Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Tracking Kazaa?

by ergowolf (Monk)
on May 20, 2003 at 20:43 UTC ( #259570=perlquestion: print w/replies, xml ) Need Help??

ergowolf has asked for the wisdom of the Perl Monks concerning the following question:

I want to track which users are running Kazaa to try and track down a bandwidth issue on my network. Why doesn't this code work?
foreach (@machine) { if (-e "//$_/c$/Program Files/KaZaA Lite/kazaa.exe") { print "KAZAA LITE IS INSTALLED ON $_.\n"; } else { print "Kazaa lite was not detected on $_.\n"; } if (-e "//$_/c$/Program Files/Kazaa/kazaa.exe") { print "KAZAA IS INSTALLED ON $_.\n"; } else { print "Kazaa was not detected on $_.\n"; } }

Replies are listed 'Best First'.
Re: Tracking Kazaa?
by arthas (Hermit) on May 20, 2003 at 20:54 UTC
    By the way, you should probably use something like File::Find to traverse the entire directory tree of each machine's hard disk(s). As with almost every other program, the user can decide where to install Kazaa, so you shouldn't look only in the default location. ;)

    Michele.
Re: Tracking Kazaa?
by crenz (Priest) on May 20, 2003 at 21:43 UTC

    Why your code doesn't work

    If all the machines have their C-Drive shared as c$ (and that's a big if, but I don't know your network, and then it's Windows' default sharename anyway), then you will have to escape the $, as in

    "//$_/c\$/Program Files/KaZaA Lite/kazaa.exe"

    The rest doesn't need to be escaped.

    Ways to improve your code

    Using the same approach, but more clean code:

    my %paths = ('KaZaA Lite' => 'c$/Program Files/KaZaA Lite/kazaa.exe', 'KaZaA' => 'c$/Program Files/Kazaa/kazaa.exe'); foreach (@machine) { foreach my $key (keys %paths) { print "Bah! Someone installed $key on $_!\n" if (-e "//$_/$key"); } }

    Now, you can scan for additional files very easily, without changing too much of your code (only the hash at the beginning, actually).

    Different approaches

    You might consider running a portscan against these machines, focusing on ports that are known to be used by p2p software. Yes, it's not failsafe, but it helps. Most users will not bother to customize their install, I guess.

    You might also consider scanning the whole network share for suspicious file names, in case the user installs the program in a non-standard location.

Re: Tracking Kazaa?
by zengargoyle (Deacon) on May 20, 2003 at 22:38 UTC

    if they are your machines and you have administrator passwords you should skip the whole scan the filesystem thing and look for Kazaa* keys in the machines registry.

    likewise if it's your network a machine sniffing traffic and logging ports (even inspecting packet data) will give better results. network traffic from P2P apps stick out like a sore thumb regardless of the ports they're configured for.

    if you want to stop P2P, lock down the machines and take Administrator password away from users.

Re: Tracking Kazaa?
by Paladin (Vicar) on May 20, 2003 at 20:50 UTC
    You don't say what the code doesn't do that you are expecting it to, but in
    "//$_/c$/Program Files/KaZaA Lite/kazaa.exe"
    you probably need to escape the second $ as it's being interpreted as the variable $/.
Re: Tracking Kazaa?
by Jenda (Abbot) on May 20, 2003 at 21:12 UTC

    What if they install Kazaa to a different location? I would definitely try to hide something I'm not supposed to have.

    I don't know what port does Kazaa use but would not your firewall be able to tell you that computer X tries to use pert XX or just that it generates too much traffic?

    Or maybe if you find out what port does Kazaa use you might try to connect to that port on all computers and if you do get a connection ...

    Jenda
    Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.
       -- Rick Osborne

    Edit by castaway: Closed small tag in signature

      As with install locations, many programs allow users to change which port is used for communications. I'm not sure if Kazaa (evil evil program) allows such configuration, but it is most likely ;)


      If the above content is missing any vital points or you feel that any of the information is misleading, incorrect or irrelevant, please feel free to downvote the post. At the same time, please reply to this node or /msg me to inform me as to what is wrong with the post, so that I may update the node to the best of my ability.

