Arachnid
asked on
PacketSniffer Problems
Hi.
I'm currently trying to make a tool that checks how much bandwith each user on a Network is using.
Tried to use FPiette's PacketSniffer but for some reason it always freezes the computers after a while... and the packet32.dll used by it is also used by the SubSeven Trojan so my AV software always start complaining...
So i found another PacketSniffer one that doesnt crash... the only problem is that i cant seem to get the source/destionation address from the packets... not sure what to do =(
It's located at:
http://home1.stofanet.dk/nitezhifter/files/Delphi%20Pcap.zip
it's actually a Delphi conversion of the WinPcap Library.
so what i need is some help on how to actually get the source/destination ip addresses...
regards,
John
I'm currently trying to make a tool that checks how much bandwith each user on a Network is using.
Tried to use FPiette's PacketSniffer but for some reason it always freezes the computers after a while... and the packet32.dll used by it is also used by the SubSeven Trojan so my AV software always start complaining...
So i found another PacketSniffer one that doesnt crash... the only problem is that i cant seem to get the source/destionation address from the packets... not sure what to do =(
It's located at:
http://home1.stofanet.dk/nitezhifter/files/Delphi%20Pcap.zip
it's actually a Delphi conversion of the WinPcap Library.
so what i need is some help on how to actually get the source/destination ip addresses...
regards,
John
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Correction for my previous comment:
... in network byte order, which is different from x86 machine order. So the source IP is
Eth[26]:Eth[27]:Eth[28]:Et
The next four bytes are the destination IP address, like
Eth[30]:Eth[31]:Eth[32]:Et
The order I gave last time is reversed..
... in network byte order, which is different from x86 machine order. So the source IP is
Eth[26]:Eth[27]:Eth[28]:Et
The next four bytes are the destination IP address, like
Eth[30]:Eth[31]:Eth[32]:Et
The order I gave last time is reversed..
ASKER
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
sorry karouri but to me SenDogs answer was a more "complete" one...
Regards,
John
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
sorry karouri but to me SenDogs answer was a more "complete" one...
Regards,
John
ASKER
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
sorry karouri but to me SenDogs answer was a more "complete" one...
Regards,
John
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
sorry karouri but to me SenDogs answer was a more "complete" one...
Regards,
John
actually it is fine for me too, as I needed such a work on linux, and I found it now for free
Glad I could help!
Cheers,
SenDog
Cheers,
SenDog
Ethernet frame header: http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-326.html
IP packet header: http://www.freesoft.org/CIE/Course/Section3/7.htm
All in all, the source IP address is the four bytes starting at byte 26 (assuming a zero based array) in network byte order, which is different from x86 machine order. So the source IP is
Eth[29]:Eth[28]:Eth[27]:Et
The next four bytes are the destination IP address, like
Eth[33]:Eth[32]:Eth[31]:Et
assuming the array holding the packet is defined as
Eth:array[0..1513] of byte