Click here to Skip to main content
15,887,302 members
Search within:


Articles / Desktop Programming / MFC
 
Article

Network Sniffer

Rate me:
Please Sign up or sign in to vote.
4.71/5 (28 votes)
19 Jul 2004CPOL 262.8K   14.7K   116   65
Network Sniffer

Sample Image - Sniffer.jpg

Introduction

A "Packet Sniffer" is a utility that sniffs without modifying the network's packets in any way. By comparison, a firewall sees all of a computer's packet traffic as well, but it has the ability to block and drop any packets that its programming dictates. Packet sniffers merely watch, display, and log this traffic.

One disturbingly powerful aspect of packet sniffers is their ability to place the hosting machine's network adapter into "promiscuous mode." Network adapters running in promiscuous mode receive not only the data directed to the machine hosting the sniffing software, but also ALL of the traffic on the physically connected local network.

I hope that this piece of code will help you understand the network better.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Eran Aharonovich
Software Developer
Australia Australia
Been a programmer since 1999.
Experience in:
.Net, C++, C#, VB, VB.NET, ASP, ASP.NET, DLLs, COM etc.

Comments and Discussions

 
FirstPrev Next
AnswerRe: Neat tool, now how does it work? Pin
Eran Aharonovich21-Aug-04 7:44
Eran Aharonovich21-Aug-04 7:44 
AnswerRe: Neat tool, now how does it work? Pin
Eran Aharonovich5-Jul-06 8:44
Eran Aharonovich5-Jul-06 8:44 
GeneralSwitch Pin
bishbosh0221-Jul-04 2:32
bishbosh0221-Jul-04 2:32 
GeneralRe: Switch Pin
Eran Aharonovich21-Jul-04 6:53
Eran Aharonovich21-Jul-04 6:53 
GeneralRe: Switch Pin
Michael Hendrickx20-Aug-04 9:54
Michael Hendrickx20-Aug-04 9:54 
GeneralRe: Switch Pin
Eran Aharonovich21-Aug-04 7:40
Eran Aharonovich21-Aug-04 7:40 
GeneralRe: Switch Pin
Michael Hendrickx21-Aug-04 20:38
Michael Hendrickx21-Aug-04 20:38 
GeneralRe: Switch Pin
Msftone14-Jan-05 14:45
Msftone14-Jan-05 14:45 
Passive listening is only as good as the noise makers on the rest of the subnet. Windows machines are actually chatty (vice XPSP2 impacts to that). Secondarily one must usually impose active methods to introduce noice (again an issue that is impacted by XPSP2). There are ways around that also.

#1 is not a good solution for sniffing as you are onlygoing to get what the TCP stack gives you, which in most cases is filtered at a lower level. If you want to build a real p-mode sniffer then you need to build an NDIS miniport or an NDIS protocol driver and pass to user mode. (this is what Win-PCap is based upon as is the Network Monitor frame driver). Both operate independently of the TCP stack thus you get full frames.

Both are fairly straight forward to build, assuming you can spend a little bit of time understanding the basics of a kernel model driver. In both instances the WIndows DDK can help for both bases.
Last Visit: 31-Dec-99 18:00     Last Update: 27-Apr-24 14:58Refreshᐊ Prev123

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 19 Jul 2004

Article Copyright 2004 by Eran Aharonovich
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1