Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Tcp/Ip Sockets (Sniffer program?)

Posted on 1998-06-26
16
425 Views
Last Modified: 2013-12-03
In trying to create my own mail programs, I have discovered that a nice tcp/ip packet sniffer would be a great tool.  These tools are readily available in the Unix world, but I have yet to find one for Windows. Does anyone know of any good packet sniffers for Windows, and if they do not exist, would anyone like to work with me on making one?

Even one that could only log client message sends would be better than nothing.  I have two approaches in mind
1) Create a socket that will listen on a port and log all sends and receives to that port (IDEAL SOLUTION)
or
2) Create my own 'fake' winsock.dll (or whatever is used to send packets) that will log the messages and the pass these messages to the real winsock.dll.  This approach will allow me to at least see my client message sends.

Any help would be greatly appreciated.

-Sean
email@partyinfo.com
0
Comment
Question by:veelin
16 Comments
 
LVL 8

Expert Comment

by:trestan
ID: 1408671
0
 
LVL 2

Expert Comment

by:mnguyen021997
ID: 1408672
if you work for a company that uses sms then get the network monitor program that is included with the package.  its really very good.
0
 

Author Comment

by:veelin
ID: 1408673
What is SMS?  
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 6

Expert Comment

by:alamo
ID: 1408674
I am not certain if thi meets your definition of a packet-sniffer, but Socket Spy 32 at http://www.win-tech.com/ uses the Win32 debugger APIs to run your app and then hook the Winsock calls, so it can then display and/or log the calls and the data . It's not free ($60) but there's a time-limited demo there so you can get the idea.
0
 
LVL 1

Expert Comment

by:deesse
ID: 1408675
go here:

http://users.neca.com/vmis/wspy.htm

I'll make my own wrapping of winsock started from this source
and it's work very well, I spy anything from Winsock, email, ftp
, browser etc....

So have fun....
0
 

Author Comment

by:veelin
ID: 1408676
Deese,

I was able to compile and link my wspy dll. Now, I am supposed to replace the original wsock32.dll with this phony one.  I understand the concept here, but I am not sure what to do next.  When socket calls are made against the phony wsock32.dll, how do I get a log of those calls?  

Thanks for any help

0
 

Author Comment

by:veelin
ID: 1408677
Deese,

Currently, what happens is a file c:\z.txt is created.  It looks like it starts to log commands (ie: WSTARTUP,etc), but then my application freezes and it doesn't continue.

The problem is also I want to see the exact message that is being sent, not just the basic commands (WSTARTUP, getHostByName, etc).  Is there a way to do this?

Thanks.
0
 
LVL 1

Expert Comment

by:deesse
ID: 1408678
OK Veelin,
Of course this is just an exemple, you can spy any function you
want in this dll, here the code source we talk about make a log
file to almost every function call, but if you want to do more, I hope you know how, if you're a programmer, just look at those functions you will see alomost each of theme got some parameters, so trap them and you will see what the user send to the DLL, here an example of what I do.

I code few line in the function inet_addr( const char FAR * cp)
here the code...

unsigned long PASCAL inet_addr( const char FAR * cp )
{
  sprtinf(aa, "inet_addr = %s", cp);
  . // here i do what I want whit that
  . // just imagination.
  .
  a=GetProcess(i, "inet_addr");
  etc....
}

Ok from here you can do this for all function you want
if you don't know which function to spy, keep a regular
tracing log for all function and simulate the action like
browsing on the net, by know you will have a log file "here
call z.txt", just look which function I'he been call, and trap
them look the parameters and do what you want store it in a   flat file, database, local or over the network, imagine what you can do, everything you want to do you can.

If you can't read this, it's maybe your programming skill is to
low, take experience first it's often a good idea, specially whit
tcp-ip and winsock.

Have fun whit that, me i have, not you. :)
but be carefull...
0
 

Author Comment

by:veelin
ID: 1408679
Deese,

I know enough C/C++ to change the file to log correctly.  The problem is that the new DLL doesn't work.  For example, I am testing to see what Netscape Mail does when it establishes a connection, etc.  I see some of the function calls that are logged into the
'z.txt' file, but then mail does not work.

I think that is why I am having problems.  My yyy.dll is not a fully working Wsock32.dll.  I can't seem to telnet or ftp or anything with the 'yyy.dll'.

Is there anyway you could send me your yyy.c file so I can see I can see some ofthe things you did?

My email is email@partyinfo.com
my icq 377384

I will give you full points for this question once I can get simple logging to work.

Thanks for all your help.
0
 

Author Comment

by:veelin
ID: 1408680
Deese,

I know enough C/C++ to change the file to log correctly.  The problem is that the new DLL doesn't work.  For example, I am testing to see what Netscape Mail does when it establishes a connection, etc.  I see some of the function calls that are logged into the
'z.txt' file, but then mail does not work.

I think that is why I am having problems.  My yyy.dll is not a fully working Wsock32.dll.  I can't seem to telnet or ftp or anything with the 'yyy.dll'.

Is there anyway you could send me your yyy.c file so I can see I can see some ofthe things you did?

My email is email@partyinfo.com
my icq 377384

I will give you full points for this question once I can get simple logging to work.

Thanks for all your help.
0
 
LVL 1

Expert Comment

by:deesse
ID: 1408681
Ok i'll send to you my own file, tomorrow nofault,
cause I got to clean some private stuff in it... :)

The file you test doesn't have all function in it, like
I told you, is juist a starting point to begin to wright way, so that's what I mean you need to work a little bit to finish all interface in it to work whit all software, that's why it doesn't work for your case, so the file I will send you got all interface
finish.

At tomorrow, so be patient, it's comming... :)


0
 

Author Comment

by:veelin
ID: 1408682
Deese,

Great, thanks a lot.  Please send the file to
email@partyinfo.com.

I will give you all my points if it works. =)

-Sean
0
 
LVL 1

Expert Comment

by:deesse
ID: 1408683
The file is on the way, deesse.
0
 

Author Comment

by:veelin
ID: 1408684
Deese,

The file you sent me, I made a new project, included that file, the wsock32.lib, and the yyy.def file.  It compiled fine, but when I replace the wsock32.dll with this one, I do not get a z.txt file written and my mail/netscape/etc does not work.

I used Microsoft Visual C++ 5.0 and I am running on Win 95.  Did you try recompiling and seeing if the .dll that is created actually works?   I get socket errors when I use that .dll.

Thanks again for any help.  (Maybe you could compile on your system and then send me the .dll?).

-Sean
0
 
LVL 1

Accepted Solution

by:
deesse earned 150 total points
ID: 1408685
Ok Sean, Netsacpe doesn't use wsosk32.dll, it use ws2_32.dll, so
the interface has been change that's why it odesn't work whit you
but you can test the proxy techniques whit IExplorer and for mail Outlook Express, I know in advance hat you gone think, Why..
Because ws2_32.dll do almost the same service, but design for new app. Conclusion you should work a little bit on that.

Make a wrap over this dll, It's a long way but that's gone work, I begin my self to wrap it, and believe me it's long to do, so
gohead, time to works a little bit....

see you
Sylvain...
0
 

Author Comment

by:veelin
ID: 1408686
Deese,

Ahh, I see, how wonder my netscape mail and stuff didn't work.  I am assuming basic FTP and telnet should work then?  I will try to get that working (I hope that uses wsock32.dll).

Thanks for all your help.

-Sean
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question