Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 453
  • Last Modified:

Tcp/Ip Sockets (Sniffer program?)

In trying to create my own mail programs, I have discovered that a nice tcp/ip packet sniffer would be a great tool.  These tools are readily available in the Unix world, but I have yet to find one for Windows. Does anyone know of any good packet sniffers for Windows, and if they do not exist, would anyone like to work with me on making one?

Even one that could only log client message sends would be better than nothing.  I have two approaches in mind
1) Create a socket that will listen on a port and log all sends and receives to that port (IDEAL SOLUTION)
or
2) Create my own 'fake' winsock.dll (or whatever is used to send packets) that will log the messages and the pass these messages to the real winsock.dll.  This approach will allow me to at least see my client message sends.

Any help would be greatly appreciated.

-Sean
email@partyinfo.com
0
veelin
Asked:
veelin
1 Solution
 
mnguyen021997Commented:
if you work for a company that uses sms then get the network monitor program that is included with the package.  its really very good.
0
 
veelinAuthor Commented:
What is SMS?  
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
alamoCommented:
I am not certain if thi meets your definition of a packet-sniffer, but Socket Spy 32 at http://www.win-tech.com/ uses the Win32 debugger APIs to run your app and then hook the Winsock calls, so it can then display and/or log the calls and the data . It's not free ($60) but there's a time-limited demo there so you can get the idea.
0
 
deesseCommented:
go here:

http://users.neca.com/vmis/wspy.htm

I'll make my own wrapping of winsock started from this source
and it's work very well, I spy anything from Winsock, email, ftp
, browser etc....

So have fun....
0
 
veelinAuthor Commented:
Deese,

I was able to compile and link my wspy dll. Now, I am supposed to replace the original wsock32.dll with this phony one.  I understand the concept here, but I am not sure what to do next.  When socket calls are made against the phony wsock32.dll, how do I get a log of those calls?  

Thanks for any help

0
 
veelinAuthor Commented:
Deese,

Currently, what happens is a file c:\z.txt is created.  It looks like it starts to log commands (ie: WSTARTUP,etc), but then my application freezes and it doesn't continue.

The problem is also I want to see the exact message that is being sent, not just the basic commands (WSTARTUP, getHostByName, etc).  Is there a way to do this?

Thanks.
0
 
deesseCommented:
OK Veelin,
Of course this is just an exemple, you can spy any function you
want in this dll, here the code source we talk about make a log
file to almost every function call, but if you want to do more, I hope you know how, if you're a programmer, just look at those functions you will see alomost each of theme got some parameters, so trap them and you will see what the user send to the DLL, here an example of what I do.

I code few line in the function inet_addr( const char FAR * cp)
here the code...

unsigned long PASCAL inet_addr( const char FAR * cp )
{
  sprtinf(aa, "inet_addr = %s", cp);
  . // here i do what I want whit that
  . // just imagination.
  .
  a=GetProcess(i, "inet_addr");
  etc....
}

Ok from here you can do this for all function you want
if you don't know which function to spy, keep a regular
tracing log for all function and simulate the action like
browsing on the net, by know you will have a log file "here
call z.txt", just look which function I'he been call, and trap
them look the parameters and do what you want store it in a   flat file, database, local or over the network, imagine what you can do, everything you want to do you can.

If you can't read this, it's maybe your programming skill is to
low, take experience first it's often a good idea, specially whit
tcp-ip and winsock.

Have fun whit that, me i have, not you. :)
but be carefull...
0
 
veelinAuthor Commented:
Deese,

I know enough C/C++ to change the file to log correctly.  The problem is that the new DLL doesn't work.  For example, I am testing to see what Netscape Mail does when it establishes a connection, etc.  I see some of the function calls that are logged into the
'z.txt' file, but then mail does not work.

I think that is why I am having problems.  My yyy.dll is not a fully working Wsock32.dll.  I can't seem to telnet or ftp or anything with the 'yyy.dll'.

Is there anyway you could send me your yyy.c file so I can see I can see some ofthe things you did?

My email is email@partyinfo.com
my icq 377384

I will give you full points for this question once I can get simple logging to work.

Thanks for all your help.
0
 
veelinAuthor Commented:
Deese,

I know enough C/C++ to change the file to log correctly.  The problem is that the new DLL doesn't work.  For example, I am testing to see what Netscape Mail does when it establishes a connection, etc.  I see some of the function calls that are logged into the
'z.txt' file, but then mail does not work.

I think that is why I am having problems.  My yyy.dll is not a fully working Wsock32.dll.  I can't seem to telnet or ftp or anything with the 'yyy.dll'.

Is there anyway you could send me your yyy.c file so I can see I can see some ofthe things you did?

My email is email@partyinfo.com
my icq 377384

I will give you full points for this question once I can get simple logging to work.

Thanks for all your help.
0
 
deesseCommented:
Ok i'll send to you my own file, tomorrow nofault,
cause I got to clean some private stuff in it... :)

The file you test doesn't have all function in it, like
I told you, is juist a starting point to begin to wright way, so that's what I mean you need to work a little bit to finish all interface in it to work whit all software, that's why it doesn't work for your case, so the file I will send you got all interface
finish.

At tomorrow, so be patient, it's comming... :)


0
 
veelinAuthor Commented:
Deese,

Great, thanks a lot.  Please send the file to
email@partyinfo.com.

I will give you all my points if it works. =)

-Sean
0
 
deesseCommented:
The file is on the way, deesse.
0
 
veelinAuthor Commented:
Deese,

The file you sent me, I made a new project, included that file, the wsock32.lib, and the yyy.def file.  It compiled fine, but when I replace the wsock32.dll with this one, I do not get a z.txt file written and my mail/netscape/etc does not work.

I used Microsoft Visual C++ 5.0 and I am running on Win 95.  Did you try recompiling and seeing if the .dll that is created actually works?   I get socket errors when I use that .dll.

Thanks again for any help.  (Maybe you could compile on your system and then send me the .dll?).

-Sean
0
 
deesseCommented:
Ok Sean, Netsacpe doesn't use wsosk32.dll, it use ws2_32.dll, so
the interface has been change that's why it odesn't work whit you
but you can test the proxy techniques whit IExplorer and for mail Outlook Express, I know in advance hat you gone think, Why..
Because ws2_32.dll do almost the same service, but design for new app. Conclusion you should work a little bit on that.

Make a wrap over this dll, It's a long way but that's gone work, I begin my self to wrap it, and believe me it's long to do, so
gohead, time to works a little bit....

see you
Sylvain...
0
 
veelinAuthor Commented:
Deese,

Ahh, I see, how wonder my netscape mail and stuff didn't work.  I am assuming basic FTP and telnet should work then?  I will try to get that working (I hope that uses wsock32.dll).

Thanks for all your help.

-Sean
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now