Solved

Intercepting Network Packets

Posted on 2001-07-12
19
669 Views
Last Modified: 2010-04-04
I need to write a programme that 'filters' all data that goes through ports of a machine.

In Linux, I could achieve it by doing

int sock = socket(PF_PACKET, SOCK_RAW, htons(0x0003));

that way, I will be able to read any data that comes in from any port by just doing a

byte_recv = recv(sock, buf, 10000, 0);

However, doing it in Windows, I get an error "Protocol not supported"

Are there any other ways to do it? Surely there will be, otherwise firewalls programmes cannot be written, no?

Please advise.



Thanks,
DragonSlayer.
0
Comment
Question by:DragonSlayer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
  • +5
19 Comments
 
LVL 9

Expert Comment

by:ITugay
ID: 6276440
Hi DragonSlayer,

take a look at this:

http://www.distinct.com/vit32/control.firewall.htm

I hope you liked it.

-----
Igor
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6276575
Thanks for the quick reply, Igor.

Actually the link you sent to me is for data to go through firewall, what I want is something like this:
http://www.distinct.com/monitor/monitor.htm

But the problem is
i. It doesn't support win2k
ii. I prefer native VCL stuff where possible... have had some bad experience with ActiveX before :)

Thanks again.


DragonSlayer.
0
 
LVL 3

Accepted Solution

by:
smurff earned 300 total points
ID: 6276669
you need to install a pcket driver first. I dont have any source but look at eeye.com and search for NMapNT, there is a packet driver to install there.
regards
Smurff
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Author Comment

by:DragonSlayer
ID: 6277063
Thanks Smurff... it seems promising... will check it out later. Time to zzz now :)
0
 
LVL 1

Expert Comment

by:drnadeem
ID: 6277356
listening
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 6277988
Some nice stuff here:

http://www.claessens16.yucom.be/
0
 
LVL 5

Expert Comment

by:Gwena
ID: 6278925
listening :-)
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6279195
Epsylon,

Already checked out that site before I posted this Q :)

However, the Delphi Packet Sniffer doesn't work in Win2K/NT :(
0
 
LVL 3

Expert Comment

by:vladh
ID: 6280368
listening...
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6282638
SOCK_RAW is supported only in Win2K, you'll need to open the socket with something like this...

    fSocket := WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, Nil, 0, WSA_FLAG_OVERLAPPED);

l8knight

btw: You also need to use winsock 2.0, you can find a header translation at delphi-jedi.
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6284372
l8knight, I need a solution that works in all win9x/nt/2k systems...

Smurff, any more help from you?

Thanks.
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6284391
I think that your best solution would be to use WinPcap available from http://netgroup-serv.polito.it/winpcap/ 

regards

l8knight

BTW: There are a couple of delphi header translations available for this library. I don't have the links on hand but I can find them if you need.
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6284714
l8knight, I already have WinPCap (thanks to the link from nmapnt)... yes, I'd appreciate it if you could get me the headers... I tried the NiteLogger site, but the link to the source code is invalid :(
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6284844
http://owns.sourceforge.net/ is the homepage but again the link to the source is missing :( but apparently it is available via sourceforge's CVS.

hope this helps

l8knight
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285146
Hi
you error was "However, doing it in Windows, I get an error "Protocol not supported"
" did you still get that error after installing a packet driver for NT ?
regards
Smurff
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285196
Ive managed to get that code working and on NT.
Did anyone else get it?

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls,Zniffer, ExtCtrls;

type
  TForm1 = class(TForm)
    Panel1: TPanel;
    Button1: TButton;
    ComboBox1: TComboBox;
    Memo1: TMemo;
    procedure FormCreate(Sender: TObject);
    procedure ComboBox1Change(Sender: TObject);
  private
    { Private declarations }
    FZniffer : TZniffer;
    procedure ReadPacket(Data:pointer;recvbytes:Word);
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.DFM}

procedure TForm1.FormCreate(Sender: TObject);
begin
 Fzniffer := TZniffer.create;
 Fzniffer.OnPacket := ReadPacket;
 Combobox1.Items.assign(Fzniffer.Adapters);
 Combobox1.text:='< SELECT ADAPTER >';

end;

procedure TForm1.ComboBox1Change(Sender: TObject);
var E:string;
begin
  if Fzniffer.Snooping then
    if not Fzniffer.Deactivate(E) then  raise Exception.create(e);
  Fzniffer.AdapterIndex := COmbobox1.ItemIndex;
  if not Fzniffer.Activate(e) then raise Exception.create(e);
end;

procedure TForm1.ReadPacket(Data: pointer; recvbytes: Word);
begin
  memo1.Lines.add('Packet snooped. Bytes: '+inttostr(recvbytes) );
end;

end.

regards
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6285545
OK Fair enough... smurff, you get the points :)

l8knight, I'll award you 100 for you efforts.

Thanks to both of you! (Although there are still many things left unsolved, but that is for another Q! hehehe)



DragonSlayer.
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285566
DragonSlayer,

Thanks, Your question has got me interested in this again. Im working on TCP network anal program. If I get any futher I`ll give you an email with the examples. Same as, if you get anywhere, let me know. Ive been looking through the API doc for the packet.dll and you can actually display the packet info as it arrives on the NIC. Im also a MCP with TCP so if you have any questions let me know.
My email is
Dannykellett@hotmail.com


cheers again,
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6285605
And mine is chee_meng@hotmail.com

(Hmm... since when did everyone become fans of hotmal? hehehe)

Oh Smurff, I'm actually working on some stuff regarding Mobile IP systems, and the reason I need all the packet headers is so that I could 'catch' the 'agent advertisements' and send the packet to the correct machine even though the machine's IP has changed.

Will keep you posted.

But this is actually just a 'hobby-project' of mine. And I only get to do it when I'm not overloaded with work :(


DragonSlayer.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Help on project with Soap 10 68
Delphi: ForceDirectory plain function 7 84
JAudiorecorder record freezing the app 29 91
RESTRequest Parameter 4 79
A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question