Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Help With Custom War Dialer

by Dru (Hermit)
on Mar 10, 2004 at 15:59 UTC ( #335489=perlquestion: print w/replies, xml ) Need Help??

Dru has asked for the wisdom of the Perl Monks concerning the following question:

Greetings Monks,

Recently, I was given the task of finding all modems at my companies location. I've used the war dialer THC-Scan in the past with good results, but for some reason this time I went to use it and it failed to detect any modems even when they where present. I tried the other popular dialer Toneloc, but I could not get it working correctly.

I then thought "I wonder if there is a Perl module that will help me roll my own." And sure enough, I found Win32::SerialPort. Hacking an example from the author's site, I was able to get almost what I wanted. When it detects a modem, I receive the following: Output: Got ."ATDT123456789, which is great since I can just send all the output to a file and just parse on ATDT to get a list of modems.

But knowing my manager, he's going to ask "Is there anyway to tell if they are faxes or not." Since faxes sound distinctively different, I'm wondering if this is possible?

Any help is much appreciated,
# The majority of this code is borrowed from: # # I just removed the parts to let it run unattended. use Win32::SerialPort; use strict; use warnings; my ($line, $port, $port_obj, $string, $timeout); my $paging_service = "123456789"; # Supply real number here my $debug = 1; $port = 'COM3'; # Open port with previously saved configuration $port_obj = start Win32::SerialPort ("pager_$port.cfg") || die "Can't open pager_$port.cfg: $^E\n"; print STDERR "Dialing Number: \"$paging_service\"\n" if $debug; # You probably need at least BUSY and CONNECT $port_obj->are_match("BUSY","CONNECT","OK", "NO DIALTONE","ERROR","RING","NO CARRIER","NO ANSWER"); # my modem resets to give verbose responses $port_obj->write("ATZ\r") || die "Could Not Reset\n"; # Check Modem responding to reset # 5 second timeout from config file waitfor() || die "Modem Did Not Reset\n"; # Timeouts will need adjustment for dfferent services and locations. # Must give the receiving modem a few seconds to pickup and negotiate. $port_obj->read_const_time(30000); my $retries = 0; for (;;) { $port_obj->write("ATDT$paging_service\r") || die "Could Not Dial\n"; # Dial Paging service my $diallog = waitfor(); die "Dial timed out or failed\n" unless (defined $diallog); last if ($diallog eq "CONNECT"); if ((++$retries < 5) && ($diallog eq "BUSY")) { sleep 1; # adjust as required next; } die "Dial did not connect properly: $diallog\n" } $port_obj->write("\r\r"); # Hit enter when connected $port_obj->read_const_time(10000); $port_obj->read_const_time(5000); ## waitfor("Goodbye\r") || die "Missing signoff from service\n"; waitfor("Goodbye") || die "Missing signoff from service\n"; $port_obj->close; # Close port sub waitfor { $port_obj->lookclear; # clear buffers my $gotit = ""; my $response = shift; if ($response) { $port_obj->are_match($response); print "Output: Waiting for \"$response\".\n" if $debug; } else { print "Output: Waiting for \"are_match()\".\n" if $debug; } for (;;) { return unless (defined ($gotit = $port_obj->lookfor(1))); if ($gotit ne "") { my ($match, $after, $pattern) = $port_obj->lastlook; print "Output: Got .\"$gotit$match$after\".\n" if $debug; return $match; } return if ($port_obj->reset_error); } }

Replies are listed 'Best First'.
Re: Help With Custom War Dialer
by UnderMine (Friar) on Mar 10, 2004 at 16:38 UTC
    Depending on your modem the return result of the ATD%s might help. A return on 82 may be of interest.

    NexCom 300 Modem Commands

    When answering a call, the modem has detected a fax calling tone.

    Not sure if this in incomming or outgoing though

    AT+FCON Facsimile Connection
    This response indicates connection with a Fax machine.

    Hope it helps

Re: Help With Custom War Dialer
by flyingmoose (Priest) on Mar 10, 2004 at 16:03 UTC
    I can't help, but I'll give you bonus points for the scariest and most-illegal sounding SOPW question ever :)

    I think the only way you are going to be able to detect a FAX is by trying to speak a bit of FAX protcol and see if it "likes" you and returns FAX-like acknowledgements. Or maybe FAXEN don't like certain aspects of modem protocol and hang up. Who knows.

    Good luck with it, sounds like a fun task.

      flyingmoose, that was my thought initially too, but after reading the post I am very impressed with it.

      I've looked around a bit and I found Ivrs which has some fax related information in it. Specifically, take a look at

      and the code in DEMO3. I think they'll at least put you on the right track, if not do most of the work for you. :^)

      - - arden.

Re: Help With Custom War Dialer
by matija (Priest) on Mar 10, 2004 at 22:31 UTC
    The modem that answers the phone decides what it will answer with, and once the two modems connect, you will get back a "CONNECT somethingsomethingsomething" string.

