TCP/UDP Port Sniffing
Blitz3D Forums/Blitz3D Programming/TCP/UDP Port Sniffing
| ||
I've been asked to write a port sniffer to monitor communications on a friends web server and i've just spent the last few hours (feels like years) trawling through the MSDN knowledge base looking for a Windows .dll and function name which may help me. I need to make the program monitor a specified TCP/UDP port and report all activity, the snag though is that my client cannot establish it's own connection - it must just monitor the traffic without removing it from the message que. Does anybody know how this might be done please? xxx |
| ||
Aren't those sniffers (snort & co) opensource, or at least some of them? I'd probably check this at astalavista or something. |
| ||
Couldn't it just grab the messages, check'em and send them on to the webserver? Real sniffing requires you to write a fake network driver so all messages goes through it. |
| ||
Blast, I dont think I can do it. I had hoped there was a way to read the data silently like you can with keyboard and mouse clicks, so I could read off the network buffer but not actually remove the data :( |
| ||
What about writing a proxy? data goes in that port and the goes out on another? |
| ||
my favorite is ethereal I use it every other day at work. Mainly for finding the source of noise on networks which usually turn out to be printers that don't have the apple talk and ipx turned off http://www.ethereal.com/ you'll need this also for ethereal and if you want to write your own capture app. http://www.winpcap.org/ |
| ||
now this is what im talking about! Wow! |
| ||
Thank you Ice9 that winpcap certainly does look very interesting indeed, i'll get to work on it as soon as i'm back (i'm going away for the weekend). |