[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4010
  • Last Modified:

Packet capture with vb .net

Hi,

I'm trying to find a some what simple way to capture and read packets sent on a certain port with visual basic .net, the reading of the packets isn't too important at the moment, the main thing is to capture them. It will be working on a port that is would already in use by a game's server. Can anyone help me out?

Thanks for you time.
0
blahb
Asked:
blahb
  • 5
  • 4
1 Solution
 
drichardsCommented:
Unfortunately, the game probably won't let you open the port it's using.  If it's all IP traffic, I think you can use raw sockets (use type SOCK_RAW, set the IP_HDRINCL option and bind to port 0) to receive all IP traffic coming into the machine.  Otherwise, you can use something like RawEther .NET (http://www.rawether.net/DotNet/default.htm) or you could use PInvoke with WinPcap (http://winpcap.polito.it/).

If you just want to capture them for viewing, consider Ethereal (www.ethereal.com).  Ethereal lets you apply both capture and view filters so you can look at just the game packets if you want.
0
 
blahbAuthor Commented:
Ah i may have put the guestion a little wrong, i just need to be able to monitor and read the incoming packets on the specified ip and port so i can view them. I've seen it done before for the same game, so it can be done =). So basicly it would be a packet sniffer of sorts. I hope you understand what i'm asking, as i'm alittle confused about it all my self.
0
 
drichardsCommented:
Then the easiest thing to do is get Ethereal at http://www.ethereal.com and have at it.  It will capture everything coming into your network adapter, but as I mentioned you can filter at capture time based on TCP or UDP port so only your game packets are captured.  ALternatively, you can capture everything and filter at view time.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
blahbAuthor Commented:
Ah, am i wrong in thinking Ethereal is a fully made program it's self? Or components for .net? As i need to do things with the packet data once i've read them. I've done some research and it all seems to be leanding to raw sockets, which you mentioned before to recieve all ip traffic, and from then i could filter through the packets for the ones i need? If so.. do you, or anyone else know(or can write) some example code for doing such a thing?

Thanx again drichards.
0
 
drichardsCommented:
Yes, Ethereal is a sniffer program itself.  Raw sockets can be used if you want to write your own program to look at the game packets (I'm pretty sure anyway - I've only used raw sockets to implement router-like functionality).  As soon as my development computer boots up, I'll post some sample code for you - it's C#, so I'll try to convert to VB.NET for you.
0
 
drichardsCommented:
Here's an example.  This was 'Sub Main()' from a VB.NET console app.  It captures packets on the desired adapter (my machine is multi-homed so I need to choose - you can just say OK to first message box) and prints out the source and destination IP's.  You can examine the packets as desired.  You'll need to reference System.Windows.Forms dll to run this.


Sub Main()
        Dim he As System.Net.IPHostEntry = System.Net.Dns.GetHostByName(System.Net.Dns.GetHostName())

        Dim sock As System.Net.Sockets.Socket = New System.Net.Sockets.Socket(System.Net.Sockets.AddressFamily.InterNetwork, System.Net.Sockets.SocketType.Raw, System.Net.Sockets.ProtocolType.IP)
        sock.SetSocketOption(System.Net.Sockets.SocketOptionLevel.IP, System.Net.Sockets.SocketOptionName.HeaderIncluded, 1)

        Dim ep As System.Net.IPEndPoint
        Dim bound As System.Boolean = False
        For Each ipAddr As System.Net.IPAddress In he.AddressList
            ep = New System.Net.IPEndPoint(ipAddr, 0)
            If System.Windows.Forms.MessageBox.Show("Use " + ipAddr.ToString() + "?", "Select Adapter", System.Windows.Forms.MessageBoxButtons.YesNo) = System.Windows.Forms.DialogResult.Yes Then
                sock.Bind(ep)
                bound = True
            End If
        Next

        If (bound) Then
            Dim inValue() As Byte = BitConverter.GetBytes(1)
            Dim outValue() As Byte = BitConverter.GetBytes(0)
            Dim SIO_RCVALL As Integer = System.Convert.ToInt32(0 - &H67FFFFFF) '//0x98000001);
            Try
                Dim data(1024) As Byte
                sock.IOControl(SIO_RCVALL, inValue, outValue)
                Dim addr As System.Net.IPAddress
                While True
                    Dim bytes As Integer = sock.Receive(data)
                    Dim ipAddr As Long = 0 'System.BitConverter.ToUInt32(data, 12)
                    ipAddr = System.Convert.ToInt64(System.BitConverter.ToUInt32(data, 12))
                    addr = New System.Net.IPAddress(ipAddr)
                    System.Console.Write(addr.ToString() + " / ")
                    ipAddr = System.BitConverter.ToInt32(data, 16)
                    ipAddr = System.Convert.ToInt64(System.BitConverter.ToUInt32(data, 16))
                    addr = New System.Net.IPAddress(ipAddr)
                    System.Console.WriteLine(addr.ToString())
                End While
            Catch ex As System.Exception
                System.Console.WriteLine(ex.Message, "Error")
            End Try
            sock.Close()
        End If
End Sub
0
 
blahbAuthor Commented:
I see, i'll work through it and see what i can come up with, thanx alot for the code and help, richards. =)
0
 
drichardsCommented:
One note on the code - it only allocates a 1K buffer, so it will exit if a packet is more than 1K.  You can change the buffer size and/or handle the case where the packet is too big and continue capturing.
0
 
blahbAuthor Commented:
How would i get the packet data, other than the ip, from the buffer? Or is this even possible?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now