Solved

Monitor TCP data sending/receiving

Posted on 2010-08-26
22
2,666 Views
Last Modified: 2012-06-27
Hello,

How to monitor data sending/receiving for specific TCP port in C# or VB.NET?
0
Comment
Question by:Mohamed Abowarda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +6
22 Comments
 
LVL 30

Expert Comment

by:MlandaT
ID: 33539927
0
 
LVL 30

Accepted Solution

by:
MlandaT earned 215 total points
ID: 33539931
0
 
LVL 32

Assisted Solution

by:Kamran Arshad
Kamran Arshad earned 72 total points
ID: 33569602
0
Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33573160
@uetian1707: I see that the program is EXE file not the source code, I want to monitor tcp myself in C# or VB.NET.

Thanks,
0
 
LVL 30

Assisted Solution

by:MlandaT
MlandaT earned 215 total points
ID: 33574059
Have you tried out the ones I gave you above:

SharpPcap
SharpPcap is a packet capture framework for the .NET environment, based on the famous WinPcap component. The purpose of this library is to provide an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.

Packet Capture and Analayzer
Packet capture and analyzer program. With this program you can capture, display, analyze, save packets or load a saved packet file. It works like Etheral does.

Those two are based on some of the most popular packet analysers. (Ethereal and WinPcap)
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33604051
@MlandaT: This is DLL file, I want to do everything myself, I think it can be done using sockets.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 33604112
Wireshark is opensource and based on C++ code I guess. You can check it out;

www.wireshark.org
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33604121
@uetian1707: I need to do it in C# not C++.
0
 
LVL 30

Assisted Solution

by:MlandaT
MlandaT earned 215 total points
ID: 33604387
0
 
LVL 5

Assisted Solution

by:andr_gin
andr_gin earned 71 total points
ID: 33625129
There are two ways to monitor data:

1.) You open a socket with TcpClient.Connect or TcpListener.AcceptTcpClient.
Then you can read data from the stream.
This is an easy solution, if data is only received like logging the output of an unidirectional printer driver, because only one side is connected. If it is a two way protocol, it may get complicated very soon.

2.) You can use TcpListener.AcceptTcpClient to accept connections from one side and connect to a server on the other side.
If TcpClient.Available on one side is true you can read the data, log it and forward it to the other TcpClient. Dont try to use on TcpClient in two threas (one sending/one receiving). This will not work.
This solution is also easy, but requires you to change the IP/Port of the connecting software to your program. You also get only the data received, but no information about Layer 2/3 protocols or if TCP packets are lost etc.

3.) You can log all traffic between two clients. For this a library like WinPcap is necessary. The advantage here is that you do not have to change any configuration of the connecting software and also get all information about the TCP protocol (size of the packets/packet loss etc.)

0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33720153
@andr_gin: It will be more clarified if you post code.

Thanks,
0
 
LVL 17

Expert Comment

by:Jesse Houwing
ID: 33974068
Basically if you want to monitor any port, while other applications are using them, without interfering the need to configure both parties to accept you as a kind of proxy, then you must use P/Invokes and use the low level network API's in windows. The SharpPcap library would be a great way to learn about this kind of network interception methods, it is open source, so you can look at how they did it. If you still want to, you can then write it yourself.

If you have the ability to at least reconfigure one end of the IP configuration, you can set yourself up as a proxy/tunnel (see: http://www.codeproject.com/KB/IP/WinTunnel.aspx). That way you act as a man-in-the middle and you can inspect every byte that comes and goes between the two systems.
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33974145
To follow up with the previous experts comments you are missing an important point and in a sense have an unrealistic expectation of that managed code (.NET) can do.

As ToAoM as pointed out this is low level API functionality.  Essentially it's at the device driver level in Layer 2 or Layer 3 of the OSI model used to describing networking layers: http://alex.hrck.net/?p=7

That type of work is executed using compiled C/C++ code.  You can use a managed code .NET wrapper to access it however, it's very low level.

Remember, the entire windows OS is written in C/C++.  .NET was designed as a higher level tool to speed application development not as a low level programming system.
0
 
LVL 19

Assisted Solution

by:Shahan Ayyub
Shahan Ayyub earned 71 total points
ID: 33974697
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33975302
@Shahan_Developer: This is how to get traffic in C#, I want to monitor the data, to know what data sent and received, not to get bytes sent and received.

Thanks,
0
 
LVL 20

Assisted Solution

by:ikework
ikework earned 71 total points
ID: 33975438
Data in terms of computers is always bits and bytes, no matter what kind of data is actually is; text, pictures, sound, it doesnt matter, its all encoded in bytes, and thats what you see when you monitor your traffic, its all bytes, data is nothing else than bytes.
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 33975449
@ikework: I think you misunderstood me.

I am not beginner, I know that the data is measured by bits which is the smallest measuring unit in the machine, I am ask to monitor the data NOT the traffic.

Example:
PC1 connected to PC2 on port 1000
PC2 sent data to PC1, lets say the data is "xxx"
PC1 received the data and sent "yyy" to PC2

Now, I want to monitor the port 1000 and know that PC2 sent "xxx" and received "yyy".
0
 
LVL 17

Expert Comment

by:Jesse Houwing
ID: 33976552
Again. Look at #PCap
0
 
LVL 12

Author Comment

by:Mohamed Abowarda
ID: 34118246
@ToAoM: I can't believe that it's not possible to do so in VB.NET or C#, I got code that monitor tcp data send/receive before.

I don't want a third party.
0
 
LVL 1

Expert Comment

by:James_H
ID: 34322690
0
 
LVL 12

Author Closing Comment

by:Mohamed Abowarda
ID: 37529248
Thanks everyone,
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VS 2017 18 103
Access/Visual Basic Question 3 42
Get sourcecode path 14 46
PowerShell:  Use of subproperties in a Select statement 7 23
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question