Click here to Skip to main content
Click here to Skip to main content

Net Spy: Your Network Spy

By , 16 Feb 2008
Rate this:
Please Sign up or sign in to vote.

New_Block_Diagrams_Net.JPG

Description

This is a small Windows based tool which will continuously monitor your shared folders in a network. It will show a popup message whenever a user in the network accesses your system. You can also get information about user systems and a log will be generated that shows which folder the user accessed, which files have been changed, deleted, created, etc. Here is the feature list:

  1. Displays all of your shared folders in a grid view.
  2. Popup indication when a user accesses your system.
  3. List of folders accessed by a user.
  4. Name of folders and files that were changed, created, deleted, or renamed by users.
  5. Detailed information of remote user systems.
  6. NotifyIcon on system tray.
  7. Saves logged details to a text file.

Screen flash

Screen_Flash.JPG

Design and process flow

SpyNet will run on a standalone system in the network. When a user accesses the system it will show a popup message that “User A” is accessing your system. This tool contains a datagrid to store the information of the user, our own system information, and it will keep track of all file changing information of the user. The user can log all the details in a text file also.

ProcessFlow.JPG

Detailed description

This tool has four main sections:

  1. Shared Folder
  2. Current Session
  3. Accessed Folder
  4. Folder watcher

The folder watcher has the following sections:

  1. Created
  2. Deleted
  3. Renamed
  4. Changed

1. Shared Folder

In the main screen, the user should be able to get a list of all shared folders of your system. You should be able to see shared folder name, path, description, and status. When a user accesses a folder, automatically the folder watch starts and will log the changes. [Avoid setting your system folders as a shared folder because there are many changes happening by default in them so it will keep tracking all of them and this may cause some Exceptions.]

Shared_Folder.JPG

2. Current Session

The Current Session tab will display who is accessing your system right now and the total access time, ideal time, remote user IP, and the OS name. If a single user accesses twice (by giving your IP address), it will create two different entries for that.

Current_Session.JPG

While a new user accesses your system, you will get a popup alert on that.

PopUP_Notifier_New.JPG

This is the indication to you that a new user is now accessing your system. You can change the “Refresh Speed” from setting. And you can also disable the popup notification from the Settings menu.

Settings_Menu.JPG

3. Accessed Folder

This is the list of folders that are accessed by the user. If the user accesses any of your shared folders, a log will be generated. You can see it from the “Accessed Folder” tab.

AccessFolder.JPG

4. Folder Watcher

This is one of the main sections of the SpyNet tool. This section itself contains four subsections that keep track of each and every file and folder change, delete, rename, and create.

These sections are:

a. Created

This will give you the details of the created files information, the new files being created by the remote user with proper file path and date time.

Create_List.JPG

b. Deleted

This will keep track of deleted files by the remote user. What files from the user shared folder were deleted by any of the remote users will be recorded by SpyNet.

Delete_List.JPG

c. Renamed

A file rename file list is recorded by SpyNet. It will keep track of files' old names and and new names and also date and time of change.

Rename_List.JPG

d. Changed

If any file has been changed by a remote user, it will keep track of that file, and what file is changed with date and time.

Chnaged.JPG

When SpyNet is running in your system, you can check it from your system tray. A notify icon should be there and you can close and restore the application from there.

ContextMenu.JPG

Save log to text file

Whatever changes are traced by SpyNet to your shared folder, you can save it all to a log file in .txt format for future use.

Log_Generation.JPG

Technical description

This tool was using C# as a Windows based application. I used WMI (Windows Management Instrumentation) and MQL (Management Query Language) for retrieving system information.

Main file: System.management.dll.

Code for reading all shared folders in a systems:

private void Read_Shared_Folder()
{
    int cnt = 0;
    try
    {
       // MQL for Shaer Information
        ManagementObjectSearcher searcher =
            new ManagementObjectSearcher("root\\CIMV2","SELECT * FROM Win32_Share");

        foreach (ManagementObject queryObj in searcher.Get())
        {
            RDirPath = queryObj["Path"].ToString();
            if (!RDirPath.Equals("") || RDirPath.Equals("IPC$") || 
                RDirPath.Equals("ADMIN$") )
            {
                File_Watcher(RDirPath);
            }
            load_Shared_Item(cnt, queryObj["Name"].ToString(), 
                 queryObj["Path"].ToString(), 
                 queryObj["Description"].ToString(), 
                 queryObj["Status"].ToString() );
            cnt=cnt+1;

        }
    }
    catch (ManagementException e)
    {
        MessageBox.Show("An error occurred while " + 
           "querying for WMI data: " + e.Message);
    }
}

Read user name for current session:

private  void Read_Current_Session()
{
    int counter = 0;
    int ActiveTime;
    int itime;
    string sharename;
    try
    {
        ManagementObjectSearcher searcher =
           new ManagementObjectSearcher("root\\CIMV2",
           "SELECT * FROM Win32_ServerConnection");
        ManagementObjectSearcher searcher2 =
           new ManagementObjectSearcher("root\\CIMV2",
           "SELECT * FROM Win32_ServerSession"); 
        // Read the object 
        foreach (ManagementObject ServerQobj in searcher2.Get())
        {
            RemoteOS = ServerQobj["ClientType"].ToString();
            IDealTime = ServerQobj["IdleTime"].ToString();
            itime = Int32.Parse(IDealTime) / 60;
            IDealTime = itime.ToString();
        }

        foreach (ManagementObject queryObj in searcher.Get())
        {
            RemoteIPAddress = queryObj["ComputerName"].ToString();
            RemoteUserName = queryObj["UserName"].ToString();
            RemoteActiveTime = queryObj["ActiveTime"].ToString();
            ActiveTime = (Int32.Parse(RemoteActiveTime)) / 60;
            RemoteActiveTime = ActiveTime.ToString();
            sharename = queryObj["ShareName"].ToString();
            if (!sharename.Equals("IPC$"))
            {
                Load_Current_Session(counter, RemoteIPAddress, 
                   RemoteUserName, RemoteActiveTime,IDealTime,RemoteOS);
                load_Access_folder(counter, RemoteUserName, sharename);
                counter += 1;
            }
        }
    }
    catch (ManagementException e)
    {
        MessageBox.Show("An error occurred while " + 
           "querying for WMI data: " + e.Message);
    }
}

Using file watcher to watch shared files and folders:

private void File_Watcher(string sFolderPath)
{
        FileSystemWatcher mywatcher = new FileSystemWatcher(sFolderPath);           
        mywatcher.Filter = "";
        mywatcher.NotifyFilter = NotifyFilters.CreationTime | 
           NotifyFilters.DirectoryName | NotifyFilters.FileName |  
           NotifyFilters.LastAccess ;
        mywatcher.EnableRaisingEvents = true;
        mywatcher.IncludeSubdirectories = true;
        mywatcher.Created += new FileSystemEventHandler(mywatcher_created);
        mywatcher.Deleted += new FileSystemEventHandler(mywatcher_deleted);
        mywatcher.Changed += new FileSystemEventHandler(mywatcher_changed);
        mywatcher.Renamed += new RenamedEventHandler(mywatcher_renamed);
        mywatcher_List[iWatcherCount] = mywatcher;
        iWatcherCount++;
}

Code file created information:

protected void mywatcher_created(object sender,FileSystemEventArgs  e)
{
   CheckForIllegalCrossThreadCalls = false;
   DateTime current = DateTime.Now;
   lstCreate.Items.Add(e.FullPath.ToString() );
   lstCreate.Items[cCount].SubItems.Add(current.ToShortDateString());
   lstCreate.Items[cCount].SubItems.Add(current.ToShortTimeString());
   cCount += 1;
}

Code for taskbar initialization:

private void TaskBar_Initilization()
 {
     taskbarNotifier1.SetBackgroundBitmap("Skin.bmp", Color.FromArgb(255, 0, 255));
               taskbarNotifier1.SetCloseBitmap("close.bmp", 
               Color.FromArgb(255, 0, 255), new Point(127, 8));
    taskbarNotifier1.TitleRectangle = new Rectangle(40, 9, 70, 25);
    taskbarNotifier1.ContentRectangle = new Rectangle(8, 41, 133, 68);
    taskbarNotifier1.TitleClick += new EventHandler(TitleClick);
    taskbarNotifier1.ContentClick += new EventHandler(ContentClick);
    taskbarNotifier1.CloseClick += new EventHandler(CloseClick);
}

Code for showing a popup:

void Show_popUP()
{
    string t1 = "500";
    string t2 = "3000";
    string t3 = "500";
    taskbarNotifier1.CloseClickable = true;
    taskbarNotifier1.TitleClickable = false;
    taskbarNotifier1.ContentClickable = true;
    taskbarNotifier1.EnableSelectionRectangle = true;
    taskbarNotifier1.KeepVisibleOnMousOver = true;    
    taskbarNotifier1.ReShowOnMouseOver = true;
    taskbarNotifier1.Show("NetSpy", RemoteUserName + 
      "\n Is Now Accessing Your System ", Int32.Parse(t1), 
      Int32.Parse(t2), Int32.Parse(t3));
}

Reference

I have used code from this CodeProject article for the taskbar notification module: TaskBar Notification.

