Snooping on winsock calls

I want to intercept another application's calls to various winsock functions.  Specifically I want to know what is being communicated between the client and server.  So ideally I'd like to be able to see the parameters to the send and receive functions for a given application.  It is important to note I did not write the application I want to snoop on.  It is a win32 program.  But I need to learn how it communicates so my app can be compatible.  I have no idea how to do this.  Any ideas?

A program able to do this would be just as helpful.  but so far the only program I can find to do this is TracePlus95.  I do not have a spare $150.
LukeSkywalkerAsked:
Who is Participating?
 
tflaiConnect With a Mentor Commented:
There are several ways that can be done to intersect TCP/UDP communication:
1.  DLL replacement on WINSOCK32.DLL.  Easy but may not be a safe way to do it:  http://www.macam98.ac.il/vmis/wspy.htm
2.  DLL injection technique using Win32 Debugger mechanism.  Take a look at the product provided at:  http://www.win-tech.com/toolkit.htm
3.  Hook MSTCP at VxD level using TDI-client interface.  There is an example provided in VToolsD called HOOKTDI:  http://www.vireo.com
4.  Write a network snooper using a promiscuous NDIS protocol driver that binds to all the adapters.  Difficult as you have to filter out all the different packet headers, DIX, 802.3, etc.
0
All Courses

From novice to tech pro — start learning today.