IP Packet Monitor for Windows 2000

Environment: VC6 with Platform SDK , W2K ( only )

This program was developed because of the demand to have custom packet monitoring utility for purposes of application system . But it shows too how easy, it is to write sniffer in a modern operation system like Windows 2000. When I first time read this wonderful ( IMHO ) book of Jon C. Snader "Effective TCP/IP Programming. 44 Tips to Improve Your Network Programs" with envy I read the lines how simple is to write the sniffer in Linux. You simply put the line s = socket( AF_NET , SOCK_PACKET , htons( ETH_P_ALL ) ) ; and sniffer is ready. Simple and elegant decision . No need in NDIS , DDK , pcaplib and all this stuff , well known to everyone , who tried to do it in Win9x or NT. But in Windows 2000 to write sniffer is quicker then saying Jack Robinson. WSAIoctl from WinSock2 with SIO_RCVALL parameter do the job , so from this moment only knowledge of IP,TCP,ICMP packets are needed to make your own custom sniffer.

I will show here such monitoring utility which was build on standard MFC dialog box application. I did such an app with VC6 application wizard and add two IP address controls , one start/stop button , check box and listbox to show the packet's contents. First IP Address control is for IP of this monitoring computer. I have multihomed computers in LAN both Servers and Professional Windows 2000 , so I need to enter one of few IP's of monitoring computer. Next IP Address control is for IP of host you want to monitor ( in Windump it's like with parameter 'host hostname') , only if this IP is zero, I verify the check box and if it's empty I show data from all packets of all computers in the system , otherwise I show the data of IP packets of monitoring computer( in Windump it's like with parameter 'host thishostname').

When all needed data exists , it is possible to press the Start button , which changes it's text to 'Stop' ( from this moment this button is to stop the monitoring thread ). Pressing the button next time changes the text to Start. For monitoring I use working thread , so I decided to use synchronous socket. Because I use WinSock2 , I have the opportunity to reduce receiving time-out. I set timeout to 5 second , usually it's 45. This thread function I announced as a friend of main dialog class to simplify setting/receiving data in class-members of main dialog class where I set few class members for application functioning. Because my main thread is doing almost nothing , only start or stop worker thread or close dialog , I'm writing data from packets directly to the listbox. But be careful in the case of some work of main thread with controls it can cause the deadlock. This happened to me when I used WaitForSingleObject with time-out INFINITE after I did PostThreadMessage with WM_CLOSE and in the worker thread tried to write in the listbox "Monitoring stopped". Such situation caused the deadlock , and I needed to change such behavior with disabling/enabling the Start/Stop button in the periods of posting WM_CLOSE to worker thread and it's finish.

The class-members and class-functions, I added , is self described and the the only one class-member CDWordArray m_IPArr needs little explanation. This is array of DWORDs , where every element is IP address of adapter in the multihome configuration. To receive all these IP addresses I used IPHLPAPI library from Platform SDK .

One last note connected to the AfxSock.h in mfc\include directory. There exist a line #include <winsock.h>. But I need winsock2.h for my application. To decide this problem I copied AfxSock.h to ipmon directory , change #include <winsock.h> to #include <winsock2.h> and in the StdAfx.h in ipmon directory changed the line #include <afxsock.h> to the line : #include "afxsock.h" to use my afxsock.h.

MSTCPIP.h,iphlpapi.h and lib exists on Platform SDK. You have to install it. Happy sniffing !

Downloads

Download source code - 40 Kb
Download application - 8 Kb


Comments

  • GXBiB Kej oFHx

    Posted by vvKIBjlxWY on 11/16/2012 11:14am

    soma online buy soma cube uk - where to buy somatropin in canada

    Reply
  • WqaJm gih INqa

    Posted by bpyFdBncdZ on 11/15/2012 06:10pm

    buy soma buy soma online cheap no prescription - buy soma store

    Reply
  • fenOh UfU YGoH

    Posted by nMySHGbwDR on 11/15/2012 04:44am

    soma online carisoprodol y diclofenaco - carisoprodol onset

    Reply
  • FvDtI ZfI WtZZ

    Posted by eDnrBUktQF on 11/14/2012 03:03am

    online soma buy somatropin uk - buy somatropin 191aa

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • The exponential growth of data, along with virtualization, is bringing a disruptive level of complexity to your IT infrastructure. Having multiple point solutions for data protection is not the answer, as it adds to the chaos and impedes on your ability to deliver consistent SLAs. Read this white paper to learn how a more holistic view of the infrastructure can help you to unify the data protection schemas by properly evaluating your business needs in order to gain a thorough understanding of the applications …

  • Live Event Date: May 6, 2014 @ 1:00 p.m. ET / 10:00 a.m. PT While you likely have very good reasons for remaining on WinXP after end of support -- an estimated 20-30% of worldwide devices still are -- the bottom line is your security risk is now significant. In the absence of security patches, attackers will certainly turn their attention to this new opportunity. Join Lumension Vice President Paul Zimski in this one-hour webcast to discuss risk and, more importantly, 5 pragmatic risk mitigation techniques …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds