Net Spy: Your Network Spy

• Download demo - 40 KB
• Download source code - 531 KB

Description

This is a small Windows based tool which will continuously monitor your shared folders in a network. It will show a popup message whenever a user in the network accesses your system. You can also get information about user systems and a log will be generated that shows which folder the user accessed, which files have been changed, deleted, created, etc. Here is the feature list:

1. Displays all of your shared folders in a grid view.
2. Popup indication when a user accesses your system.
3. List of folders accessed by a user.
4. Name of folders and files that were changed, created, deleted, or renamed by users.
5. Detailed information of remote user systems.
6. NotifyIcon on system tray.
7. Saves logged details to a text file.

Screen flash

Design and process flow

SpyNet will run on a standalone system in the network. When a user accesses the system it will show a popup message that “User A” is accessing your system. This tool contains a datagrid to store the information of the user, our own system information, and it will keep track of all file changing information of the user. The user can log all the details in a text file also.

Detailed description

This tool has four main sections:

1. Shared Folder
2. Current Session
3. Accessed Folder
4. Folder watcher

The folder watcher has the following sections:

1. Created
2. Deleted
3. Renamed
4. Changed

1. Shared Folder

In the main screen, the user should be able to get a list of all shared folders of your system. You should be able to see shared folder name, path, description, and status. When a user accesses a folder, automatically the folder watch starts and will log the changes. [Avoid setting your system folders as a shared folder because there are many changes happening by default in them so it will keep tracking all of them and this may cause some Exceptions.]

2. Current Session

The Current Session tab will display who is accessing your system right now and the total access time, ideal time, remote user IP, and the OS name. If a single user accesses twice (by giving your IP address), it will create two different entries for that.

While a new user accesses your system, you will get a popup alert on that.

This is the indication to you that a new user is now accessing your system. You can change the “Refresh Speed” from setting. And you can also disable the popup notification from the Settings menu.

3. Accessed Folder

This is the list of folders that are accessed by the user. If the user accesses any of your shared folders, a log will be generated. You can see it from the “Accessed Folder” tab.

4. Folder Watcher

This is one of the main sections of the SpyNet tool. This section itself contains four subsections that keep track of each and every file and folder change, delete, rename, and create.

These sections are:

a. Created

This will give you the details of the created files information, the new files being created by the remote user with proper file path and date time.

b. Deleted

This will keep track of deleted files by the remote user. What files from the user shared folder were deleted by any of the remote users will be recorded by SpyNet.

c. Renamed

A file rename file list is recorded by SpyNet. It will keep track of files' old names and and new names and also date and time of change.

d. Changed

If any file has been changed by a remote user, it will keep track of that file, and what file is changed with date and time.

When SpyNet is running in your system, you can check it from your system tray. A notify icon should be there and you can close and restore the application from there.

Save log to text file

Whatever changes are traced by SpyNet to your shared folder, you can save it all to a log file in .txt format for future use.

Technical description

This tool was using C# as a Windows based application. I used WMI (Windows Management Instrumentation) and MQL (Management Query Language) for retrieving system information.

Main file: System.management.dll.

Code for reading all shared folders in a systems:

private void Read_Shared_Folder()
{
    int cnt = 0;
    try
    {
       // MQL for Shaer Information
        ManagementObjectSearcher searcher =
            new ManagementObjectSearcher("root\\CIMV2","SELECT * FROM Win32_Share");

        foreach (ManagementObject queryObj in searcher.Get())
        {
            RDirPath = queryObj["Path"].ToString();
            if (!RDirPath.Equals("") || RDirPath.Equals("IPC$") || 
                RDirPath.Equals("ADMIN$") )
            {
                File_Watcher(RDirPath);
            }
            load_Shared_Item(cnt, queryObj["Name"].ToString(), 
                 queryObj["Path"].ToString(), 
                 queryObj["Description"].ToString(), 
                 queryObj["Status"].ToString() );
            cnt=cnt+1;

        }
    }
    catch (ManagementException e)
    {
        MessageBox.Show("An error occurred while " + 
           "querying for WMI data: " + e.Message);
    }
}