    The exact value of the "something..." depends on the brand (BIOS) of your modem, as well as on what it has connected with.

    Where NNNN is a number is a baud speed means the other side has a modem and a data connection has been established.
    The handshake has been established with a device ready to receive faxes.
    Something resembling a human voice has answered the phone. Some modems do not offer this, but return "No Carrier" instead. Other modems may even have the option of digitizing and "recording" the voice.
    Note that a good enough modem can establish any of those connections. There are programs out there which can use voice-enabled fax modems for the ultimate in flexible voice-mail.

    The handshake goes something like this:

    1. Play "leave a message after the beep" recording
    2. Play "fax tones" as the beep (that's the clever part)
    3. If the other side responds with fax tones, establish a fax connection
    4. If the other side responds with voice, record the voice message
    5. If the other side is silent for more than X seconds, play "modem tones" and if possible, establish data connection.
    Determining exactly what is on the other side is therefore not going to be very reliable.
Re: Help With Custom War Dialer
by Fletch (Bishop) on Mar 10, 2004 at 16:16 UTC

    Presuming your dialing modem has a fax modem, you might see if you could find a wintendo version of something like hylafax. Baring that, you could look for what AT commands to send your fax modem to make it dial as if sending a fax and see if the other end answers to that correctly.

    Update: After re-reading that I wasn't exactly clear. What I meant was using something like hylafax to try and send a fax to each of your discovered phone numbers and see if it successfully delivers it or not.

      This may not be desirable as you could be sending a large number of test faxes ie. scanning a modem rack to see which are configured as fax machines.

      Ideally you would want to be able to drop the line after the initial detection phase.

      Just some random thoughts

Re: Help With Custom War Dialer
by NetWallah (Canon) on Mar 10, 2004 at 16:35 UTC
    You can get modem model info using the "ATI4" command. If you know your modems, you can map this info to determine fax-capable ones.

    Details at this URL.

      That's going to give him information on the modem he is using to dial out with, not the device on the other end of the connection.
Re: Help With Custom War Dialer
by jbodoni (Monk) on Mar 11, 2004 at 05:06 UTC
    You've been given a task I wouldn't want to have!

    • If a modem or fax isn't set to auto-answer, you'll never find it.
    • Nowadays most modems have fax capabilities, so every one of your modem numbers is potentially a fax number.
    • IIRC, faxes communicate at either 4800 or 9600 baud, which should sound different to a trained ear than a modern (at least v.32) modem's normal "data" connection.. but who would want have to listen to the screeching of modems handshaking over and over??

    The best way to tell if they're fax machines is to try to fax them something! :)

      Faxes can communicate at 14400 baud. Ours at the office does. I believe that is the current maximum however.. I could be incorrect.

Re: Help With Custom War Dialer
by Vautrin (Hermit) on Mar 10, 2004 at 17:29 UTC
    You may want to do some research on the legality of what you're attempting, or you and your managers could end up in some serious hot water. (For a good example, you can be fined up to $500 for every junk fax you send out. Not everyone will collect, but you could face a pretty big bill)

    Want to support the EFF and FSF by buying cool stuff? Click here.
      He's doing it internal to his company... if any one reports it and gets the company fined for sending a junk internal fax... I have a feeling they would be sacced.

Re: Help With Custom War Dialer
by Mr. Muskrat (Canon) on Mar 11, 2004 at 05:36 UTC

    I was given the task of finding all modems at my companies location.

    Did someone neglect to keep an accurate inventory of equipment? Or is there reason to believe that someone is using their personal modem?

      ... or at < $20.00 USD are people expensing them and hooking them up themselves, or are people running their phone cord from the wall jack into the back of the computer they just ordered, and then to their phone.

      There are many validcommon ways this can happen. Usually something like this is used to back up a policy decision.


      More likely that a security manager is wondering how many potenteial PC-ANYWHERE contact points might exist behind their firewall
        WiFi Access points are far more of an issue these days. For a trivial amount a manager can have the printer where he wants and not even have to call the IT people. Bang goes your security policy.

        War walking is far easier and a lot harder to trace. With war dialing the phone company will have a record of the who made the call and then it is just a case of back tracking. True it may be many steps but there is probably some sort of trail.

        Unless a network is running intrusion detection finding a new node on the network will be hard and if the person knows enough to hide what they are doing almost impossible.

        Just a couple of paranoid thoughts

Re: Help With Custom War Dialer
by Anonymous Monk on Jun 29, 2007 at 21:41 UTC
    Adding +FCLASS=1 or +FCLASS=2 to your modem initialization string will allow you to detect and communicate with fax machines.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://335489]
Approved by arden
Front-paged by arden
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (6)
As of 2022-06-27 21:50 GMT
Find Nodes?
    Voting Booth?
    My most frequent journeys are powered by:

    Results (88 votes). Check out past polls.