Solved

PacketSniffer Problems

Posted on 2001-08-17
7
255 Views
Last Modified: 2010-04-06
Hi.

I'm currently trying to make a tool that checks how much bandwith each user on a Network is using.

Tried to use FPiette's PacketSniffer but for some reason it always freezes the computers after a while... and the packet32.dll used by it is also used by the SubSeven Trojan so my AV software always start complaining...

So i found another PacketSniffer one that doesnt crash... the only problem is that i cant seem to get the source/destionation address from the packets... not sure what to do =(

It's located at:
http://home1.stofanet.dk/nitezhifter/files/Delphi%20Pcap.zip

it's actually a Delphi conversion of the WinPcap Library.

so what i need is some help on how to actually get the source/destination ip addresses...

regards,
John
0
Comment
Question by:Arachnid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 3

Expert Comment

by:karouri
ID: 6398223
As far as I know, the winpcap captures the whole packet, so you can read the source and destination IP addresses from within the packets. Notice that the packet capture does not contain the Ethernet preamble, neither the CRC at the end. Any data you can get from a packet assuming it is an IP packet can be got from the headers:
Ethernet frame header: http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-326.html
IP packet header: http://www.freesoft.org/CIE/Course/Section3/7.htm
All in all, the source IP address is the four bytes starting at byte 26 (assuming a zero based array) in network byte order, which is different from x86 machine order. So the source IP is
Eth[29]:Eth[28]:Eth[27]:Eth[26]
The next four bytes are the destination IP address, like
Eth[33]:Eth[32]:Eth[31]:Eth[30]
assuming the array holding the packet is defined as
Eth:array[0..1513] of byte
0
 
LVL 1

Accepted Solution

by:
SenDog earned 300 total points
ID: 6399489
Try downloading release 0.3 of O.W.N.S. (One Way Network Sniffing) at http://sourceforge.net/projects/owns/

It works great and can be modified to suit your needs. Also, it already uses WinCap.

Cheers,
SenDog
0
 
LVL 3

Expert Comment

by:karouri
ID: 6399873
Correction for my previous comment:
... in network byte order, which is different from x86 machine order. So the source IP is
Eth[26]:Eth[27]:Eth[28]:Eth[29]
The next four bytes are the destination IP address, like
Eth[30]:Eth[31]:Eth[32]:Eth[33]

The order I gave last time is reversed..


0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Arachnid
ID: 6405458
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
 
sorry karouri but to me SenDogs answer was a more "complete" one...


Regards,
John
0
 

Author Comment

by:Arachnid
ID: 6405459
ahhh... finally!
the owns project was exactly what i needed... in a way...
just went through the sourcefiles and found out how to get the ip addresses.
thanx SenDog...
 
sorry karouri but to me SenDogs answer was a more "complete" one...


Regards,
John
0
 
LVL 3

Expert Comment

by:karouri
ID: 6405764
actually it is fine for me too, as I needed such a work on linux, and I found it now for free
0
 
LVL 1

Expert Comment

by:SenDog
ID: 6408218
Glad I could help!


Cheers,
SenDog
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question