Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 731
  • Last Modified:

Intercepting Network Packets

I need to write a programme that 'filters' all data that goes through ports of a machine.

In Linux, I could achieve it by doing

int sock = socket(PF_PACKET, SOCK_RAW, htons(0x0003));

that way, I will be able to read any data that comes in from any port by just doing a

byte_recv = recv(sock, buf, 10000, 0);

However, doing it in Windows, I get an error "Protocol not supported"

Are there any other ways to do it? Surely there will be, otherwise firewalls programmes cannot be written, no?

Please advise.



Thanks,
DragonSlayer.
0
DragonSlayer
Asked:
DragonSlayer
  • 7
  • 4
  • 3
  • +5
1 Solution
 
ITugayCommented:
Hi DragonSlayer,

take a look at this:

http://www.distinct.com/vit32/control.firewall.htm

I hope you liked it.

-----
Igor
0
 
DragonSlayerAuthor Commented:
Thanks for the quick reply, Igor.

Actually the link you sent to me is for data to go through firewall, what I want is something like this:
http://www.distinct.com/monitor/monitor.htm

But the problem is
i. It doesn't support win2k
ii. I prefer native VCL stuff where possible... have had some bad experience with ActiveX before :)

Thanks again.


DragonSlayer.
0
 
smurffCommented:
you need to install a pcket driver first. I dont have any source but look at eeye.com and search for NMapNT, there is a packet driver to install there.
regards
Smurff
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
DragonSlayerAuthor Commented:
Thanks Smurff... it seems promising... will check it out later. Time to zzz now :)
0
 
drnadeemCommented:
listening
0
 
EpsylonCommented:
Some nice stuff here:

http://www.claessens16.yucom.be/
0
 
GwenaCommented:
listening :-)
0
 
DragonSlayerAuthor Commented:
Epsylon,

Already checked out that site before I posted this Q :)

However, the Delphi Packet Sniffer doesn't work in Win2K/NT :(
0
 
vladhCommented:
listening...
0
 
l8knightCommented:
SOCK_RAW is supported only in Win2K, you'll need to open the socket with something like this...

    fSocket := WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, Nil, 0, WSA_FLAG_OVERLAPPED);

l8knight

btw: You also need to use winsock 2.0, you can find a header translation at delphi-jedi.
0
 
DragonSlayerAuthor Commented:
l8knight, I need a solution that works in all win9x/nt/2k systems...

Smurff, any more help from you?

Thanks.
0
 
l8knightCommented:
I think that your best solution would be to use WinPcap available from http://netgroup-serv.polito.it/winpcap/ 

regards

l8knight

BTW: There are a couple of delphi header translations available for this library. I don't have the links on hand but I can find them if you need.
0
 
DragonSlayerAuthor Commented:
l8knight, I already have WinPCap (thanks to the link from nmapnt)... yes, I'd appreciate it if you could get me the headers... I tried the NiteLogger site, but the link to the source code is invalid :(
0
 
l8knightCommented:
http://owns.sourceforge.net/ is the homepage but again the link to the source is missing :( but apparently it is available via sourceforge's CVS.

hope this helps

l8knight
0
 
smurffCommented:
Hi
you error was "However, doing it in Windows, I get an error "Protocol not supported"
" did you still get that error after installing a packet driver for NT ?
regards
Smurff
0
 
smurffCommented:
Ive managed to get that code working and on NT.
Did anyone else get it?

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls,Zniffer, ExtCtrls;

type
  TForm1 = class(TForm)
    Panel1: TPanel;
    Button1: TButton;
    ComboBox1: TComboBox;
    Memo1: TMemo;
    procedure FormCreate(Sender: TObject);
    procedure ComboBox1Change(Sender: TObject);
  private
    { Private declarations }
    FZniffer : TZniffer;
    procedure ReadPacket(Data:pointer;recvbytes:Word);
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.DFM}

procedure TForm1.FormCreate(Sender: TObject);
begin
 Fzniffer := TZniffer.create;
 Fzniffer.OnPacket := ReadPacket;
 Combobox1.Items.assign(Fzniffer.Adapters);
 Combobox1.text:='< SELECT ADAPTER >';

end;

procedure TForm1.ComboBox1Change(Sender: TObject);
var E:string;
begin
  if Fzniffer.Snooping then
    if not Fzniffer.Deactivate(E) then  raise Exception.create(e);
  Fzniffer.AdapterIndex := COmbobox1.ItemIndex;
  if not Fzniffer.Activate(e) then raise Exception.create(e);
end;

procedure TForm1.ReadPacket(Data: pointer; recvbytes: Word);
begin
  memo1.Lines.add('Packet snooped. Bytes: '+inttostr(recvbytes) );
end;

end.

regards
Smurff
0
 
DragonSlayerAuthor Commented:
OK Fair enough... smurff, you get the points :)

l8knight, I'll award you 100 for you efforts.

Thanks to both of you! (Although there are still many things left unsolved, but that is for another Q! hehehe)



DragonSlayer.
0
 
smurffCommented:
DragonSlayer,

Thanks, Your question has got me interested in this again. Im working on TCP network anal program. If I get any futher I`ll give you an email with the examples. Same as, if you get anywhere, let me know. Ive been looking through the API doc for the packet.dll and you can actually display the packet info as it arrives on the NIC. Im also a MCP with TCP so if you have any questions let me know.
My email is
Dannykellett@hotmail.com


cheers again,
Smurff
0
 
DragonSlayerAuthor Commented:
And mine is chee_meng@hotmail.com

(Hmm... since when did everyone become fans of hotmal? hehehe)

Oh Smurff, I'm actually working on some stuff regarding Mobile IP systems, and the reason I need all the packet headers is so that I could 'catch' the 'agent advertisements' and send the packet to the correct machine even though the machine's IP has changed.

Will keep you posted.

But this is actually just a 'hobby-project' of mine. And I only get to do it when I'm not overloaded with work :(


DragonSlayer.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 7
  • 4
  • 3
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now