Solved

Intercepting Network Packets

Posted on 2001-07-12
19
655 Views
Last Modified: 2010-04-04
I need to write a programme that 'filters' all data that goes through ports of a machine.

In Linux, I could achieve it by doing

int sock = socket(PF_PACKET, SOCK_RAW, htons(0x0003));

that way, I will be able to read any data that comes in from any port by just doing a

byte_recv = recv(sock, buf, 10000, 0);

However, doing it in Windows, I get an error "Protocol not supported"

Are there any other ways to do it? Surely there will be, otherwise firewalls programmes cannot be written, no?

Please advise.



Thanks,
DragonSlayer.
0
Comment
Question by:DragonSlayer
  • 7
  • 4
  • 3
  • +5
19 Comments
 
LVL 9

Expert Comment

by:ITugay
Comment Utility
Hi DragonSlayer,

take a look at this:

http://www.distinct.com/vit32/control.firewall.htm

I hope you liked it.

-----
Igor
0
 
LVL 14

Author Comment

by:DragonSlayer
Comment Utility
Thanks for the quick reply, Igor.

Actually the link you sent to me is for data to go through firewall, what I want is something like this:
http://www.distinct.com/monitor/monitor.htm

But the problem is
i. It doesn't support win2k
ii. I prefer native VCL stuff where possible... have had some bad experience with ActiveX before :)

Thanks again.


DragonSlayer.
0
 
LVL 3

Accepted Solution

by:
smurff earned 300 total points
Comment Utility
you need to install a pcket driver first. I dont have any source but look at eeye.com and search for NMapNT, there is a packet driver to install there.
regards
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
Comment Utility
Thanks Smurff... it seems promising... will check it out later. Time to zzz now :)
0
 
LVL 1

Expert Comment

by:drnadeem
Comment Utility
listening
0
 
LVL 13

Expert Comment

by:Epsylon
Comment Utility
Some nice stuff here:

http://www.claessens16.yucom.be/
0
 
LVL 5

Expert Comment

by:Gwena
Comment Utility
listening :-)
0
 
LVL 14

Author Comment

by:DragonSlayer
Comment Utility
Epsylon,

Already checked out that site before I posted this Q :)

However, the Delphi Packet Sniffer doesn't work in Win2K/NT :(
0
 
LVL 3

Expert Comment

by:vladh
Comment Utility
listening...
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Expert Comment

by:l8knight
Comment Utility
SOCK_RAW is supported only in Win2K, you'll need to open the socket with something like this...

    fSocket := WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, Nil, 0, WSA_FLAG_OVERLAPPED);

l8knight

btw: You also need to use winsock 2.0, you can find a header translation at delphi-jedi.
0
 
LVL 14

Author Comment

by:DragonSlayer
Comment Utility
l8knight, I need a solution that works in all win9x/nt/2k systems...

Smurff, any more help from you?

Thanks.
0
 
LVL 1

Expert Comment

by:l8knight
Comment Utility
I think that your best solution would be to use WinPcap available from http://netgroup-serv.polito.it/winpcap/

regards

l8knight

BTW: There are a couple of delphi header translations available for this library. I don't have the links on hand but I can find them if you need.
0
 
LVL 14

Author Comment

by:DragonSlayer
Comment Utility
l8knight, I already have WinPCap (thanks to the link from nmapnt)... yes, I'd appreciate it if you could get me the headers... I tried the NiteLogger site, but the link to the source code is invalid :(
0
 
LVL 1

Expert Comment

by:l8knight
Comment Utility
http://owns.sourceforge.net/ is the homepage but again the link to the source is missing :( but apparently it is available via sourceforge's CVS.

hope this helps

l8knight
0
 
LVL 3

Expert Comment

by:smurff
Comment Utility
Hi
you error was "However, doing it in Windows, I get an error "Protocol not supported"
" did you still get that error after installing a packet driver for NT ?
regards
Smurff
0
 
LVL 3

Expert Comment

by:smurff
Comment Utility
Ive managed to get that code working and on NT.
Did anyone else get it?

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls,Zniffer, ExtCtrls;

type
  TForm1 = class(TForm)
    Panel1: TPanel;
    Button1: TButton;
    ComboBox1: TComboBox;
    Memo1: TMemo;
    procedure FormCreate(Sender: TObject);
    procedure ComboBox1Change(Sender: TObject);
  private
    { Private declarations }
    FZniffer : TZniffer;
    procedure ReadPacket(Data:pointer;recvbytes:Word);
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.DFM}

procedure TForm1.FormCreate(Sender: TObject);
begin
 Fzniffer := TZniffer.create;
 Fzniffer.OnPacket := ReadPacket;
 Combobox1.Items.assign(Fzniffer.Adapters);
 Combobox1.text:='< SELECT ADAPTER >';

end;

procedure TForm1.ComboBox1Change(Sender: TObject);
var E:string;
begin
  if Fzniffer.Snooping then
    if not Fzniffer.Deactivate(E) then  raise Exception.create(e);
  Fzniffer.AdapterIndex := COmbobox1.ItemIndex;
  if not Fzniffer.Activate(e) then raise Exception.create(e);
end;

procedure TForm1.ReadPacket(Data: pointer; recvbytes: Word);
begin
  memo1.Lines.add('Packet snooped. Bytes: '+inttostr(recvbytes) );
end;

end.

regards
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
Comment Utility
OK Fair enough... smurff, you get the points :)

l8knight, I'll award you 100 for you efforts.

Thanks to both of you! (Although there are still many things left unsolved, but that is for another Q! hehehe)



DragonSlayer.
0
 
LVL 3

Expert Comment

by:smurff
Comment Utility
DragonSlayer,

Thanks, Your question has got me interested in this again. Im working on TCP network anal program. If I get any futher I`ll give you an email with the examples. Same as, if you get anywhere, let me know. Ive been looking through the API doc for the packet.dll and you can actually display the packet info as it arrives on the NIC. Im also a MCP with TCP so if you have any questions let me know.
My email is
Dannykellett@hotmail.com


cheers again,
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
Comment Utility
And mine is chee_meng@hotmail.com

(Hmm... since when did everyone become fans of hotmal? hehehe)

Oh Smurff, I'm actually working on some stuff regarding Mobile IP systems, and the reason I need all the packet headers is so that I could 'catch' the 'agent advertisements' and send the packet to the correct machine even though the machine's IP has changed.

Will keep you posted.

But this is actually just a 'hobby-project' of mine. And I only get to do it when I'm not overloaded with work :(


DragonSlayer.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now