-
September 7th, 2004, 11:11 PM
#1
packet capture in windows
Can any body tell me how to capture ip packets on windows 2000.
This is not ment just sniffing the ip packets, i have to get the original packets itself.
Please send me refference code(preferably in C/C++/VC++) or some link.
Thanx
Vipin
-
September 8th, 2004, 04:40 AM
#2
Re: packet capture in windows
Originally Posted by vipinrl
This is not ment just sniffing the ip packets, i have to get the original packets itself.
That's a very vague statement for you to expect reference code for. Explain what you want to do more precisely and ask specific questions that we can answer, please.
-
September 9th, 2004, 04:00 AM
#3
Re: packet capture in windows
Originally Posted by Lee Peart
That's a very vague statement for you to expect reference code for. Explain what you want to do more precisely and ask specific questions that we can answer, please.
thanx Mr. Lee peart for ur reply.
what i want do are listed below.
1.capture the ip packets
and extract the source and destination feilds(it is already done by me)
2.hold the captured packets temporarily for releasing later
3.create an icmp caddie message using the feilds extracted.
if any one know how to hold the packets pls help me.
-
September 13th, 2004, 08:13 AM
#4
Re: packet capture in windows
To do that you have to intercept the packet before it reaches the application. One way is to write a NDIS/TDI level hook driver. That way, you can examine each packet that comes. Another and easier approach is to write an LSP program and install the layer. This layer is more higher compared to the TDI level layer. Hence you can intercept only winsock calls. You can look at the following links to get you started
Unraveling the Mysteries of Writing a Winsock 2 Layered Service Provider
Sample LSP code
Hope that helps
Even if our suggestions didn't help, please post the answer once you find it. We took the effort to help you, please return it to others.
* While posting code sections please use CODE tags
* Please check the codeguru FAQ and do a little search to see if your question have been answered before.
* Like a post, Rate The Post
* I blog: Network programming, Bible
I do all things thru CHRIST who strengthens me
-
September 17th, 2004, 07:18 AM
#5
Re: packet capture in windows
If by "hold the packets" you mean not submit them to TCP, [ and I think that's the right thing to do] then you need to insert your business logic, between the NIC driver and the TCP protocol driver.
The NDIS intermediate driver "passthru" sample in the Windows 2000 DDK worked when I tried it last. This provides a framework for you to plug in your own business logic.
I believe that when this is installed and configured properly the TCP protocol binds to the intermediate driver and not directly to the NIC.
The passthru driver must indicate up the packets for them to be seen at the TCP lower edge.
So in the passthru driver you can hold the packets simply by putting them on an internal list, and indicating them up at a later time.
Hope this helps.
-
May 4th, 2005, 12:24 PM
#6
Re: packet capture in windows
Originally Posted by vipinrl
thanx Mr. Lee peart for ur reply.
what i want do are listed below.
1.capture the ip packets
and extract the source and destination feilds(it is already done by me)
Hi!
I am intrested in capturing the ip packets and extract the source and destination feilds.
Can you give details how to make that?
Thanks for your answer!
-
May 10th, 2005, 02:25 AM
#7
Re: packet capture in windows
i was able to capture the ip packets and display its fields.
i wrote the code in c++.
if intersted in this topic pls reply with details.
my id: vipinrl@yahoo.co.uk
regards
Vipin
-
June 19th, 2005, 09:20 PM
#8
Re: packet capture in windows
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|