IP Packet Monitor for Windows 2000

WEBINAR: On-demand webcast

How to Boost Database Development Productivity on Linux, Docker, and Kubernetes with Microsoft SQL Server 2017 REGISTER >

Environment: VC6 with Platform SDK , W2K ( only )

This program was developed because of the demand to have custom packet monitoring utility for purposes of application system . But it shows too how easy, it is to write sniffer in a modern operation system like Windows 2000. When I first time read this wonderful ( IMHO ) book of Jon C. Snader "Effective TCP/IP Programming. 44 Tips to Improve Your Network Programs" with envy I read the lines how simple is to write the sniffer in Linux. You simply put the line s = socket( AF_NET , SOCK_PACKET , htons( ETH_P_ALL ) ) ; and sniffer is ready. Simple and elegant decision . No need in NDIS , DDK , pcaplib and all this stuff , well known to everyone , who tried to do it in Win9x or NT. But in Windows 2000 to write sniffer is quicker then saying Jack Robinson. WSAIoctl from WinSock2 with SIO_RCVALL parameter do the job , so from this moment only knowledge of IP,TCP,ICMP packets are needed to make your own custom sniffer.

I will show here such monitoring utility which was build on standard MFC dialog box application. I did such an app with VC6 application wizard and add two IP address controls , one start/stop button , check box and listbox to show the packet's contents. First IP Address control is for IP of this monitoring computer. I have multihomed computers in LAN both Servers and Professional Windows 2000 , so I need to enter one of few IP's of monitoring computer. Next IP Address control is for IP of host you want to monitor ( in Windump it's like with parameter 'host hostname') , only if this IP is zero, I verify the check box and if it's empty I show data from all packets of all computers in the system , otherwise I show the data of IP packets of monitoring computer( in Windump it's like with parameter 'host thishostname').

When all needed data exists , it is possible to press the Start button , which changes it's text to 'Stop' ( from this moment this button is to stop the monitoring thread ). Pressing the button next time changes the text to Start. For monitoring I use working thread , so I decided to use synchronous socket. Because I use WinSock2 , I have the opportunity to reduce receiving time-out. I set timeout to 5 second , usually it's 45. This thread function I announced as a friend of main dialog class to simplify setting/receiving data in class-members of main dialog class where I set few class members for application functioning. Because my main thread is doing almost nothing , only start or stop worker thread or close dialog , I'm writing data from packets directly to the listbox. But be careful in the case of some work of main thread with controls it can cause the deadlock. This happened to me when I used WaitForSingleObject with time-out INFINITE after I did PostThreadMessage with WM_CLOSE and in the worker thread tried to write in the listbox "Monitoring stopped". Such situation caused the deadlock , and I needed to change such behavior with disabling/enabling the Start/Stop button in the periods of posting WM_CLOSE to worker thread and it's finish.

The class-members and class-functions, I added , is self described and the the only one class-member CDWordArray m_IPArr needs little explanation. This is array of DWORDs , where every element is IP address of adapter in the multihome configuration. To receive all these IP addresses I used IPHLPAPI library from Platform SDK .

One last note connected to the AfxSock.h in mfc\include directory. There exist a line #include <winsock.h>. But I need winsock2.h for my application. To decide this problem I copied AfxSock.h to ipmon directory , change #include <winsock.h> to #include <winsock2.h> and in the StdAfx.h in ipmon directory changed the line #include <afxsock.h> to the line : #include "afxsock.h" to use my afxsock.h.

MSTCPIP.h,iphlpapi.h and lib exists on Platform SDK. You have to install it. Happy sniffing !

Downloads

Download source code - 40 Kb
Download application - 8 Kb


Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • As all sorts of data becomes available for storage, analysis and retrieval - so called 'Big Data' - there are potentially huge benefits, but equally huge challenges...
  • The agile organization needs knowledge to act on, quickly and effectively. Though many organizations are clamouring for "Big Data", not nearly as many know what to do with it...
  • Cloud-based integration solutions can be confusing. Adding to the confusion are the multiple ways IT departments can deliver such integration...

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date