        If it allows them to select it can only allow them to choose from a list. It has to be able to connect to something outside. And I don't think the other party would listen on all ports.

        Or maybe not. I never tried to use it. I know though a coleague here did and was soon blocked by our firewall.

        Jenda
        Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.
           -- Rick Osborne

        Edit by castaway: Closed small tag in signature

Re: Tracking Kazaa?
by Popcorn Dave (Abbot) on May 20, 2003 at 21:03 UTC
    I think your problem may be that you're going to need the name that those drives are shared as. Trying it on my local machine, I did get it to work by changing c$ to c:

    Hope that helps!

    There is no emoticon for what I'm feeling now.

Re: Tracking Kazaa?
by talexb (Canon) on May 20, 2003 at 20:51 UTC
    • What do you expect this code to do? or,
    • What is your definition of 'works'? or,
    • How do you know that it is failing?
    --t. alex
    Life is short: get busy!
Re: Tracking Kazaa?
by ergowolf (Monk) on May 20, 2003 at 21:02 UTC
    ANonymous:
    "If you are running this on a Win32 system, then you might try doubling the forward slashes. if (-e "////$_//c$//Program Files//KaZaA Lite//kazaa.exe") { I had a similar problem with this. Cheers"

    "//$_/c$/Program Files/KaZaA Lite/kazaa.exe"

    you probably need to escape the second $ as it's being interpreted as the variable $/."

    Thanks for the suggestion. It didn't seem to have an impact.

    talexb:
    "What do you expect this code to do? or, What is your definition of 'works'? or, How do you know that it is failing?"

    The script shows every machine as not having Kazaa installed and I know several do. I want the program to accurately show who has kazaa installed.

    Michelle:
    "By the way, you should probably use something like File::Find to traverse the entire directory tree of each machine's hard disk(s). As with almost every other program, the user can decide where to install Kazaa, so you shouldn't look only in the default location. ;)"

    My users aren't very smart. I think just looking at default locations will catch most of what i am looking for.
      > Michelle:
      > ...
      > My users aren't very smart.

      Never understimate the smartness (or lack of) of your users. ;-)

      By the way, I'm Michele with a single 'l', which is a male name in Italian.

      Talk to you soon, Michele.
Re: Tracking Kazaa?
by Cody Pendant (Prior) on May 20, 2003 at 21:39 UTC
    Like other monks, I think the methodology is kind of flawed here -- couldn't you track Kazaa by, uh, huge downloads?
    --
    “Every bit of code is either naturally related to the problem at hand, or else it's an accidental side effect of the fact that you happened to solve the problem using a digital computer.”
    M-J D
Re: Tracking Kazaa?
by davis (Vicar) on May 21, 2003 at 11:23 UTC
Re: Tracking Kazaa?
by theorbtwo (Prior) on May 20, 2003 at 21:58 UTC

    Irregardless of this working or not working, consider carefuly the security (or lack of same) implications of sharing the root of the c: drive, even as a "hidden" share. Constantly, we hear about viruses scanning for shares named c$, and attempting to infect those computers.

    Instead of searching for Program Files/Kazaa on them, search for machines that have a //$_/c$/ share, and close them.


    Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

      C$ is an administrative share, meaning that anyone with administrative privileges on the box can browse the hard drive(s). Those shares are useful; I use the administrative shares all the time, but none of my users can access them. Of course, if you've got a virus running with superuser privileges you're in trouble anyway.

      LAI

      __END__
Re: Tracking Kazaa?
by Anonymous Monk on May 20, 2003 at 20:49 UTC
    If you are running this on a Win32 system, then you might try doubling the forward slashes. if (-e "////$_//c$//Program Files//KaZaA Lite//kazaa.exe") { I had a similar problem with this. Cheers

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://259570]
Approved by cciulla
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (6)
As of 2020-09-22 22:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    If at first I donít succeed, I Ö










    Results (130 votes). Check out past polls.

    Notices?