?
Solved

Snooping TCP packets arriving at a particular port

Posted on 2009-04-14
4
Medium Priority
?
1,261 Views
Last Modified: 2012-05-06
Is there a way to sniff TCP packets arriving at a particular port in Windows? I see that the WinPcap library provides interface to sniff all the raw packets, however I would just like to sniff a part of that traffic for efficiency reasons.

Another way to accomplish sniffing would be to create a TCP socket, bind to the port number and source IP address and read data from the socket without actually connecting to the remote peer. Another application running on the same machine has established a connection with the remote peer. Since TCP is a connection oriented protocol, will this be allowed?
0
Comment
Question by:jbajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 1500 total points
ID: 24141308
I know with wireshark, http://www.wireshark.org/, it allows you to create specific filters for what you want to sniff or analyze traffic for. It is based off the winpcap library.
0
 
LVL 4

Expert Comment

by:Viper640
ID: 24141333
well my experience has taught me that when you go that deep something is really wrong. but just my impression.

you could use wireshark to do a permiscious capture and then set a filter up that only filters the packets you want to see. i have done that several times. keep in mind thought that all you capture is on the whole network and you should see lots of stuff. the filter is what will get you only the packets you want to see.

let me know how you make out.
0
 

Author Closing Comment

by:jbajaj
ID: 31570089
I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0
 

Author Comment

by:jbajaj
ID: 24144752
Thanks for the response.

I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever stumbled upon a software that is so great that you just love? It happened to me. Love at first sight. Filezilla Server.   Ok its not the most advanced ftp server I've came across. But its a fairly simple piece of software to get the …
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question