Solved

Snooping TCP packets arriving at a particular port

Posted on 2009-04-14
4
1,236 Views
Last Modified: 2012-05-06
Is there a way to sniff TCP packets arriving at a particular port in Windows? I see that the WinPcap library provides interface to sniff all the raw packets, however I would just like to sniff a part of that traffic for efficiency reasons.

Another way to accomplish sniffing would be to create a TCP socket, bind to the port number and source IP address and read data from the socket without actually connecting to the remote peer. Another application running on the same machine has established a connection with the remote peer. Since TCP is a connection oriented protocol, will this be allowed?
0
Comment
Question by:jbajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 500 total points
ID: 24141308
I know with wireshark, http://www.wireshark.org/, it allows you to create specific filters for what you want to sniff or analyze traffic for. It is based off the winpcap library.
0
 
LVL 4

Expert Comment

by:Viper640
ID: 24141333
well my experience has taught me that when you go that deep something is really wrong. but just my impression.

you could use wireshark to do a permiscious capture and then set a filter up that only filters the packets you want to see. i have done that several times. keep in mind thought that all you capture is on the whole network and you should see lots of stuff. the filter is what will get you only the packets you want to see.

let me know how you make out.
0
 

Author Closing Comment

by:jbajaj
ID: 31570089
I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0
 

Author Comment

by:jbajaj
ID: 24144752
Thanks for the response.

I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question