Solved

Network programming

Posted on 2004-03-25
19
602 Views
Last Modified: 2007-12-19
hello

I am writing a programming to monitor my network

yes i know there a number of free programs out there but

i want it to be customizable and interact with the companies database.

I have come up on a few hurdles in the way tot he finishline

 1... I am using vb6 and cannot read the packets of the network
  ..what I want to do is to examine these packets and get some information from then.
 ..the source and the destination
..the source programs that genearted them etc.

 2... the program i am writing is designed to have some intrusion detection capabilities
.....in want to examine the packets for user info

BUT I CANNOT READ THE PACKETS IN VB6 I DONNOT KNOW HOW TO I TRIED EVERYTHING AND I WAS FINALLY SENT TO HERE THE NETWORKING SECTION.

iI AM I SERIOUS NEED I TRIED ALMOST EVERY TUTORIALS i even tried the cpac dlls and .......

help me please ..

this question values about 125 points but i donnt have that much points...
0
Comment
Question by:sespool
19 Comments
 
LVL 2

Accepted Solution

by:
MrPan earned 50 total points
ID: 10685405
What I have done is downloaded a sample for planetsourcecode (.net) and changed it to write to a database if ou want to do it in vb6

If you want to do this in vb6 the Download the packetxlib from

http://www.beesync.com/packetx/index.html

Then use code something like this

        '-- Selects the First Adapter
        oPktX.Adapter = oPktX.Adapters(1)

        '-- Clear any variables first
        oPktCol.Clear()
        oPktX.Reset()

        '-- Starts the packet sniff
        oPktX.Start()

'After a period of time

oPktX.Stop()

You will need to do something with the event

    Private Sub oPktX_OnPacket(ByVal pPacket As PACKETXLib.Packet) Handles oPktX.OnPacket
        '-- When a Packet is recieved
        'If pPacket.SourcePort = 119 Or pPacket.DestPort = 119 Then
        'Else

        If EvalFilter(pPacket) Then
            ConvertPacketToMyPacketStruct(pPacket)
        End If
        'End If

    End Sub
0
 

Author Comment

by:sespool
ID: 10685704
Thanks

but i am uising vb6

and  i am on a network

what it want to is to run this application fro, the server and then read all the packets across the network

i could then do analysis on these

i really donnt  get ur code...


help me i am lost
0
 

Author Comment

by:sespool
ID: 10686256
sorry about the thread above

i ahve figured out how to get  the packets on one machine but how do i get them from the the network in general from the different work groups etc.

basically how do i go large scale


help me

mr  MrPan  has started me off but how do i fo large scale
0
 
LVL 28

Expert Comment

by:vinnyd79
ID: 10686672
The machine that is running the code needs to be on a segment that can see all network traffic or it will never work.
0
 
LVL 2

Expert Comment

by:MrPan
ID: 10687695
What I did was copy the data into a access database and used query to analise the data.

Things like the most packets from one IP address

Most packets to an IP address

Busiest time period
0
 

Author Comment

by:sespool
ID: 10695495
Hello

i am want to now plot/create some charts from the information gathered

someone told me about krystal reporsts  but i cannot find any toturial on it any one who has tuotrial on this especially if  it relates to the scenario descrived aboved

 halla at me


also if there is ant thing else to create reports and charts  could pure vb6 coding do this ?
cuase i am not sure if i can buy this krsytal reports software................

ammm..

ses
0
 
LVL 2

Expert Comment

by:MrPan
ID: 10702386
It should be Crystal reports and it is shipped with VB (or used to be)

If the data is in a database you can report over it

0
 
LVL 2

Expert Comment

by:MrPan
ID: 10702400
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:sespool
ID: 10707984
Hello

crystal roports is certainly expensive isnt it

isnt there any other wat to generate roports

and i cannt find any crystal turorials for vb6



0
 

Author Comment

by:sespool
ID: 10708100
Hello MrPan

I tried the packet code and i am now read packets and doing all different things thanks


i am how ever still struggling to figure out how to identify the intruions for the data collected i  donnt know what to look for does any one know of any site that i could get the current intrusion techniques and ways of identif\fing then

and how do i use  packetx to read the packets for a machine from and adator that is in anoiher machine.

how can  i read stay on one mahice and read the packet on another machince

i have the ip addresses for the mahines i want to capture the packets from but how do that
0
 
LVL 2

Expert Comment

by:MrPan
ID: 10712107
Here are a couple of sub routines that may help

There should be an event fired with the packetx (Should define it so [withevents])

Then in the pPacket (or whatever variable name you use) there is a onpacket event

Write this to an array or structure if you look below you will see that pPcaket has properties for destIp and sourceIP.