Points of interest

This is a tool which can make your system secure! The code is available so you can customize it in your own way.

Future target

  1. Log file to store log records.
  2. This feature is now added to this tool, please check the latest code. The user should able to save records in a text file.

  3. Clear log history.
  4. Some Advanced settings for monitoring users.

History

  • NetSpy version 1.1: Released 02/01/2008. Bugs fixed and logging feature added.
  • NetSpy version 1.0: Released 15/01/2008.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

Abhijit Jana
Technical Lead
India India
.NET Consultant | Former Microsoft MVP - ASP.NET | CodeProject MVP, Mentor, Insiders| Technology Evangelist | Author | Speaker | Geek | Blogger | Husband
 
Blog : http://abhijitjana.net
Web Site : http://dailydotnettips.com
Twitter : @AbhijitJana
My Kinect Book : Kinect for Windows SDK Programming Guide
Follow on   Twitter

Comments and Discussions

 
Questionis It possible to see from which ip is changing files? Pinmemberyuyanfeng19-Mar-13 0:17 
GeneralMy vote of 5 Pinmemberyuyanfeng19-Mar-13 0:13 
QuestionWondiering if obtaining user for delete yet? Pinmemberdaveofgv10-Sep-11 17:36 
GeneralMy vote of 5 PinmemberXmen W.K.21-May-11 3:05 
QuestionHow to obtain the username and the domain/IP details Pinmemberpclearn19-May-11 5:55 
QuestionHow to track creation/updation/deletion of files by the users PinmemberRameshwerE14-Feb-10 23:46 
AnswerRe: How to track creation/updation/deletion of files by the users PinmvpAbhijit Jana15-Feb-10 16:25 
GeneralRe: How to track creation/updation/deletion of files by the users PinmemberRameshwerE15-Feb-10 19:14 
GeneralRe: How to track creation/updation/deletion of files by the users PinmvpAbhijit Jana9-Apr-10 21:51 
GeneralAbout Folder Monitor Pinmembertopcatzhao197821-Oct-09 19:14 
GeneralRe: About Folder Monitor PinmvpAbhijit Jana15-Feb-10 16:27 
Generalit crashes on my system... Pinmembermarc ochsenmeier31-Jul-09 3:45 
Hi,
 
just to mention that I tried it...but it crashes on my system (Windows Vista Ultimate) whenever a connection takes place. Frown | :(
 
Bests,
Marc
GeneralRe: it crashes on my system... PinmvpAbhijit Jana26-Sep-09 9:34 
GeneralNice Tool PinmemberBrij24-Dec-08 2:12 
GeneralRe: Nice Tool PinmemberAbhijit Jana24-Dec-08 4:45 
GeneralCool work PinmemberDr.Luiji18-Dec-08 11:07 
GeneralRe: Cool work PinmemberAbhijit Jana18-Dec-08 18:30 
GeneralNew Features PinmemberCosby4-Nov-08 21:21 
GeneralRe: New Features PinmemberAbhijit Jana24-Nov-08 20:44 
QuestionFolder Watcher Pinmemberlambertlbz31-Jul-08 0:04 
AnswerRe: Folder Watcher PinmemberAbhijit Jana1-Aug-08 5:26 
QuestionRe: Folder Watcher Pinmemberlambertlbz12-Aug-08 17:24 
AnswerRe: Folder Watcher PinmemberAbhijit Jana16-Aug-08 0:28 
GeneralPost Mortem Debugging PinmemberRobinBlood4-Jul-08 23:59 
GeneralRe: Post Mortem Debugging PinmemberAbhijit Jana5-Jul-08 0:51 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140415.2 | Last Updated 16 Feb 2008
Article Copyright 2008 by Abhijit Jana
Everything else Copyright © CodeProject, 1999-2014
Terms of Use
Layout: fixed | fluid