Monitor TCP data sending/receiving

Hello,

How to monitor data sending/receiving for specific TCP port in C# or VB.NET?
LVL 12
Mohamed AbowardaSoftware EngineerAsked:
Who is Participating?
 
Kamran ArshadIT AssociateCommented:
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
Mohamed AbowardaSoftware EngineerAuthor Commented:
@uetian1707: I see that the program is EXE file not the source code, I want to monitor tcp myself in C# or VB.NET.

Thanks,
0
 
MlandaTCommented:
Have you tried out the ones I gave you above:

SharpPcap
SharpPcap is a packet capture framework for the .NET environment, based on the famous WinPcap component. The purpose of this library is to provide an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.

Packet Capture and Analayzer
Packet capture and analyzer program. With this program you can capture, display, analyze, save packets or load a saved packet file. It works like Etheral does.

Those two are based on some of the most popular packet analysers. (Ethereal and WinPcap)
0
 
Mohamed AbowardaSoftware EngineerAuthor Commented:
@MlandaT: This is DLL file, I want to do everything myself, I think it can be done using sockets.
0
 
Kamran ArshadIT AssociateCommented:
Wireshark is opensource and based on C++ code I guess. You can check it out;

www.wireshark.org
0
 
Mohamed AbowardaSoftware EngineerAuthor Commented:
@uetian1707: I need to do it in C# not C++.
0
 
MlandaTCommented:
0
 
andr_ginCommented:
There are two ways to monitor data:

1.) You open a socket with TcpClient.Connect or TcpListener.AcceptTcpClient.
Then you can read data from the stream.
This is an easy solution, if data is only received like logging the output of an unidirectional printer driver, because only one side is connected. If it is a two way protocol, it may get complicated very soon.

2.) You can use TcpListener.AcceptTcpClient to accept connections from one side and connect to a server on the other side.
If TcpClient.Available on one side is true you can read the data, log it and forward it to the other TcpClient. Dont try to use on TcpClient in two threas (one sending/one receiving). This will not work.
This solution is also easy, but requires you to change the IP/Port of the connecting software to your program. You also get only the data received, but no information about Layer 2/3 protocols or if TCP packets are lost etc.

3.) You can log all traffic between two clients. For this a library like WinPcap is necessary. The advantage here is that you do not have to change any configuration of the connecting software and also get all information about the TCP protocol (size of the packets/packet loss etc.)

0
 
Mohamed AbowardaSoftware EngineerAuthor Commented:
@andr_gin: It will be more clarified if you post code.

Thanks,
0
 
Jesse HouwingScrum Trainer | Microsoft MVP | ALM Ranger | ConsultantCommented:
Basically if you want to monitor any port, while other applications are using them, without interfering the need to configure both parties to accept you as a kind of proxy, then you must use P/Invokes and use the low level network API's in windows. The SharpPcap library would be a great way to learn about this kind of network interception methods, it is open source, so you can look at how they did it. If you still want to, you can then write it yourself.

If you have the ability to at least reconfigure one end of the IP configuration, you can set yourself up as a proxy/tunnel (see: http://www.codeproject.com/KB/IP/WinTunnel.aspx). That way you act as a man-in-the middle and you can inspect every byte that comes and goes between the two systems.
0
 
Ted BouskillSenior Software DeveloperCommented:
To follow up with the previous experts comments you are missing an important point and in a sense have an unrealistic expectation of that managed code (.NET) can do.

As ToAoM as pointed out this is low level API functionality.  Essentially it's at the device driver level in Layer 2 or Layer 3 of the OSI model used to describing networking layers: http://alex.hrck.net/?p=7

That type of work is executed using compiled C/C++ code.  You can use a managed code .NET wrapper to access it however, it's very low level.

Remember, the entire windows OS is written in C/C++.  .NET was designed as a higher level tool to speed application development not as a low level programming system.
0
 
Shahan AyyubSenior Software Engineer - iOSCommented:
0
 
Mohamed AbowardaSoftware EngineerAuthor Commented:
@Shahan_Developer: This is how to get traffic in C#, I want to monitor the data, to know what data sent and received, not to get bytes sent and received.

Thanks,
0
 
ikeworkCommented:
Data in terms of computers is always bits and bytes, no matter what kind of data is actually is; text, pictures, sound, it doesnt matter, its all encoded in bytes, and thats what you see when you monitor your traffic, its all bytes, data is nothing else than bytes.
0
 
Mohamed AbowardaSoftware EngineerAuthor Commented:
@ikework: I think you misunderstood me.

I am not beginner, I know that the data is measured by bits which is the smallest measuring unit in the machine, I am ask to monitor the data NOT the traffic.

Example:
PC1 connected to PC2 on port 1000
PC2 sent data to PC1, lets say the data is "xxx"
PC1 received the data and sent "yyy" to PC2

Now, I want to monitor the port 1000 and know that PC2 sent "xxx" and received "yyy".
0
 
Jesse HouwingScrum Trainer | Microsoft MVP | ALM Ranger | ConsultantCommented:
Again. Look at #PCap
0
 
Mohamed AbowardaSoftware EngineerAuthor Commented:
@ToAoM: I can't believe that it's not possible to do so in VB.NET or C#, I got code that monitor tcp data send/receive before.

I don't want a third party.
0
 
Mohamed AbowardaSoftware EngineerAuthor Commented:
Thanks everyone,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.