Okay dcskm4200, I do not know why you cannot access the masmforum upload but here is another one :)
www.geocities.com/dominik_mail/snf2.zip

Dominik
Posted on 2004-12-02 11:37:05 by Dom
Mr. Dom:
Sorry, I bothered you with moving snf2.zip from one to another address.
I abhor hacker who attacked Win32ASM Community Messageboard. This let us can't append or download anything. I left me feeling depressed.
I hope sincerely Mr. Harlod resume its all function.
;=============================================
The snf1.zip gived me a lot of knowledge about network. Mr. Dom shared his great source code , as a newbie and win32asm fan, we'll be thankful long times to you did.
Although I has't seen the better snf2.zip, but I guess: snf2.zip not only include the functions that proposed by front professional coder, ie:

1. window resizing.
2. Port filter.
3. select a IP or IP range to snf.
4. all datas in all windows Platform that income and outgo.
5. use a VXD/SYS style of capture library.

but also include the functions that hope by win32asm fans like me, ie:

1. 'easy to read' and 'hex view' written a file's format in every row <= 32 cols
2. saved files record first byte times and last byte times in every packet.
3. auto save data and clear memory (if data >= 2M, then save data into harddisk and clear memory, go on...)
4. snf become system-mode process, Can't be Terminate by another process.


best regards
Posted on 2004-12-03 01:53:25 by dcskm4200
Hey Dcskm4200,
thx for the comment, but I think your suggestions of the latest version are going too far. What you expected would have been possible if this was a major project, eventually with more than just one coder that has only time to code during nights...

Till now this version of the sniffer features the following:
- using Winsock2 Raw Socket Implementation
- protocol filter (only TCP)
- IP Interface Selection
- Resizeable window
- Promiscous Mode (sniffing not only incoming but also outgoing packets)

It was never supposed to be one of that doing-it-all-applications and as the source is quite short it's just a nice little tool. I use it to gather knowledge about application-specific network protocols, I just need to catch some packets and save them for examination.

Stay clean,
Dominik
Posted on 2004-12-03 04:26:47 by Dom
Filters on incoming packets would not be hard to implement, particularly ip and port filtering just looking at the headers more carefully.
It's really not such a bad idea.
Also, a separate window for showing the data more clearly might be warranted... this would allow you to see the packets better.

If you are interested in expanding this project somewhat, I am willing to help you (and I mean doing some coding, not just talk)
Posted on 2004-12-07 09:44:21 by Homer
Hi EvilHomer...
I'm sure your help would make this little tool much better so you are always welcomed to code. Actually I never wrote an assember tool with any other coders but this might be because asm coders are really rare... :)
Actually the idea for this sniffer came from some friend of mine; I wasn't too convinced of raw sockets on windows but when he passed me a sittle c source that could recognize all my packets I changed my mind and sat down to start up the tool.
So what are your ideas for improving the source? IP / Port filter is a good start, perhaps with an extra dialog to set up filters and a small listbox in the main dialog for showing the active filters? That would enable the combination of several filters...
Another great thing I thought about is another dialog that shows all systems which packets were sniffed, such as a table with all seen IPs, the matching MAC addr. and something like a network activity label, although this part is not necessary for sniffing.
What was never implemented is such thing like statistics, i.e. after sniffing: duration, sniffed packets & bytes, packet type (x% TCP, y% UDP...)...

For coding together we should set up some other communcation instead of this post so we won't step on other forum member's nerves... :)

Dominik
Posted on 2004-12-07 10:35:51 by Dom
PM me here and we'll exchange contact details..

My first move would be to convince you of the merit of oopasm, particularly for a database-style program, which this surely is.
That being said, we have two major options for oop models, and I personally favour ATC.

What I will FIRST do is rewrite your existing code to use my CListView class object for the listview control... I'll repost it shortly :)
Posted on 2004-12-08 03:21:04 by Homer
well, i*'m quite interested in your oop stuff....ih had a look at your homepage and found some good stuff, unfortunately i'm just comin from a party and am not in the state to code any more neither read any so-related things...hope you got my mail, just mail back...
Dom
Posted on 2004-12-08 16:22:43 by Dom
Done, and Done :lol:
Posted on 2004-12-09 01:28:55 by Homer