Read user name for current session:

private  void Read_Current_Session()
{
    int counter = 0;
    int ActiveTime;
    int itime;
    string sharename;
    try
    {
        ManagementObjectSearcher searcher =
           new ManagementObjectSearcher("root\\CIMV2",
           "SELECT * FROM Win32_ServerConnection");
        ManagementObjectSearcher searcher2 =
           new ManagementObjectSearcher("root\\CIMV2",
           "SELECT * FROM Win32_ServerSession"); 
        // Read the object 
        foreach (ManagementObject ServerQobj in searcher2.Get())
        {
            RemoteOS = ServerQobj["ClientType"].ToString();
            IDealTime = ServerQobj["IdleTime"].ToString();
            itime = Int32.Parse(IDealTime) / 60;
            IDealTime = itime.ToString();
        }

        foreach (ManagementObject queryObj in searcher.Get())
        {
            RemoteIPAddress = queryObj["ComputerName"].ToString();
            RemoteUserName = queryObj["UserName"].ToString();
            RemoteActiveTime = queryObj["ActiveTime"].ToString();
            ActiveTime = (Int32.Parse(RemoteActiveTime)) / 60;
            RemoteActiveTime = ActiveTime.ToString();
            sharename = queryObj["ShareName"].ToString();
            if (!sharename.Equals("IPC$"))
            {
                Load_Current_Session(counter, RemoteIPAddress, 
                   RemoteUserName, RemoteActiveTime,IDealTime,RemoteOS);
                load_Access_folder(counter, RemoteUserName, sharename);
                counter += 1;
            }
        }
    }
    catch (ManagementException e)
    {
        MessageBox.Show("An error occurred while " + 
           "querying for WMI data: " + e.Message);
    }
}

Using file watcher to watch shared files and folders:

private void File_Watcher(string sFolderPath)
{
        FileSystemWatcher mywatcher = new FileSystemWatcher(sFolderPath);           
        mywatcher.Filter = "";
        mywatcher.NotifyFilter = NotifyFilters.CreationTime | 
           NotifyFilters.DirectoryName | NotifyFilters.FileName |  
           NotifyFilters.LastAccess ;
        mywatcher.EnableRaisingEvents = true;
        mywatcher.IncludeSubdirectories = true;
        mywatcher.Created += new FileSystemEventHandler(mywatcher_created);
        mywatcher.Deleted += new FileSystemEventHandler(mywatcher_deleted);
        mywatcher.Changed += new FileSystemEventHandler(mywatcher_changed);
        mywatcher.Renamed += new RenamedEventHandler(mywatcher_renamed);
        mywatcher_List[iWatcherCount] = mywatcher;
        iWatcherCount++;
}

Code file created information:

protected void mywatcher_created(object sender,FileSystemEventArgs  e)
{
   CheckForIllegalCrossThreadCalls = false;
   DateTime current = DateTime.Now;
   lstCreate.Items.Add(e.FullPath.ToString() );
   lstCreate.Items[cCount].SubItems.Add(current.ToShortDateString());
   lstCreate.Items[cCount].SubItems.Add(current.ToShortTimeString());
   cCount += 1;
}

Code for taskbar initialization:

private void TaskBar_Initilization()
 {
     taskbarNotifier1.SetBackgroundBitmap("Skin.bmp", Color.FromArgb(255, 0, 255));
               taskbarNotifier1.SetCloseBitmap("close.bmp", 
               Color.FromArgb(255, 0, 255), new Point(127, 8));
    taskbarNotifier1.TitleRectangle = new Rectangle(40, 9, 70, 25);
    taskbarNotifier1.ContentRectangle = new Rectangle(8, 41, 133, 68);
    taskbarNotifier1.TitleClick += new EventHandler(TitleClick);
    taskbarNotifier1.ContentClick += new EventHandler(ContentClick);
    taskbarNotifier1.CloseClick += new EventHandler(CloseClick);
}

Code for showing a popup:

void Show_popUP()
{
    string t1 = "500";
    string t2 = "3000";
    string t3 = "500";
    taskbarNotifier1.CloseClickable = true;
    taskbarNotifier1.TitleClickable = false;
    taskbarNotifier1.ContentClickable = true;
    taskbarNotifier1.EnableSelectionRectangle = true;
    taskbarNotifier1.KeepVisibleOnMousOver = true;    
    taskbarNotifier1.ReShowOnMouseOver = true;
    taskbarNotifier1.Show("NetSpy", RemoteUserName + 
      "\n Is Now Accessing Your System ", Int32.Parse(t1), 
      Int32.Parse(t2), Int32.Parse(t3));
}

Reference

I have used code from this CodeProject article for the taskbar notification module: TaskBar Notification.

Points of interest

This is a tool which can make your system secure! The code is available so you can customize it in your own way.

Future target

1. Log file to store log records.

This feature is now added to this tool, please check the latest code. The user should able to save records in a text file.

2. Clear log history.
3. Some Advanced settings for monitoring users.

History

• NetSpy version 1.1: Released 02/01/2008. Bugs fixed and logging feature added.
• NetSpy version 1.0: Released 15/01/2008.