Solved

Monitor TCP data sending/receiving

Posted on 2010-08-26
22
2,611 Views
Last Modified: 2012-06-27
Hello,

How to monitor data sending/receiving for specific TCP port in C# or VB.NET?
0
Comment
Question by:Mohamed Abowarda
  • 8
  • 4
  • 2
  • +6
22 Comments
 
LVL 30

Expert Comment

by:MlandaT
ID: 33539927
0
 
LVL 30

Accepted Solution

by:
MlandaT earned 215 total points
ID: 33539931
0
 
LVL 32

Assisted Solution

by:Kamran Arshad
Kamran Arshad earned 72 total points
ID: 33569602
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33573160
@uetian1707: I see that the program is EXE file not the source code, I want to monitor tcp myself in C# or VB.NET.

Thanks,
0
 
LVL 30

Assisted Solution

by:MlandaT
MlandaT earned 215 total points
ID: 33574059
Have you tried out the ones I gave you above:

SharpPcap
SharpPcap is a packet capture framework for the .NET environment, based on the famous WinPcap component. The purpose of this library is to provide an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.

Packet Capture and Analayzer
Packet capture and analyzer program. With this program you can capture, display, analyze, save packets or load a saved packet file. It works like Etheral does.

Those two are based on some of the most popular packet analysers. (Ethereal and WinPcap)
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33604051
@MlandaT: This is DLL file, I want to do everything myself, I think it can be done using sockets.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 33604112
Wireshark is opensource and based on C++ code I guess. You can check it out;

www.wireshark.org
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33604121
@uetian1707: I need to do it in C# not C++.
0
 
LVL 30

Assisted Solution

by:MlandaT
MlandaT earned 215 total points
ID: 33604387
0
 
LVL 5

Assisted Solution

by:andr_gin
andr_gin earned 71 total points
ID: 33625129
There are two ways to monitor data:

1.) You open a socket with TcpClient.Connect or TcpListener.AcceptTcpClient.
Then you can read data from the stream.
This is an easy solution, if data is only received like logging the output of an unidirectional printer driver, because only one side is connected. If it is a two way protocol, it may get complicated very soon.

2.) You can use TcpListener.AcceptTcpClient to accept connections from one side and connect to a server on the other side.
If TcpClient.Available on one side is true you can read the data, log it and forward it to the other TcpClient. Dont try to use on TcpClient in two threas (one sending/one receiving). This will not work.
This solution is also easy, but requires you to change the IP/Port of the connecting software to your program. You also get only the data received, but no information about Layer 2/3 protocols or if TCP packets are lost etc.

3.) You can log all traffic between two clients. For this a library like WinPcap is necessary. The advantage here is that you do not have to change any configuration of the connecting software and also get all information about the TCP protocol (size of the packets/packet loss etc.)

0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33720153
@andr_gin: It will be more clarified if you post code.

Thanks,
0
 
LVL 17

Expert Comment

by:Jesse Houwing
ID: 33974068
Basically if you want to monitor any port, while other applications are using them, without interfering the need to configure both parties to accept you as a kind of proxy, then you must use P/Invokes and use the low level network API's in windows. The SharpPcap library would be a great way to learn about this kind of network interception methods, it is open source, so you can look at how they did it. If you still want to, you can then write it yourself.

If you have the ability to at least reconfigure one end of the IP configuration, you can set yourself up as a proxy/tunnel (see: http://www.codeproject.com/KB/IP/WinTunnel.aspx). That way you act as a man-in-the middle and you can inspect every byte that comes and goes between the two systems.
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33974145
To follow up with the previous experts comments you are missing an important point and in a sense have an unrealistic expectation of that managed code (.NET) can do.

As ToAoM as pointed out this is low level API functionality.  Essentially it's at the device driver level in Layer 2 or Layer 3 of the OSI model used to describing networking layers: http://alex.hrck.net/?p=7

That type of work is executed using compiled C/C++ code.  You can use a managed code .NET wrapper to access it however, it's very low level.

Remember, the entire windows OS is written in C/C++.  .NET was designed as a higher level tool to speed application development not as a low level programming system.
0
 
LVL 19

Assisted Solution

by:Shahan Ayyub
Shahan Ayyub earned 71 total points
ID: 33974697
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33975302
@Shahan_Developer: This is how to get traffic in C#, I want to monitor the data, to know what data sent and received, not to get bytes sent and received.

Thanks,
0
 
LVL 20

Assisted Solution

by:ikework
ikework earned 71 total points
ID: 33975438
Data in terms of computers is always bits and bytes, no matter what kind of data is actually is; text, pictures, sound, it doesnt matter, its all encoded in bytes, and thats what you see when you monitor your traffic, its all bytes, data is nothing else than bytes.
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33975449
@ikework: I think you misunderstood me.

I am not beginner, I know that the data is measured by bits which is the smallest measuring unit in the machine, I am ask to monitor the data NOT the traffic.

Example:
PC1 connected to PC2 on port 1000
PC2 sent data to PC1, lets say the data is "xxx"
PC1 received the data and sent "yyy" to PC2

Now, I want to monitor the port 1000 and know that PC2 sent "xxx" and received "yyy".
0
 
LVL 17

Expert Comment

by:Jesse Houwing
ID: 33976552
Again. Look at #PCap
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 34118246
@ToAoM: I can't believe that it's not possible to do so in VB.NET or C#, I got code that monitor tcp data send/receive before.

I don't want a third party.
0
 
LVL 1

Expert Comment

by:James_H
ID: 34322690
0
 
LVL 12

Author Closing Comment

by:Mohamed Abowarda
ID: 37529248
Thanks everyone,
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question