Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Snooping TCP packets arriving at a particular port

Posted on 2009-04-14
4
Medium Priority
?
1,276 Views
Last Modified: 2012-05-06
Is there a way to sniff TCP packets arriving at a particular port in Windows? I see that the WinPcap library provides interface to sniff all the raw packets, however I would just like to sniff a part of that traffic for efficiency reasons.

Another way to accomplish sniffing would be to create a TCP socket, bind to the port number and source IP address and read data from the socket without actually connecting to the remote peer. Another application running on the same machine has established a connection with the remote peer. Since TCP is a connection oriented protocol, will this be allowed?
0
Comment
Question by:jbajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 1500 total points
ID: 24141308
I know with wireshark, http://www.wireshark.org/, it allows you to create specific filters for what you want to sniff or analyze traffic for. It is based off the winpcap library.
0
 
LVL 4

Expert Comment

by:Viper640
ID: 24141333
well my experience has taught me that when you go that deep something is really wrong. but just my impression.

you could use wireshark to do a permiscious capture and then set a filter up that only filters the packets you want to see. i have done that several times. keep in mind thought that all you capture is on the whole network and you should see lots of stuff. the filter is what will get you only the packets you want to see.

let me know how you make out.
0
 

Author Closing Comment

by:jbajaj
ID: 31570089
I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0
 

Author Comment

by:jbajaj
ID: 24144752
Thanks for the response.

I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question