Hi, excume my question.I write a packet sniffer,but I dont's kown why my program can only run on window2000.
And how it can work on window98 and windowsxp.



;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib
include wsock32.inc
includelib wsock32.lib
.data
flag db '1',0
print_tcp db 'TCP ',0
print_udp db 'UDP ',0
print_OSPFIGP db 'OSPFIGP ',0
print_source db 'source ip: ',0
print_dest db 'destination ip: ',0
print_enter db ' ',0ah,0

.data?
stWsa WSADATA <>
addr_in sockaddr_in <>
dwValue dd ?
sock dd ?
LocalName db 100 dup (?)
sourceip dd ?
destip dd ?
RecvBuf db 65536 dup (?)
szBuffer db 1024 dup (?)
HostName db 64 dup (?)
hStdOut dd ?
.const
SIO_RCVALL equ 98000001h
IP_HDRINCL equ 2
.code
_ConsolePrint proc _lpsz
local @dwCharWritten

pushad
invoke lstrlen,_lpsz
lea ecx,@dwCharWritten
invoke WriteFile,hStdOut,_lpsz,eax,ecx,NULL
popad
ret

_ConsolePrint endp
start:
invoke GetStdHandle,STD_OUTPUT_HANDLE
mov hStdOut,eax

invoke WSAStartup,101h,addr stWsa;
invoke socket,AF_INET,SOCK_RAW,IPPROTO_RAW
mov sock,eax
invoke gethostname,addr LocalName, sizeof LocalName - 1;
invoke gethostbyname,addr LocalName
mov eax, ;mov through the hosnet struct
mov eax, ;again
mov eax, ;finally to our wanted info
mov addr_in.sin_addr,eax;addr pHost; //IP
mov addr_in.sin_family, AF_INET;
invoke htons,57274;9999
mov addr_in.sin_port,ax
invoke bind,sock,addr addr_in,sizeof addr_in;
mov dwValue,1;
invoke ioctlsocket,sock, SIO_RCVALL, addr dwValue;
.while 1
invoke recv,sock,addr RecvBuf,sizeof RecvBuf,0
mov eax,offset RecvBuf
mov bh,Byte ptr
.if bh==06h;tcp
invoke _ConsolePrint,addr print_tcp
.elseif bh==11h;udp
invoke _ConsolePrint,addr print_udp
.elseif bh==59h;OSPFIGP
invoke _ConsolePrint,addr print_OSPFIGP
.endif
mov ebx,
mov ecx,
mov destip,ecx
invoke inet_ntoa,ebx
mov sourceip,eax
invoke _ConsolePrint,addr print_source
invoke _ConsolePrint,sourceip;addr sourceip
mov eax,destip
invoke inet_ntoa,eax
mov destip,eax
invoke _ConsolePrint,addr print_dest
invoke _ConsolePrint,destip;addr destip
invoke _ConsolePrint,addr print_enter
.endw
invoke closesocket,sock
invoke ExitProcess,NULL
end start
Posted on 2004-08-11 00:00:50 by geegle
it won't run on 98 at all, and your code is unreadable
Posted on 2004-08-11 03:38:37 by Mbee
If you familiar with winsock and TCP/IP,it may be readable.
Could someone help me to modify it so that it can run on 98 and xp?
I appreciate your help.
Posted on 2004-08-11 05:21:00 by geegle
I guess the use of the code tags would help make it a lot more easy to read.
Posted on 2004-08-11 07:29:29 by The Beginner
Hi,
I made a similiar program. But it captures only ICMP packets. It uses DebugWin windows to display the packets

Thomas Antony:alright:
Posted on 2004-08-11 12:05:21 by thomasantony
Hi,
also I think you should use WSAIoctl instead of ioctlsocket and also do WSAStartup with 202h for winsock 2. Incllude ws2_32.inc and lib for winsock 2

Thomas Antony:alright:
Posted on 2004-08-11 12:07:41 by thomasantony

If you familiar with winsock and TCP/IP,it may be readable.
Could someone help me to modify it so that it can run on 98 and xp?
I appreciate your help.


I am familiar with winsock and TCP/IP. If you wrote that code with the normal SDK and such you would have known that 98 doesn't support raw sockets, so it won't work on 98 whatever you modify. If you copied your code from some other source or tutorial without knowing what you are doing you might have missed that.

for 98 you should use a third party raw socket driver.
Posted on 2004-08-11 12:51:36 by Mbee



I am familiar with winsock and TCP/IP. If you wrote that code with the normal SDK and such you would have known that 98 doesn't support raw sockets, so it won't work on 98 whatever you modify. If you copied your code from some other source or tutorial without knowing what you are doing you might have missed that.

for 98 you should use a third party raw socket driver.




it also does't work on winxp,although i wrote that code with the normal SDK.
Could you tell me why it can not run on wnxp.
Posted on 2004-08-11 20:16:04 by geegle

Hi,
I made a similiar program. But it captures only ICMP packets. It uses DebugWin windows to display the packets

Thomas Antony:alright:


Thanks for your program.
But it can not capture any packet at all.
Posted on 2004-08-11 20:18:06 by geegle
Hi,
It worked for me. I tried it many times mainly for testing my ping programs and other ICMP programs. REmember, it captures ONLY ICMP packets AFAIK

Thomas Antony
Posted on 2004-08-12 06:01:42 by thomasantony
Try this, it runs on Xp. It's a quick hack at the SIO_RCVALL option, dumps packets to a text file, but it may be of some help. Make sure you put your own IP address in the szip field. Sniff away!
Posted on 2004-08-12 23:23:02 by The Dude of Dudes

Try this, it runs on Xp. It's a quick hack at the SIO_RCVALL option, dumps packets to a text file, but it may be of some help. Make sure you put your own IP address in the szip field. Sniff away!




Thank you very much!
Posted on 2004-08-13 01:34:38 by geegle