|
i wan to create my own packet capture system..can anyone help me??
|
|
|
|
|
Thanks for your Help in Packet Sniffing.
But when I was tring to catch 'ARP Packet', it was not capturing it. So what should do for it? Please help me.
|
|
|
|
|
This is very good article to study, I always wondered how to do that.
What I still would like to learn and havn't found is an app that can read other apps memory.
for example let's say I play a game and would like to monitor buffers inside it (say i seek the memory which holds the amount of lives left).
I did seen applications (without source code) that allow you to get to it by the following method:
1. you have 3 lives
- you go to the scanning app and mark the process you wish to monitor.
- you set a command to scan memory.
2. you continue playing and die. now you have -1 lives.
- you go to the scanning app and rescan for changes.
repeat step 2 until the scan result narrows to the exact location, then you can change it to whatever you like.
It's relevant to your article if by sniffing other apps - we should not just focus on communications.
Anyway thanx for the great example which I going to study very deep.
|
|
|
|
|
Hi great class, I only have a problem, when I try to use it anywhere other than the
main application form, the application locks up. I tried inheriting from Windows.Form
but that didn't fix it. Can someone help me find the steps needed for this?
|
|
|
|
|
|
Here is the example code fix for exchanging data from thread with interface thread:
private delegate void DataArrivalDelegate(Object sender, RawSocket.PacketArrivedEventArgs e);
private void DataArrival(Object sender, RawSocket.PacketArrivedEventArgs e)
{
if (this.InvokeRequired)
{
this.BeginInvoke(new DataArrivalDelegate(DataArrival), new object[] { sender, e });
return;
}
listBox1.Items.Add(e.OriginationAddress + " \t " + e.DestinationAddress );
}
|
|
|
|
|
Please could anybody tell me (write exact example) how to call WSAIoctl API function? Thank you.
B.
|
|
|
|
|
Can someone provide a sample of how to change the destination address of the packets and sending them back out on the wire?.
|
|
|
|
|
What is meant here by event fires??Has anyone used this to write a packet sniffer in which message are also displayed
When the event fires, you are sent event arguments which give your program access to everything in the IP packet including things like IP addresses, port numbers, protocols, message lengths, and of course the message contents.
|
|
|
|
|
first thanks for this class
i'm using this class in a small ids project and i want more help about the contenents of PacketArrivedEventArgs class to be more specified the proparties
ReceiveBuffer
MessageBuffer
to analys the data
and i'll be more thankfull
|
|
|
|
|
I'm sure many people have asked the same thing, but I need to get the name or id of the process that owns a certain ip port or connection on the machine. There are the undocumented API:s called AllocateAndGetTcpExTableFromStack and AllocateAndGetUdpExTableFromStack but as far as I know, they are only available for WinXP, and my program should run on win2k as well. Not sure if they are available on win2k3, but I guess they are.
So, any idea about how to solve this? Preferably in c# or vb.net.
/I need a signature I guess
|
|
|
|
|
Hi all,
I try to sniff dhcpdiscover on the network.
I can't see any broadcast UDP. I try to modify the programe like this :
socket = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp);
and
socket.SetSocketOption(SocketOptionLevel.Socket,SocketOptionName.Broadcast, 1);
The sniffer see nothing
Can someone help me
thanks for your help
arnaud
|
|
|
|
|
|
Yep,
I use the Microsoft API for dhcp server in W2K3.
It's working very well you can catch and do what you want. 
|
|
|
|
|
actually we're developing a project in which we need to capture TCP flags
we've tried to make similar class StreamSocket, done with small changes to
the RawSocket class, but actually, we can't read the TCP header correct
i just want to check if this is the corect initialization of the socket object
socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
& if the correct socket option is
socket.SetSocketOption(SocketOptionLevel.Tcp, SocketOptionName.HeaderIncluded, 1);
a question: what does the intger value of the third parameter mean ??
& if this is the correct changes in order to read the TCP header, should this read the IP header
followed by the TCP one or what???
anybody can help??
mehro
|
|
|
|
|
Can we change the data after geting it to change the original sent data ? (Spoofing)
|
|
|
|
|
RawSocket Class not run in Windows98,why?
|
|
|
|
|
Because in Windows NT 4, Windows 98 and Windows 95 we can only choose ICMP and IGMP protocols, when we are creating RAW_SOCKET. When we are using other protocols like UDP, TCP, IP we have to include IP_HDRINCLUDE that is available since win2k
Oglodek, Michal
|
|
|
|
|
I am just playing around with this raw socket class and I am trying to figure out how to decode the bytes recieved into Text. Is this possible?
I have been trying to use,
System.Text.Encoding.ASCII.GetString(e.MessageBuffer, 0, (int)e.MessageLength);
but this only gives my junk.
Any ideas?
|
|
|
|
|
I'm having the very same problem. Did you find a solution? In fact I'm in search for a method to capture every URL the user is browsing...
|
|
|
|
|
Not all packet data is ASCII text. In fact, the data's meaning is only useful if you know how to interpret it. For example, each byte of the packet data is 8 bits. How you interpret those 8 bits (signed, unsigned, bitfield, ASCII character, etc.) is a matter of knowing what you are looking at. If you are filtering specific packets (e.g. DNS, DHCP), try looking at the RFCs to detrmine the packet layouts.
In addition, not all bytes are meaningful on their own. Often, a series of bytes in a packet will need to be "reassembled" to form a DWORD (32-bit) or WORD (16-bit) value...
|
|
|
|
|
If it's a TCP type packet, the first 20 bytes of message buffer are the TCP header.
Byte layout follows
0-1 = Source Port
2-3 = Dest port
4-7 = sequence numb.
8-11 = ack numb.
12 = dataoffset ( upper 4 bits only )
13 = flags ( 0x01 = fin , 0x10 = ack, etc etc etc )
14-15 short
16-17 short
18-19 short
Don't recall off the top of my head what the last 3 shorts were for, but just do a google and you'll find a document that describes this in much more detail. This should be enough to at least get your pointed in the correct direction.
|
|
|
|
|
To see examples of decoding see http://www.tamos.com/products/commview/
|
|
|
|
|
Hi,
I was testing this application with a small test I am doing. I have a client/server application using SQL Server 2000 to populate a table in a client.
I use netstat to count the number of packets. Netstat reports 65 packets, when I use this program I get 10 .. and the funny thing is that the number of packets changes, it's not constant.
Any ideas what's going on?
P.S. The client is just a DataReader retrieving data from an SQL Server. Nothing fancy about it.
|
|
|
|
|
How hard would it be to convert or use the RawSocket class to perform network address translation? It seems that I could set the IP binding for receiving to the 'Local Network Address' and then set up a sending IP. Then for each packet coming in to the receiving IP if it is destined for an external subnet, it will forward the packet on to the 'sending IP'.
Does this make sense or have I lost my mind?
David
|
|
|
|