Solved

Tcp/Ip Sockets (Sniffer program?)

Posted on 1998-06-26
16
438 Views
Last Modified: 2013-12-03
In trying to create my own mail programs, I have discovered that a nice tcp/ip packet sniffer would be a great tool.  These tools are readily available in the Unix world, but I have yet to find one for Windows. Does anyone know of any good packet sniffers for Windows, and if they do not exist, would anyone like to work with me on making one?

Even one that could only log client message sends would be better than nothing.  I have two approaches in mind
1) Create a socket that will listen on a port and log all sends and receives to that port (IDEAL SOLUTION)
or
2) Create my own 'fake' winsock.dll (or whatever is used to send packets) that will log the messages and the pass these messages to the real winsock.dll.  This approach will allow me to at least see my client message sends.

Any help would be greatly appreciated.

-Sean
email@partyinfo.com
0
Comment
Question by:veelin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
16 Comments
 
LVL 2

Expert Comment

by:mnguyen021997
ID: 1408672
if you work for a company that uses sms then get the network monitor program that is included with the package.  its really very good.
0
 

Author Comment

by:veelin
ID: 1408673
What is SMS?  
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 6

Expert Comment

by:alamo
ID: 1408674
I am not certain if thi meets your definition of a packet-sniffer, but Socket Spy 32 at http://www.win-tech.com/ uses the Win32 debugger APIs to run your app and then hook the Winsock calls, so it can then display and/or log the calls and the data . It's not free ($60) but there's a time-limited demo there so you can get the idea.
0
 
LVL 1

Expert Comment

by:deesse
ID: 1408675
go here:

http://users.neca.com/vmis/wspy.htm

I'll make my own wrapping of winsock started from this source
and it's work very well, I spy anything from Winsock, email, ftp
, browser etc....

So have fun....
0
 

Author Comment

by:veelin
ID: 1408676
Deese,

I was able to compile and link my wspy dll. Now, I am supposed to replace the original wsock32.dll with this phony one.  I understand the concept here, but I am not sure what to do next.  When socket calls are made against the phony wsock32.dll, how do I get a log of those calls?  

Thanks for any help

0
 

Author Comment

by:veelin
ID: 1408677
Deese,

Currently, what happens is a file c:\z.txt is created.  It looks like it starts to log commands (ie: WSTARTUP,etc), but then my application freezes and it doesn't continue.

The problem is also I want to see the exact message that is being sent, not just the basic commands (WSTARTUP, getHostByName, etc).  Is there a way to do this?

Thanks.
0
 
LVL 1

Expert Comment

by:deesse
ID: 1408678
OK Veelin,
Of course this is just an exemple, you can spy any function you
want in this dll, here the code source we talk about make a log
file to almost every function call, but if you want to do more, I hope you know how, if you're a programmer, just look at those functions you will see alomost each of theme got some parameters, so trap them and you will see what the user send to the DLL, here an example of what I do.

I code few line in the function inet_addr( const char FAR * cp)
here the code...

unsigned long PASCAL inet_addr( const char FAR * cp )
{
  sprtinf(aa, "inet_addr = %s", cp);
  . // here i do what I want whit that
  . // just imagination.
  .
  a=GetProcess(i, "inet_addr");
  etc....
}

Ok from here you can do this for all function you want
if you don't know which function to spy, keep a regular
tracing log for all function and simulate the action like
browsing on the net, by know you will have a log file "here
call z.txt", just look which function I'he been call, and trap
them look the parameters and do what you want store it in a   flat file, database, local or over the network, imagine what you can do, everything you want to do you can.

If you can't read this, it's maybe your programming skill is to
low, take experience first it's often a good idea, specially whit
tcp-ip and winsock.

Have fun whit that, me i have, not you. :)
but be carefull...
0
 

Author Comment

by:veelin
ID: 1408679
Deese,

I know enough C/C++ to change the file to log correctly.  The problem is that the new DLL doesn't work.  For example, I am testing to see what Netscape Mail does when it establishes a connection, etc.  I see some of the function calls that are logged into the
'z.txt' file, but then mail does not work.

