PacketSniffer Problems

Hi.

I'm currently trying to make a tool that checks how much bandwith each user on a Network is using.

Tried to use FPiette's PacketSniffer but for some reason it always freezes the computers after a while... and the packet32.dll used by it is also used by the SubSeven Trojan so my AV software always start complaining...

So i found another PacketSniffer one that doesnt crash... the only problem is that i cant seem to get the source/destionation address from the packets... not sure what to do =(

It's located at:
http://home1.stofanet.dk/nitezhifter/files/Delphi%20Pcap.zip

it's actually a Delphi conversion of the WinPcap Library.

so what i need is some help on how to actually get the source/destination ip addresses...

regards,
John
ArachnidAsked:
Who is Participating?
 
SenDogConnect With a Mentor Commented:
Try downloading release 0.3 of O.W.N.S. (One Way Network Sniffing) at http://sourceforge.net/projects/owns/

It works great and can be modified to suit your needs. Also, it already uses WinCap.

Cheers,
SenDog
0
 
karouriCommented:
As far as I know, the winpcap captures the whole packet, so you can read the source and destination IP addresses from within the packets. Notice that the packet capture does not contain the Ethernet preamble, neither the CRC at the end. Any data you can get from a packet assuming it is an IP packet can be got from the headers:
Ethernet frame header: http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-326.html
IP packet header: http://www.freesoft.org/CIE/Course/Section3/7.htm
All in all, the source IP address is the four bytes starting at byte 26 (assuming a zero based array) in network byte order, which is different from x86 machine order. So the source IP is
Eth[29]:Eth[28]:Eth[27]:Eth[26]
The next four bytes are the destination IP address, like
Eth[33]:Eth[32]:Eth[31]:Eth[30]
assuming the array holding the packet is defined as
Eth:array[0..1513] of byte
0
 
karouriCommented:
Correction for my previous comment:
... in network byte order, which is different from x86 machine order. So the source IP is
Eth[26]:Eth[27]:Eth[28]:Eth[29]
The next four bytes are the destination IP address, like
Eth[30]:Eth[31]:Eth[32]:Eth[33]

The order I gave last time is reversed..


0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
ArachnidAuthor Commented:
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
 
sorry karouri but to me SenDogs answer was a more "complete" one...


Regards,
John
0
 
ArachnidAuthor Commented:
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
 
sorry karouri but to me SenDogs answer was a more "complete" one...


Regards,
John
0
 
karouriCommented:
actually it is fine for me too, as I needed such a work on linux, and I found it now for free
0
 
SenDogCommented:
Glad I could help!


Cheers,
SenDog
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.