Maybe im just stupidt but im having alot of problems with my trial version of tds-3 ,it sais im connected to the target host but wont ping them and always has a broken trace, cant seam to get udp port to listen on or tcp connect to listen either.it will show im connected on port 21 and 1720 even shows when sending , does it conferm that what i sent is recieved?i do intend on buying the program but what are the limitations of the free trial,does it work or is it just a touch the buttons type of free trial.?

Hi zigahoo, It looks like you need to visit TDS3's extensive help file but regarding TCP connect here is a little from the help file that may help you.

-{ Quote: "TCP Connect

If you know the protocol between a server and Client application, the TCP Connect utility can act as the client. However you must know the language used otherwise you cannot communicate with the server.

This utility can be used to communicate with trojan servers for analysis.

Place the IP address of the system that you wish to connect to. Enter in the port number of the server in the Remote Port box.

You can choose which local port you wish to use. Click on connect, and you will find that you have established a connection with the server.
This is the most open utility in TDS-3, allowing you to connect to any IP on any port, specifying your local port, and giving you access to the entire ASCII character set. Because of this, you can use TDS-3 to simulate almost any client, including IRC, FTP, Finger, Time, and so on. (It won't look pretty but either way you will still have more (unlimited) control over the protocol than any client would give you. (As an example, sending this string to an IRC server:

mode #channel +b *!*@*Testing$$160$$Testing...
This would result in a mode change of "+b *!*@*Testing Testing..." - using the 'false' space character of ASCII 160 (true space is ASCII 32). The TCP Connect, TCP Connect via SOCKS, and UDP Broadcast facilities will all convert $$number$$ to its appropriate ASCII character. For example, $$13$$$$10$$ will be converted to ASCII 13 & 10 (carriage return | line feed) before the string is sent. The small "& CR" boxes at the end of the text entry boxes in these utilities simply automatically append the carriage return to strings before they are transmitted. If Convert High/Low ASCII is checked, ASCII characters with values less than 31 or greater than 127 will be converted to their numerical ASCII expression rather than being directly printed to screen." }-

The limitations of the trial are:
No Execution Protection
Limited SS3 scripting
No automatic updates i.e. You need to get the updates manually from the DCS site.

HTH Pilli

Hi there, and welcome to the forum!

I think it is understanding the program.
In Target Host you can put any IP or URL and do your stuff.
For instance test this:
Put In your HOSTS file make an addition like
127.0.0.1 www.myowncomputer.com (or something which doesn't exist)
Now also look for your current IP address.
(System analysis > get IP address)
First put your 127.0.0.1 in Target Host and resolve: it should give you "local host"
Now put your IP address there and resolve, it should give you taht phantasy URL you just added to your HOSTS file.
Ping them both, trace them, resolve them, now with the connect:
connect to 127.0.0.1 will be forcefully rejected, but to your IP address might enable you to connect. Now the Helpfile gives some info how to use that function further.


The Port Listen is on TCP and it depends on what you're expecting: put it on a port, like 80 for instance and you might see some traffic coming in: we did many years ago with allowing that port in the firewall and seeing the CodeRed infections coming in, or set it on port 137, which is a lot portscanned too, or another port you see scanned a lot at that time.


Now for the sockets: you can configure those automated and let only a few bytes in and have your email address and beep alarms for attacks.
Now with that go to a test site like ShieldsUp! to have your ports scanned and you should see a few alarms. If you use the plugins for Trojan Ports you should get some of the same alarms.
Port 21 is a FTP port, so if you have a FTP server you will find that open, or during connections to such sites for your downloads. You can block that in your firewall if needed.
1720 = H323HOSTCALL - h323hostcall
i'm not familiar with that one?
Could that port be used by a D-Link router for instance?

You see what you receive yourself in the Traffic Bridge (which can function as a proxy if you like) or the Port Listen, you can even change data there.


The trial is fully functional, be it that you need to update the databases manually from the site, and you can't install the Exec Protection, and you can't run scripts over 5kb size. all the scanning, testing, running small scripts, network functions work fine also in the trial.

Hope this helps somewhat.