• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1293
  • Last Modified:

IP packet sniffer in C++ with Windows NT??? Any hints, source code???

Hi,

I would like to build a simple IP packet sniffer (like those under Solaris --snoop) in C++.
So far I have seen this done only with W2K...

Does any one of you know of a place where I can get sample source code to start my
coding? I'd simply would like to sort by IP address To the From ;-)

So I need to be able to
1) sense the "wire"
2) read from it
3) open a packet
4) retrieve the from and to ip address

how can this be done using NT api???
0
aquila98
Asked:
aquila98
  • 2
  • 2
1 Solution
 
jhanceCommented:
0
 
aquila98Author Commented:
Interesting this rawether!

But I was really hoping to learn HOW to do it myself as opposed to just buying a
software...

Yet, this means that there IS a way to do it in NT, so that's good ;-) There is hope!!!

0
 
jhanceCommented:
1) Read the information on www.rawether.net.  There is a lot of background information.

2) Get the DDK.  There is a sample NDIS intermediate driver there.  It's poorly done and poorly documented but it's all there is.

3) If you ONLY are interested in TCPIP, there is the WINSOCK 2 instrumented library.  It's not re-distributable but it does give you packet level access to the protocol.

4) Windows XP has full support for RAW adapter access.  It's somewhat controversial (See: http://grc.com/dos/xplaughter.htm) but my opinion is that those who want to wreak havoc can ALREADY do so.  Any capabilities in XP will be insignificant!!
0
 
aquila98Author Commented:
It seems to work...

Thanks
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now