If you do not want to use crystal you could use something like excel

----------------------------------------------------------------------------------------------

    Private Sub ConvertPacketToMyPacketStruct(ByVal pPacket As PACKETXLib.Packet)
        Dim PacketStruct As New structPackets()
        ReDim PacketStruct.PacketHeader(7)


        PacketStruct.PacketData = pPacket.DataArray

        '-- Determine what protocol this packet is using
        Select Case pPacket.Protocol
            Case PACKETXLib.PktXProtocolType.PktXProtocolTypeTCP
                PacketStruct.PacketHeader(1) = "TCP"
            Case PACKETXLib.PktXProtocolType.PktXProtocolTypeUDP
                PacketStruct.PacketHeader(1) = "UDP"
            Case PACKETXLib.PktXProtocolType.PktXProtocolTypeIP
                PacketStruct.PacketHeader(1) = "IP"
            Case PACKETXLib.PktXProtocolType.PktXProtocolTypeEthernet
                PacketStruct.PacketHeader(1) = "ETHERNET"
            Case PACKETXLib.PktXProtocolType.PktXProtocolTypeNone
                PacketStruct.PacketHeader(1) = "NONE"
        End Select

        'oItm.Tag = lstvPackets.Items.Count


        PacketStruct.PacketHeader(0) = Format(Now, "hh:mm:ss")
        PacketStruct.PacketHeader(2) = pPacket.DataSize
        PacketStruct.PacketHeader(3) = pPacket.DestIpAddress
        PacketStruct.PacketHeader(4) = pPacket.DestPort
        PacketStruct.PacketHeader(5) = pPacket.SourceIpAddress
        PacketStruct.PacketHeader(6) = pPacket.SourcePort

        AddPacket(PacketStruct)


    End Sub
0
 

Author Comment

by:sespool
ID: 10723204
man thanx you have being a graet help

i am now have the problem of protocol

i am sure the  intruder will not jus sent packets to only four type and i would love to caputere then

and be able to report the protocol of those  packects but the PacketX componnet  only reads three type and has a general packet type for the reset how do i get he details fo the protocol of these packets.
0
 
LVL 2

Expert Comment

by:MrPan
ID: 10723281
I am not sure if that is covered by none.

You could try an else after the type of protocols.

But at the end of the day if the control does not monitor them you would be unable to detect them.

I dont know anything about networking but wouldnt the packed have to conform to one of the standard types?
0
 

Author Comment

by:sespool
ID: 10723308
what i am basically asking is if  there sis any way identify packets of the

ICMP
POP
SMTP
 etc..

so i can identifiy mail and noramal none intrusive traffic
0
 

Expert Comment

by:starkoff
ID: 10731879
PacketX can decode limited number of protocols (Ethernet,IP,TCPorUDP) in standard LAN configuration. There is no way to get information about the other network protocols unless you do the all decoding by yourself. PacketX was met to be just an easy to use VB wrapper for Winpcap.
0
 

Author Comment

by:sespool
ID: 10736159
Hello

alright

i am stuck with the protocols that packetx recognizes

i am trying now to work with
 
the graphs

can somebody plese tell me where i can find some crystal reports tutorial

i cannot understand it

i am using vb6, crystal report 8 and an access database

help me please
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I’ve seen a number of people looking for examples of how to access web services from VB6.  I’ve been using a test harness I built in VB6 (using many resources I found online) that I use for small projects to work out how to communicate with web serv…
The debugging module of the VB 6 IDE can be accessed by way of the Debug menu item. That menu item can normally be found in the IDE's main menu line as shown in this picture.   There is also a companion Debug Toolbar that looks like the followin…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now