Solved

Snooping TCP packets arriving at a particular port

Posted on 2009-04-14
4
1,250 Views
Last Modified: 2012-05-06
Is there a way to sniff TCP packets arriving at a particular port in Windows? I see that the WinPcap library provides interface to sniff all the raw packets, however I would just like to sniff a part of that traffic for efficiency reasons.

Another way to accomplish sniffing would be to create a TCP socket, bind to the port number and source IP address and read data from the socket without actually connecting to the remote peer. Another application running on the same machine has established a connection with the remote peer. Since TCP is a connection oriented protocol, will this be allowed?
0
Comment
Question by:jbajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 500 total points
ID: 24141308
I know with wireshark, http://www.wireshark.org/, it allows you to create specific filters for what you want to sniff or analyze traffic for. It is based off the winpcap library.
0
 
LVL 4

Expert Comment

by:Viper640
ID: 24141333
well my experience has taught me that when you go that deep something is really wrong. but just my impression.

you could use wireshark to do a permiscious capture and then set a filter up that only filters the packets you want to see. i have done that several times. keep in mind thought that all you capture is on the whole network and you should see lots of stuff. the filter is what will get you only the packets you want to see.

let me know how you make out.
0
 

Author Closing Comment

by:jbajaj
ID: 31570089
I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0
 

Author Comment

by:jbajaj
ID: 24144752
Thanks for the response.

I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0

Featured Post

Webinar: Security & Encryption in the MySQL world

Join Percona’s Solutions Engineer, Dimitri Vanoverbeke as he presents “Security and Encryption in the MySQL world” on Thursday, July 6, 2017 at 7:00 am PDT / 10:00 am EDT (UTC-7).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question