial. Before You click this, I suggest that You open an instance of whatever browser you are using, as it will open one and clobber you current web page. (I just did that and lost my original post ) I too will be reading this. If you have any questions, please post them here. Happy hunting.
Using Fiddler2, this can tell you the address and next you can block this in host. Download and install Fiddler2 for .net 2 or 4, install. Open Fiddler2, (close the web browser if this is open). Open the program. See the URL column for some adresss and probe with that blocking in host.
Not at all sure what I was doing. Run wire shark. Run my software. Then I asked my software to check for updates.. got this info Is this what I should be looking out for..
@tnx: You're using a product by Indigo Rose. and, it's trying to do a license check. Please allow me to demonstrate how I came to that conclusion, just by looking at that capture line: 192.168.0.7 is your local IP address provided from your router. the second IP (204.232.190.104) is the destination of the HTTP command. Use this tool to look up the domain name, based on the IP address. http://mxtoolbox.com/ReverseLookup.aspx put 204.232.190.104 in the box and press "reverse Lookup" You will see this. Click on the domain name. (app3.llamasoup.com) it will be placed in the edit box where the IP address was. Remove the "app3." portion. Only llamasoup.com should remain. Press the button again. Now look below the line "A llamasoup.com 204.232.190.104" and press "Whois lookup" That will tell you pretty much everything you need to know.
Just got in from work. Will have a good look at this later when my eyes are open.. Of course your right. My key is black listed. I have to disable the net to install, then not long after it all goes south. Hoping i can understand what you have put and get round my problem.
WOW .... I followed your steps and just to prove I did look I took a snip Spoiler So as I understand it now and comparing it to my block adobe HOST file if I add This should block the software calling home.. I WOULD NEVER HAD FIGURED THIS OUT ON MY OWN.. Thank you
Going to do a couple of testes with this. On My Test Rig First install the app, run it and make sure it works as it should. Then ask it to check for updates and see if I can replicate the software going south. Then I will do a clean install and install the software, off line, add those HOSTs entries. make sure app still works ok. Go on line. Run the app then ask it to check for updates and see what happens.. Bit long winded maybe but just what I love doing..
Well I was sort of expecting, can not connect errors. ? But I added those lines and it made no difference, it still was able to call home and know my serial is black listed...Ahh well.
@tnx: So, more investigation is in order. Now, You have the tools to help You to do just that. One other thing: Did this program modify the registry? Here's another tool for You to take a look at. http://www.nektra.com/products/spystudio-api-monitor/download/ I have used this tool to monitor programs that I have developed. It provides an -enormous- amount of diagnostic and telemetry data. Good luck, and happy hunting.
Found out one thing.. Initially I was blocking the main .exe in the firewall to stop calling home. I used that tracing software you suggested and found there is a separate .exe within a hidden folder which actually does the home calling. I have blocked this in on my main OS and run the software, then asked to update and got the can not connect error. Now just about to test this on my test machine and see what happens.
Will do.. In my tests I a still getting the crashing error when a certain part of the software is selected. Adding the update.exe to the firewall seems to work ok. So maybe my crashing has nowt to do with the owners forcing a bug in once they find out the serial is black listed. I will have to do more testing. Do you know of this software ?