I think that is why I am having problems.  My yyy.dll is not a fully working Wsock32.dll.  I can't seem to telnet or ftp or anything with the 'yyy.dll'.

Is there anyway you could send me your yyy.c file so I can see I can see some ofthe things you did?

My email is email@partyinfo.com
my icq 377384

I will give you full points for this question once I can get simple logging to work.

Thanks for all your help.
0
 

Author Comment

by:veelin
ID: 1408680
Deese,

I know enough C/C++ to change the file to log correctly.  The problem is that the new DLL doesn't work.  For example, I am testing to see what Netscape Mail does when it establishes a connection, etc.  I see some of the function calls that are logged into the
'z.txt' file, but then mail does not work.

I think that is why I am having problems.  My yyy.dll is not a fully working Wsock32.dll.  I can't seem to telnet or ftp or anything with the 'yyy.dll'.

Is there anyway you could send me your yyy.c file so I can see I can see some ofthe things you did?

My email is email@partyinfo.com
my icq 377384

I will give you full points for this question once I can get simple logging to work.

Thanks for all your help.
0
 
LVL 1

Expert Comment

by:deesse
ID: 1408681
Ok i'll send to you my own file, tomorrow nofault,
cause I got to clean some private stuff in it... :)

The file you test doesn't have all function in it, like
I told you, is juist a starting point to begin to wright way, so that's what I mean you need to work a little bit to finish all interface in it to work whit all software, that's why it doesn't work for your case, so the file I will send you got all interface
finish.

At tomorrow, so be patient, it's comming... :)


0
 

Author Comment

by:veelin
ID: 1408682
Deese,

Great, thanks a lot.  Please send the file to
email@partyinfo.com.

I will give you all my points if it works. =)

-Sean
0
 
LVL 1

Expert Comment

by:deesse
ID: 1408683
The file is on the way, deesse.
0
 

Author Comment

by:veelin
ID: 1408684
Deese,

The file you sent me, I made a new project, included that file, the wsock32.lib, and the yyy.def file.  It compiled fine, but when I replace the wsock32.dll with this one, I do not get a z.txt file written and my mail/netscape/etc does not work.

I used Microsoft Visual C++ 5.0 and I am running on Win 95.  Did you try recompiling and seeing if the .dll that is created actually works?   I get socket errors when I use that .dll.

Thanks again for any help.  (Maybe you could compile on your system and then send me the .dll?).

-Sean
0
 
LVL 1

Accepted Solution

by:
deesse earned 150 total points
ID: 1408685
Ok Sean, Netsacpe doesn't use wsosk32.dll, it use ws2_32.dll, so
the interface has been change that's why it odesn't work whit you
but you can test the proxy techniques whit IExplorer and for mail Outlook Express, I know in advance hat you gone think, Why..
Because ws2_32.dll do almost the same service, but design for new app. Conclusion you should work a little bit on that.

Make a wrap over this dll, It's a long way but that's gone work, I begin my self to wrap it, and believe me it's long to do, so
gohead, time to works a little bit....

see you
Sylvain...
0
 

Author Comment

by:veelin
ID: 1408686
Deese,

Ahh, I see, how wonder my netscape mail and stuff didn't work.  I am assuming basic FTP and telnet should work then?  I will try to get that working (I hope that uses wsock32.dll).

Thanks for all your help.

-Sean
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to make a Windows 7 gadget that extends its U/I with a flyout panel -- a window that pops out next to the gadget.  The example gadget shows several additional techniques:  How to automatically resize a gadget or flyout panel t…
What my article will show is if you ever had to do processing to a listbox without being able to just select all the items in it. My software Visual Studio 2008 crystal report v11 My issue was I wanted to add crystal report to a form and show…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question