Hi
I want to make a program for Win9x that will log all packets received from the network.
Including the IP header + tcp,udp or icmp header + the data in the packet.
Whether it includes a mac header or any other kind of header it doesn't matter.
The program could monitor just the network cards or also all network(including dial up).
I don't want to make a program that will just monitor packets sent/recv between applications and winsock.
So i looked in to the info on making drivers and the only place i could find
something that looks useful for monitoring the network is at www.osr.com/ddk/ddk.htm
It seems to me that what i need would be a Firewall-Hook Drivers?
On the page i also saw info on Miniport,Intermediate,Protocol Drivers :confused:
could it be that one of this things would be better for me?
Why does the document keep mentioning "TCP/IP protocol driver"
i mean shouldn't it mention instead "IP protocol driver"?:confused:
Does this have something to do with the fact that under Control Panel\Network
it says
TCP/IP -> 3Com EtherLink
TCP/IP -> Dial-up Adapter
Is this because ms use "TCP/IP" when they should use "IP"?
Does anyone have any info on this?
sample/example code would be useful.
Is the info they provide on osr.com good enough to make this kind of program
or is there more involved?
Is there any other places to get more info on this?
Also general info on how to make drivers to work with the info they provide could be useful.
thanks.
Hi,
So you want to do a some sort of super sniffer :), right? Hmmm for monitoring TCP/UDP, there are about a dozen of packet sniffer sources floating around, but almost all are coded in C/C++ plus, sources vary in OS (*nix-win32). I don't think there's any source for win32asm yet.
check out Packetstorm:http://packetstorm.securify.com/... and winDump:http://netgroup-serv.polito.it/windump/ (nice sniffer w/ source)
For the dial up sniff part, hmmmmm is that possible? I know that you'll need a special hardware in order to sniff out dialup traffic... not really sure.
Hope this helps and good luck to you!
hi,
about dial-up sniffer, it is not needed any special hardware,
you can hook com ports.
but you need to make a vxd driver (in win9x) for it, because it
requires ring0.
or you can jump from ring3 into ring0 trough various methods.
it already was done.
Clau.
Hi
Thanks clip.
winDump seems to work ok.
it gave me the option to monitor any of my network adapters
including the dial-up ones.
i just tried my network card one by i assume the dial-up ones
should work.
Clau i think i will just use the network adapter thing.
I think its more portable and easyer then trying to figure out
what ports i need to hook the network/modem.