[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.dotnet.framework.sdk

Monitoring TCP/IP traffic

Eugene Lerner

11/12/2003 2:35:00 PM

I need to write a program that will monitor (and log) all
packets sent between two devices (one is Windows XP
workstation and another is a third party unit)
communicating via TCP/IP interface.

Please advice where I can find any info as to how to get
started.

Thank you.
Eugene
3 Answers

Derek Slager

11/12/2003 8:17:00 PM

0

On Wed, 12 Nov 2003 06:35:08 -0800, Eugene Lerner wrote:

> I need to write a program that will monitor (and log) all packets sent
> between two devices (one is Windows XP workstation and another is a
> third party unit) communicating via TCP/IP interface.
>
> Please advice where I can find any info as to how to get started.

Try searching for libpcap (nix) or WinPcap (w32), a library for network
traffic analysis. There are already tools built on these libraries to do
what you need, and many include sophisticated protocol analysis, etc.
Ethereal comes to mind.

Good luck,

-Derek

Google_Post

11/13/2003 8:56:00 AM

0

Derek Slager <derek@activate.net> wrote in message news:<pan.2003.11.12.20.16.44.830895@activate.net>...
> On Wed, 12 Nov 2003 06:35:08 -0800, Eugene Lerner wrote:
>
> > I need to write a program that will monitor (and log) all packets sent
> > between two devices (one is Windows XP workstation and another is a
> > third party unit) communicating via TCP/IP interface.
> >
> > Please advice where I can find any info as to how to get started.
>
> Try searching for libpcap (nix) or WinPcap (w32), a library for network
> traffic analysis. There are already tools built on these libraries to do
> what you need, and many include sophisticated protocol analysis, etc.
> Ethereal comes to mind.
>

Ethereal is what you're looking for.

I studied the Ethereal source code a while back and come up with
the following outline of the ethereal/wincap interaction.


You can find it with this link:
http://www.slink-software.com/W/SrcDoc_Top/ethereal-0.9.15/ethereal-0.9.15...

From the website, everyline in the following topics are
hyperlink to the source code/documents.

ethereal-0.9.15.sdoc
Source Code Roadmap:
WinCap
Ndis
NdisOpenAdapter - Packet.h:309
NdisRegisterProtocol - Packet.c:125
NdisDeregisterProtocol - Packet.c:182
NdisCloseAdapter - Openclos.c:471
NdisSend - Write.c:107
_PACKET - Packet32.h:205
PacketReceivePacket - Packet32.c:768
PacketSetHwFilter - Packet32.c:1305
pcap_sendpacket - pcap-win32.c:337
LPADAPTER - Packet32.h:198
NdisRequestGeneric1 - Request.c:102
DDK - Packet.h:309
_errno - pthread.h:1134
PacketSetHwFilter - Packet32.c:1305
EtherReal Filters
Protocol Tree
proto_tree_add_ipv4_format - README.developer:1413
proto_tree_add_uint_format - README.developer:1420
proto_tree_add_uint - proto.c:1523
dissect_tcp - packet-tcp.c:2117
tcpinfo - packet-tcp.h:56
decode_tcp_ports - packet-tcp.c:2039
dissect_http - packet-http.c:201
dissect_udp - packet-udp.c:137
e_udphdr - packet-udp.h:36
dissect_snmp - packet-snmp.c:2238
SNMP_VERSION_3 - packet-snmp.c:181
dissect_snmp_pdu - packet-snmp.c:1459
dissect_snmp_tcp - packet-snmp.c:2274
dissect_socks - packet-socks.c:956
dissect_smb - packet-smb.c:16272
dissect_smb_logon_cmds - packet-smb-logon.c:788
dissect_smb_logon - packet-smb-logon.c:819
dissect_ssh - packet-ssh.c:208
dissect_ssl - packet-ssl.c:605
dissect_ssl3_alert - packet-ssl.c:518
BGP - packet-bgp.h:30
lan_dvr_node_addr - packet-ncp2222.c:20745
BuildInfo

---------------------------------------------------------------------
About SLink:
---------------------------------------------------------------------
If you like to download and use the SLink program with your own
source code, you can do it too for free.

You need to

1) download the Slink.zip from
http://www.slink-software.com/download...,

2) Use this link to get the free eval license.
http://www.slink-software.com/W/UserReq_Ev...

v-raygon

11/13/2003 11:15:00 AM

0

Hi Eugene:
Thanks Derek and "Google_Post" for their answers.
You might also want to look at Netmon, it is written in VC++. I think
you may want to begin with a sample. Now, here it is:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AF0A6060-...
9F11-EA2C80B8CAA0&displaylang=en
You can find Network Monitor API here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/n...
on/network_monitor.asp

Rhett Gong [MS]
Microsoft Online Partner Support

This posting is provided "AS IS" with no warranties, and confers no rights.
Please reply to newsgroups only. Thanks.