Solved

PacketSniffer Problems

Posted on 2001-08-17
7
243 Views
Last Modified: 2010-04-06
Hi.

I'm currently trying to make a tool that checks how much bandwith each user on a Network is using.

Tried to use FPiette's PacketSniffer but for some reason it always freezes the computers after a while... and the packet32.dll used by it is also used by the SubSeven Trojan so my AV software always start complaining...

So i found another PacketSniffer one that doesnt crash... the only problem is that i cant seem to get the source/destionation address from the packets... not sure what to do =(

It's located at:
http://home1.stofanet.dk/nitezhifter/files/Delphi%20Pcap.zip

it's actually a Delphi conversion of the WinPcap Library.

so what i need is some help on how to actually get the source/destination ip addresses...

regards,
John
0
Comment
Question by:Arachnid
  • 3
  • 2
  • 2
7 Comments
 
LVL 3

Expert Comment

by:karouri
Comment Utility
As far as I know, the winpcap captures the whole packet, so you can read the source and destination IP addresses from within the packets. Notice that the packet capture does not contain the Ethernet preamble, neither the CRC at the end. Any data you can get from a packet assuming it is an IP packet can be got from the headers:
Ethernet frame header: http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-326.html
IP packet header: http://www.freesoft.org/CIE/Course/Section3/7.htm
All in all, the source IP address is the four bytes starting at byte 26 (assuming a zero based array) in network byte order, which is different from x86 machine order. So the source IP is
Eth[29]:Eth[28]:Eth[27]:Eth[26]
The next four bytes are the destination IP address, like
Eth[33]:Eth[32]:Eth[31]:Eth[30]
assuming the array holding the packet is defined as
Eth:array[0..1513] of byte
0
 
LVL 1

Accepted Solution

by:
SenDog earned 300 total points
Comment Utility
Try downloading release 0.3 of O.W.N.S. (One Way Network Sniffing) at http://sourceforge.net/projects/owns/

It works great and can be modified to suit your needs. Also, it already uses WinCap.

Cheers,
SenDog
0
 
LVL 3

Expert Comment

by:karouri
Comment Utility
Correction for my previous comment:
... in network byte order, which is different from x86 machine order. So the source IP is
Eth[26]:Eth[27]:Eth[28]:Eth[29]
The next four bytes are the destination IP address, like
Eth[30]:Eth[31]:Eth[32]:Eth[33]

The order I gave last time is reversed..


0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:Arachnid
Comment Utility
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
 
sorry karouri but to me SenDogs answer was a more "complete" one...


Regards,
John
0
 

Author Comment

by:Arachnid
Comment Utility
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
 
sorry karouri but to me SenDogs answer was a more "complete" one...


Regards,
John
0
 
LVL 3

Expert Comment

by:karouri
Comment Utility
actually it is fine for me too, as I needed such a work on linux, and I found it now for free
0
 
LVL 1

Expert Comment

by:SenDog
Comment Utility
Glad I could help!


Cheers,
SenDog
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now