Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Intercepting Network Packets

Posted on 2001-07-12
19
Medium Priority
?
701 Views
Last Modified: 2010-04-04
I need to write a programme that 'filters' all data that goes through ports of a machine.

In Linux, I could achieve it by doing

int sock = socket(PF_PACKET, SOCK_RAW, htons(0x0003));

that way, I will be able to read any data that comes in from any port by just doing a

byte_recv = recv(sock, buf, 10000, 0);

However, doing it in Windows, I get an error "Protocol not supported"

Are there any other ways to do it? Surely there will be, otherwise firewalls programmes cannot be written, no?

Please advise.



Thanks,
DragonSlayer.
0
Comment
Question by:DragonSlayer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
  • +5
19 Comments
 
LVL 9

Expert Comment

by:ITugay
ID: 6276440
Hi DragonSlayer,

take a look at this:

http://www.distinct.com/vit32/control.firewall.htm

I hope you liked it.

-----
Igor
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6276575
Thanks for the quick reply, Igor.

Actually the link you sent to me is for data to go through firewall, what I want is something like this:
http://www.distinct.com/monitor/monitor.htm

But the problem is
i. It doesn't support win2k
ii. I prefer native VCL stuff where possible... have had some bad experience with ActiveX before :)

Thanks again.


DragonSlayer.
0
 
LVL 3

Accepted Solution

by:
smurff earned 1200 total points
ID: 6276669
you need to install a pcket driver first. I dont have any source but look at eeye.com and search for NMapNT, there is a packet driver to install there.
regards
Smurff
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 14

Author Comment

by:DragonSlayer
ID: 6277063
Thanks Smurff... it seems promising... will check it out later. Time to zzz now :)
0
 
LVL 1

Expert Comment

by:drnadeem
ID: 6277356
listening
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 6277988
Some nice stuff here:

http://www.claessens16.yucom.be/
0
 
LVL 5

Expert Comment

by:Gwena
ID: 6278925
listening :-)
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6279195
Epsylon,

Already checked out that site before I posted this Q :)

However, the Delphi Packet Sniffer doesn't work in Win2K/NT :(
0
 
LVL 3

Expert Comment

by:vladh
ID: 6280368
listening...
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6282638
SOCK_RAW is supported only in Win2K, you'll need to open the socket with something like this...

    fSocket := WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, Nil, 0, WSA_FLAG_OVERLAPPED);

l8knight

btw: You also need to use winsock 2.0, you can find a header translation at delphi-jedi.
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6284372
l8knight, I need a solution that works in all win9x/nt/2k systems...

Smurff, any more help from you?

Thanks.
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6284391
I think that your best solution would be to use WinPcap available from http://netgroup-serv.polito.it/winpcap/ 

regards

l8knight

BTW: There are a couple of delphi header translations available for this library. I don't have the links on hand but I can find them if you need.
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6284714
l8knight, I already have WinPCap (thanks to the link from nmapnt)... yes, I'd appreciate it if you could get me the headers... I tried the NiteLogger site, but the link to the source code is invalid :(
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6284844
http://owns.sourceforge.net/ is the homepage but again the link to the source is missing :( but apparently it is available via sourceforge's CVS.

hope this helps

l8knight
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285146
Hi
you error was "However, doing it in Windows, I get an error "Protocol not supported"
" did you still get that error after installing a packet driver for NT ?
regards
Smurff
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285196
Ive managed to get that code working and on NT.
Did anyone else get it?

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls,Zniffer, ExtCtrls;

type
  TForm1 = class(TForm)
    Panel1: TPanel;
    Button1: TButton;
    ComboBox1: TComboBox;
    Memo1: TMemo;
    procedure FormCreate(Sender: TObject);
    procedure ComboBox1Change(Sender: TObject);
  private
    { Private declarations }
    FZniffer : TZniffer;
    procedure ReadPacket(Data:pointer;recvbytes:Word);
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.DFM}

procedure TForm1.FormCreate(Sender: TObject);
begin
 Fzniffer := TZniffer.create;
 Fzniffer.OnPacket := ReadPacket;
 Combobox1.Items.assign(Fzniffer.Adapters);
 Combobox1.text:='< SELECT ADAPTER >';

end;

procedure TForm1.ComboBox1Change(Sender: TObject);
var E:string;
begin
  if Fzniffer.Snooping then
    if not Fzniffer.Deactivate(E) then  raise Exception.create(e);
  Fzniffer.AdapterIndex := COmbobox1.ItemIndex;
  if not Fzniffer.Activate(e) then raise Exception.create(e);
end;

procedure TForm1.ReadPacket(Data: pointer; recvbytes: Word);
begin
  memo1.Lines.add('Packet snooped. Bytes: '+inttostr(recvbytes) );
end;

end.

regards
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6285545
OK Fair enough... smurff, you get the points :)

l8knight, I'll award you 100 for you efforts.

Thanks to both of you! (Although there are still many things left unsolved, but that is for another Q! hehehe)



DragonSlayer.
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285566
DragonSlayer,

Thanks, Your question has got me interested in this again. Im working on TCP network anal program. If I get any futher I`ll give you an email with the examples. Same as, if you get anywhere, let me know. Ive been looking through the API doc for the packet.dll and you can actually display the packet info as it arrives on the NIC. Im also a MCP with TCP so if you have any questions let me know.
My email is
Dannykellett@hotmail.com


cheers again,
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6285605
And mine is chee_meng@hotmail.com

(Hmm... since when did everyone become fans of hotmal? hehehe)

Oh Smurff, I'm actually working on some stuff regarding Mobile IP systems, and the reason I need all the packet headers is so that I could 'catch' the 'agent advertisements' and send the packet to the correct machine even though the machine's IP has changed.

Will keep you posted.

But this is actually just a 'hobby-project' of mine. And I only get to do it when I'm not overloaded with work :(


DragonSlayer.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question