Solved

Snooping TCP packets arriving at a particular port

Posted on 2009-04-14
4
1,204 Views
Last Modified: 2012-05-06
Is there a way to sniff TCP packets arriving at a particular port in Windows? I see that the WinPcap library provides interface to sniff all the raw packets, however I would just like to sniff a part of that traffic for efficiency reasons.

Another way to accomplish sniffing would be to create a TCP socket, bind to the port number and source IP address and read data from the socket without actually connecting to the remote peer. Another application running on the same machine has established a connection with the remote peer. Since TCP is a connection oriented protocol, will this be allowed?
0
Comment
Question by:jbajaj
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 500 total points
ID: 24141308
I know with wireshark, http://www.wireshark.org/, it allows you to create specific filters for what you want to sniff or analyze traffic for. It is based off the winpcap library.
0
 
LVL 4

Expert Comment

by:Viper640
ID: 24141333
well my experience has taught me that when you go that deep something is really wrong. but just my impression.

you could use wireshark to do a permiscious capture and then set a filter up that only filters the packets you want to see. i have done that several times. keep in mind thought that all you capture is on the whole network and you should see lots of stuff. the filter is what will get you only the packets you want to see.

let me know how you make out.
0
 

Author Closing Comment

by:jbajaj
ID: 31570089
I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0
 

Author Comment

by:jbajaj
ID: 24144752
Thanks for the response.

I agree about Wireshark. However the problem is that it captures everything and thereafter filters data. I know what I will be filter, so I would like to be efficient and just capture what I want to.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction People like FTP.  It's a solid, stable, robust protocol for quickly transferring files between two hosts using TCP/IP.  In most cases it's much faster than SMB or CIFS, and certainly much easier to set up between organizations.  This…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now