Hey all,

I'm a college student in florida and for a final project in a client-server class, i wanted to make a simple little network sniffer\firewall program that will grab som information(time, source, port, request type, etc) whenever someone tries to ping or send other traffic to my machine, log that info to a mysql db, then be able to view, query the data etc.

I've had some success using c++ sockets, but i have to bind each one to a particular port. My question is : can i catch all traffic regardless of ports (like ping requests - i cant seem to catch ping requests at all) that comes to my machine? I'm not looking to make the next zone alarm here or anything, i just want to get the relevant info about the request (and block the request if possible)

Any help would be greatly appreciated...

First of all, to do this, you'd probably need to be running at root level, which, hopefully, the college does not let it's students do on school machines.

Truth,
James
http://www.NJTheater.com
http://www.NovelTheory.com
I don't do it for the points (OK, maybe I do), but rating a post is a good way for me to know if I helped.

How far have u gone so far?

well, i can get c++ sockets to listen on individual port#'s, but not block traffic or anything, they just report that traffic came in, which is fine for a start, but not exactly what i wanted.

Also, i forgot to mention that im running win98 with a cable modem on my home computer, which is where im writing the program

forgot to put in that im writing it on win98, cable modem

sorry about that...

i'm pretty green on this too... but isnt it that only one application can listen to one port simutaneously? So if u have one socket listening in on a particular port... then effectively this socket is blocking that port?

Can someone verify this? I think this should be a question posted on the VC++ forum instead of here.

As I recall, Win98 doesn't have a full sockets implementation. (NT, w2000, and XP do).

Truth,
James
http://www.NJTheater.com
http://www.NovelTheory.com
I don't do it for the points (OK, maybe I do), but rating a post is a good way for me to know if I helped.

The sockets implementation doesnt really matter in this case. Sockets arent used for things like sniffing, instead you will have to write your own driver. To write drivers you need the DDK from Microsoft.
You can also search around for WinPCap, which is a packet capture driver for Windows. It comes with full source.

"My own view on religion is that of Lucretius. I regard it as a disease born of fear and as a source of untold misery to the human race. I cannot, however, deny that it has made some contributions to civilization. It helped in early days to fix the calendar, and it caused Egyptian priests to chronicle eclipses with such care that in time they became able to predict them. These two services I am prepared to acknowledge, but I do not know of any others." -- Bertrand Russell (From his essay Has Religion Made Useful Contributions to Civilization?, first published in 1930)