Solved

Monitor TCP data sending/receiving

Posted on 2010-08-26
22
2,531 Views
Last Modified: 2012-06-27
Hello,

How to monitor data sending/receiving for specific TCP port in C# or VB.NET?
0
Comment
Question by:Mohamed Abowarda
  • 8
  • 4
  • 2
  • +6
22 Comments
 
LVL 30

Expert Comment

by:MlandaT
ID: 33539927
0
 
LVL 30

Accepted Solution

by:
MlandaT earned 215 total points
ID: 33539931
0
 
LVL 32

Assisted Solution

by:Kamran Arshad
Kamran Arshad earned 72 total points
ID: 33569602
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33573160
@uetian1707: I see that the program is EXE file not the source code, I want to monitor tcp myself in C# or VB.NET.

Thanks,
0
 
LVL 30

Assisted Solution

by:MlandaT
MlandaT earned 215 total points
ID: 33574059
Have you tried out the ones I gave you above:

SharpPcap
SharpPcap is a packet capture framework for the .NET environment, based on the famous WinPcap component. The purpose of this library is to provide an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.

Packet Capture and Analayzer
Packet capture and analyzer program. With this program you can capture, display, analyze, save packets or load a saved packet file. It works like Etheral does.

Those two are based on some of the most popular packet analysers. (Ethereal and WinPcap)
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33604051
@MlandaT: This is DLL file, I want to do everything myself, I think it can be done using sockets.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 33604112
Wireshark is opensource and based on C++ code I guess. You can check it out;

www.wireshark.org
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33604121
@uetian1707: I need to do it in C# not C++.
0
 
LVL 30

Assisted Solution

by:MlandaT
MlandaT earned 215 total points
ID: 33604387
0
 
LVL 5

Assisted Solution

by:andr_gin
andr_gin earned 71 total points
ID: 33625129
There are two ways to monitor data:

1.) You open a socket with TcpClient.Connect or TcpListener.AcceptTcpClient.
Then you can read data from the stream.
This is an easy solution, if data is only received like logging the output of an unidirectional printer driver, because only one side is connected. If it is a two way protocol, it may get complicated very soon.

2.) You can use TcpListener.AcceptTcpClient to accept connections from one side and connect to a server on the other side.
If TcpClient.Available on one side is true you can read the data, log it and forward it to the other TcpClient. Dont try to use on TcpClient in two threas (one sending/one receiving). This will not work.
This solution is also easy, but requires you to change the IP/Port of the connecting software to your program. You also get only the data received, but no information about Layer 2/3 protocols or if TCP packets are lost etc.

3.) You can log all traffic between two clients. For this a library like WinPcap is necessary. The advantage here is that you do not have to change any configuration of the connecting software and also get all information about the TCP protocol (size of the packets/packet loss etc.)

0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33720153
@andr_gin: It will be more clarified if you post code.

Thanks,
0
 
LVL 17

Expert Comment

by:ToAoM
ID: 33974068
Basically if you want to monitor any port, while other applications are using them, without interfering the need to configure both parties to accept you as a kind of proxy, then you must use P/Invokes and use the low level network API's in windows. The SharpPcap library would be a great way to learn about this kind of network interception methods, it is open source, so you can look at how they did it. If you still want to, you can then write it yourself.

If you have the ability to at least reconfigure one end of the IP configuration, you can set yourself up as a proxy/tunnel (see: http://www.codeproject.com/KB/IP/WinTunnel.aspx). That way you act as a man-in-the middle and you can inspect every byte that comes and goes between the two systems.
0
 
LVL 51

Expert Comment

by:tedbilly
ID: 33974145
To follow up with the previous experts comments you are missing an important point and in a sense have an unrealistic expectation of that managed code (.NET) can do.

As ToAoM as pointed out this is low level API functionality.  Essentially it's at the device driver level in Layer 2 or Layer 3 of the OSI model used to describing networking layers: http://alex.hrck.net/?p=7

That type of work is executed using compiled C/C++ code.  You can use a managed code .NET wrapper to access it however, it's very low level.

Remember, the entire windows OS is written in C/C++.  .NET was designed as a higher level tool to speed application development not as a low level programming system.
0
 
LVL 19

Assisted Solution

by:Shahan Ayyub
Shahan Ayyub earned 71 total points
ID: 33974697
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33975302
@Shahan_Developer: This is how to get traffic in C#, I want to monitor the data, to know what data sent and received, not to get bytes sent and received.

Thanks,
0
 
LVL 20

Assisted Solution

by:ikework
ikework earned 71 total points
ID: 33975438
Data in terms of computers is always bits and bytes, no matter what kind of data is actually is; text, pictures, sound, it doesnt matter, its all encoded in bytes, and thats what you see when you monitor your traffic, its all bytes, data is nothing else than bytes.
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33975449
@ikework: I think you misunderstood me.

I am not beginner, I know that the data is measured by bits which is the smallest measuring unit in the machine, I am ask to monitor the data NOT the traffic.

Example:
PC1 connected to PC2 on port 1000
PC2 sent data to PC1, lets say the data is "xxx"
PC1 received the data and sent "yyy" to PC2

Now, I want to monitor the port 1000 and know that PC2 sent "xxx" and received "yyy".
0
 
LVL 17

Expert Comment

by:ToAoM
ID: 33976552
Again. Look at #PCap
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 34118246
@ToAoM: I can't believe that it's not possible to do so in VB.NET or C#, I got code that monitor tcp data send/receive before.

I don't want a third party.
0
 
LVL 1

Expert Comment

by:James_H
ID: 34322690
0
 
LVL 12

Author Closing Comment

by:Mohamed Abowarda
ID: 37529248
Thanks everyone,
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This article describes relatively difficult and non-obvious issues that are likely to arise when creating COM class in Visual Studio and deploying it by professional MSI-authoring tools. It is assumed that the reader is already familiar with the cla…
It’s quite interesting for me as I worked with Excel using vb.net for some time. Here are some topics which I know want to share with others whom this might help. First of all if you are working with Excel then you need to Download the Following …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now