So to test it you need to make a connection from Windows to another system. It can be ftp, telnet, or some other tcp protocol. I use telnet. Then you need two open windows in another system that can connect to port 113 on the Windows system.
1. Open two terminal windows on a system that can telnet to port 113 of the Windows system
2. In Windows use telnet or ftp to connect to the system in 1.
3. In one terminal window run netstat. Explore the result for the connection made in 2. The netstat output will be several lines that look like this:
tcp4 0 0 wideglide.local.ftp mini.mydoman.com.64655 ESTABLISHED
This is for an ftp connection.
4. In the other window of the system in 1, run telnet and connect to port 113 on the Windows box. When you get a connection, type in the following:
21,64655 <enter> (obviously use the data from your netstat report and not these numbers)
This is the local connection port (ftp=21) on the system in 1. and the source port of the Windows system (64655) separated by a comma.
The Windows system should return something like this, using the ftp example given:
21,64655 : USERID : UNIX : dkp
Notice I used 21 in the left side of the submission - the particular identd you use may recognize "ftp" instead of 21, but 21 is guaranteed to work. If you use telnet instead of ftp then the port is 23.
Basically what is going on is you are asking the Windows system to identify the user that has opened your port 21 from a source port of 64655. Because these two ports can only be associated with one user, that user will be returned in the reply. Despite the fact that you are using Windows, most identd's will offer UNIX just before the remote user's login id.
This protocol is most often associated with IRC which for reasons that stun my senses, seems to expect this tool to be in place and yet it is sooo easy to spoof. A Linux system running an identd perl script can respond with any name the operator chooses. That, in fact, is exactly why I wrote a REXX version 12 years ago for OS/2.
Last edited: Jun 17, 2007