Solved

Snooping on winsock calls

Posted on 1998-04-04
1
326 Views
Last Modified: 2013-12-03
I want to intercept another application's calls to various winsock functions.  Specifically I want to know what is being communicated between the client and server.  So ideally I'd like to be able to see the parameters to the send and receive functions for a given application.  It is important to note I did not write the application I want to snoop on.  It is a win32 program.  But I need to learn how it communicates so my app can be compatible.  I have no idea how to do this.  Any ideas?

A program able to do this would be just as helpful.  but so far the only program I can find to do this is TracePlus95.  I do not have a spare $150.
0
Comment
Question by:LukeSkywalker
1 Comment
 
LVL 4

Accepted Solution

by:
tflai earned 200 total points
ID: 1412536
There are several ways that can be done to intersect TCP/UDP communication:
1.  DLL replacement on WINSOCK32.DLL.  Easy but may not be a safe way to do it:  http://www.macam98.ac.il/vmis/wspy.htm
2.  DLL injection technique using Win32 Debugger mechanism.  Take a look at the product provided at:  http://www.win-tech.com/toolkit.htm
3.  Hook MSTCP at VxD level using TDI-client interface.  There is an example provided in VToolsD called HOOKTDI:  http://www.vireo.com
4.  Write a network snooper using a promiscuous NDIS protocol driver that binds to all the adapters.  Difficult as you have to filter out all the different packet headers, DIX, 802.3, etc.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question