• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

PacketSniffer Problems

Hi.

I'm currently trying to make a tool that checks how much bandwith each user on a Network is using.

Tried to use FPiette's PacketSniffer but for some reason it always freezes the computers after a while... and the packet32.dll used by it is also used by the SubSeven Trojan so my AV software always start complaining...

So i found another PacketSniffer one that doesnt crash... the only problem is that i cant seem to get the source/destionation address from the packets... not sure what to do =(

It's located at:
http://home1.stofanet.dk/nitezhifter/files/Delphi%20Pcap.zip

it's actually a Delphi conversion of the WinPcap Library.

so what i need is some help on how to actually get the source/destination ip addresses...

regards,
John
0
Arachnid
Asked:
Arachnid
  • 3
  • 2
  • 2
1 Solution
 
karouriCommented:
As far as I know, the winpcap captures the whole packet, so you can read the source and destination IP addresses from within the packets. Notice that the packet capture does not contain the Ethernet preamble, neither the CRC at the end. Any data you can get from a packet assuming it is an IP packet can be got from the headers:
Ethernet frame header: http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-326.html
IP packet header: http://www.freesoft.org/CIE/Course/Section3/7.htm
All in all, the source IP address is the four bytes starting at byte 26 (assuming a zero based array) in network byte order, which is different from x86 machine order. So the source IP is
Eth[29]:Eth[28]:Eth[27]:Eth[26]
The next four bytes are the destination IP address, like
Eth[33]:Eth[32]:Eth[31]:Eth[30]
assuming the array holding the packet is defined as
Eth:array[0..1513] of byte
0
 
SenDogCommented:
Try downloading release 0.3 of O.W.N.S. (One Way Network Sniffing) at http://sourceforge.net/projects/owns/

It works great and can be modified to suit your needs. Also, it already uses WinCap.

Cheers,
SenDog
0
 
karouriCommented:
Correction for my previous comment:
... in network byte order, which is different from x86 machine order. So the source IP is
Eth[26]:Eth[27]:Eth[28]:Eth[29]
The next four bytes are the destination IP address, like
Eth[30]:Eth[31]:Eth[32]:Eth[33]

The order I gave last time is reversed..


0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ArachnidAuthor Commented:
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
 
sorry karouri but to me SenDogs answer was a more "complete" one...


Regards,
John
0
 
ArachnidAuthor Commented:
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
 
sorry karouri but to me SenDogs answer was a more "complete" one...


Regards,
John
0
 
karouriCommented:
actually it is fine for me too, as I needed such a work on linux, and I found it now for free
0
 
SenDogCommented:
Glad I could help!


Cheers,
SenDog
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now