Solved

Intercepting Network Packets

Posted on 2001-07-12
19
659 Views
Last Modified: 2010-04-04
I need to write a programme that 'filters' all data that goes through ports of a machine.

In Linux, I could achieve it by doing

int sock = socket(PF_PACKET, SOCK_RAW, htons(0x0003));

that way, I will be able to read any data that comes in from any port by just doing a

byte_recv = recv(sock, buf, 10000, 0);

However, doing it in Windows, I get an error "Protocol not supported"

Are there any other ways to do it? Surely there will be, otherwise firewalls programmes cannot be written, no?

Please advise.



Thanks,
DragonSlayer.
0
Comment
Question by:DragonSlayer
  • 7
  • 4
  • 3
  • +5
19 Comments
 
LVL 9

Expert Comment

by:ITugay
ID: 6276440
Hi DragonSlayer,

take a look at this:

http://www.distinct.com/vit32/control.firewall.htm

I hope you liked it.

-----
Igor
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6276575
Thanks for the quick reply, Igor.

Actually the link you sent to me is for data to go through firewall, what I want is something like this:
http://www.distinct.com/monitor/monitor.htm

But the problem is
i. It doesn't support win2k
ii. I prefer native VCL stuff where possible... have had some bad experience with ActiveX before :)

Thanks again.


DragonSlayer.
0
 
LVL 3

Accepted Solution

by:
smurff earned 300 total points
ID: 6276669
you need to install a pcket driver first. I dont have any source but look at eeye.com and search for NMapNT, there is a packet driver to install there.
regards
Smurff
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 14

Author Comment

by:DragonSlayer
ID: 6277063
Thanks Smurff... it seems promising... will check it out later. Time to zzz now :)
0
 
LVL 1

Expert Comment

by:drnadeem
ID: 6277356
listening
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 6277988
Some nice stuff here:

http://www.claessens16.yucom.be/
0
 
LVL 5

Expert Comment

by:Gwena
ID: 6278925
listening :-)
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6279195
Epsylon,

Already checked out that site before I posted this Q :)

However, the Delphi Packet Sniffer doesn't work in Win2K/NT :(
0
 
LVL 3

Expert Comment

by:vladh
ID: 6280368
listening...
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6282638
SOCK_RAW is supported only in Win2K, you'll need to open the socket with something like this...

    fSocket := WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, Nil, 0, WSA_FLAG_OVERLAPPED);

l8knight

btw: You also need to use winsock 2.0, you can find a header translation at delphi-jedi.
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6284372
l8knight, I need a solution that works in all win9x/nt/2k systems...

Smurff, any more help from you?

Thanks.
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6284391
I think that your best solution would be to use WinPcap available from http://netgroup-serv.polito.it/winpcap/ 

regards

l8knight

BTW: There are a couple of delphi header translations available for this library. I don't have the links on hand but I can find them if you need.
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6284714
l8knight, I already have WinPCap (thanks to the link from nmapnt)... yes, I'd appreciate it if you could get me the headers... I tried the NiteLogger site, but the link to the source code is invalid :(
0
 
LVL 1

Expert Comment

by:l8knight
ID: 6284844
http://owns.sourceforge.net/ is the homepage but again the link to the source is missing :( but apparently it is available via sourceforge's CVS.

hope this helps

l8knight
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285146
Hi
you error was "However, doing it in Windows, I get an error "Protocol not supported"
" did you still get that error after installing a packet driver for NT ?
regards
Smurff
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285196
Ive managed to get that code working and on NT.
Did anyone else get it?

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls,Zniffer, ExtCtrls;

type
  TForm1 = class(TForm)
    Panel1: TPanel;
    Button1: TButton;
    ComboBox1: TComboBox;
    Memo1: TMemo;
    procedure FormCreate(Sender: TObject);
    procedure ComboBox1Change(Sender: TObject);
  private
    { Private declarations }
    FZniffer : TZniffer;
    procedure ReadPacket(Data:pointer;recvbytes:Word);
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.DFM}

procedure TForm1.FormCreate(Sender: TObject);
begin
 Fzniffer := TZniffer.create;
 Fzniffer.OnPacket := ReadPacket;
 Combobox1.Items.assign(Fzniffer.Adapters);
 Combobox1.text:='< SELECT ADAPTER >';

end;

procedure TForm1.ComboBox1Change(Sender: TObject);
var E:string;
begin
  if Fzniffer.Snooping then
    if not Fzniffer.Deactivate(E) then  raise Exception.create(e);
  Fzniffer.AdapterIndex := COmbobox1.ItemIndex;
  if not Fzniffer.Activate(e) then raise Exception.create(e);
end;

procedure TForm1.ReadPacket(Data: pointer; recvbytes: Word);
begin
  memo1.Lines.add('Packet snooped. Bytes: '+inttostr(recvbytes) );
end;

end.

regards
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6285545
OK Fair enough... smurff, you get the points :)

l8knight, I'll award you 100 for you efforts.

Thanks to both of you! (Although there are still many things left unsolved, but that is for another Q! hehehe)



DragonSlayer.
0
 
LVL 3

Expert Comment

by:smurff
ID: 6285566
DragonSlayer,

Thanks, Your question has got me interested in this again. Im working on TCP network anal program. If I get any futher I`ll give you an email with the examples. Same as, if you get anywhere, let me know. Ive been looking through the API doc for the packet.dll and you can actually display the packet info as it arrives on the NIC. Im also a MCP with TCP so if you have any questions let me know.
My email is
Dannykellett@hotmail.com


cheers again,
Smurff
0
 
LVL 14

Author Comment

by:DragonSlayer
ID: 6285605
And mine is chee_meng@hotmail.com

(Hmm... since when did everyone become fans of hotmal? hehehe)

Oh Smurff, I'm actually working on some stuff regarding Mobile IP systems, and the reason I need all the packet headers is so that I could 'catch' the 'agent advertisements' and send the packet to the correct machine even though the machine's IP has changed.

Will keep you posted.

But this is actually just a 'hobby-project' of mine. And I only get to do it when I'm not overloaded with work :(


DragonSlayer.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question