packet sniffing technology

Question

0.00/5 (No votes)

See more:

Hi,

I'm looking for an alternative to windows sockets for network packet sniffing.

Windows sockets is sometimes not reliable (on one of my servers, it only captures incoming packets...)

What I want: A way to sniff packets without any special driver.
WinPcap (or sth. near it) is my last opportunity - I would like to take a driverless solution first.

OS: support for Win2K through to Win7 is needed.
I'm using Borland C++ (please don't ask why) - so I can't use any .NET solution.

Any suggestions?

TIA

Posted 7-Jun-11 22:09pm

hans083

Updated 7-Jun-11 22:13pm

v3

Add a Solution

Comments

Albert Holguin 8-Jun-11 10:37am

I've used windows sockets for streaming and capturing all sorts of data and never had a reliability problem, maybe there's something wrong in your implementation and code.

4 solutions

Solution 1

I do not thing this is possible. The closet solution I can think of, is to use a managed switch that can do port mirroring / replication.

You setup a port in the switch to duplicate all traffic to another port. On this port you have a computer setup with WireShark (using WinPcap). If you do not what to use IP protocol, the remove/disable it on the computer where capturing will happen.

Posted 7-Jun-11 23:02pm

Kim Togo

Solution 2

It would probably be easier to suggest something if we knew what you want it for. Why not simply set up a logging proxy for the program you want to investigate?

Posted 7-Jun-11 23:39pm

Niklas L

Solution 4

The problem is not the Winsock, but the network card: unless placed in promiscuous mode by its driver, doesn't interrupt the OS if the incoming packet has a MAC destination not pertinent to the receiving card.

Without installing a driver that does that setup and takes care to buffer the incoming packets, what you're asking is impossible.

And even if you do so, if your computer is attached to a switched network, it will nor receive (since the network doesn't sent them, unless specifically instructed) packets sent to different destinations.

Posted 8-Jun-11 4:11am

Emilio Garavaglia

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kurt Degiorgio · Accepted Answer · 2011-06-08T00:09:00

If you don't want to use sockets (which as you pointed out are not reliable) you will need a kernel mode solution (i.e a network driver).

get hold of the latest WDK and look at the NDIS API.

supporting bot Pre-vista and Post - vista OS is gonna be a problem since post vista Operating systems make use of NDIS 6 while pre vista will use NDIS 5.

Note: you can run an NDIS 5 drivers on post vista OSs but its not recommended.

if you don't want to develop a driver (which isn't easy) you can use an open source one like winpcap which is used by wireshark