The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

C# Raw Sockets

I am planning to write a C# program that will sniff for Http Packets.I am not planning to use a WinPCAP library.Is there any other way i can do it using just the api's provided by windows.I am quite new especially to the world of networking using C#.Thanks for all the help in advance.
Wednesday, March 29, 2006
You'll need to write a driver hook, which needs to run in kernel mode, so you'd better do it in plain C.
smalltalk Send private email
Wednesday, March 29, 2006
This is one of those topics where you have to be very specific about what you need. Some people say "sniff" when they mean "consume".

Do you really want to just "sniff" the packets? In other words, are you wanting to spy on them and then pass them along unchanged to the program that will eventually handle them? If this is the case then you really will need to write a network filter driver as the other poster suggested. I'd say that you should really just buy one of the commercial apps available for this (or use OSS).

Or, do you really just want to receive http packets and look at their contents without passing them on to anyone else? If this is the case then you can do this in C# easily using the classes under the System.Net namespaces. There are a lot of ways to do it ranging from instantiating a HttpListener which is basically a mini web server to using TCP or raw sockets (TcpListener, Socket, etc.).
Turtle Rustler
Wednesday, March 29, 2006
I am actually looking for the 'sniff' functionality without consuming the packet.Thanks for the response.

Friday, March 31, 2006
Some how these folks do it without a kernel driver I THINK.

I use HTTP Debugger a lot.  When you launch it, it sits idle.  You click connect and it will prompt you to connect to a running program.  Choose an instance of Firefox or IE and it starts logging traffic.

If you have 2 copies of IE or Firefox up, you can attach to one instance and only show HTTP data for the one instance.

Very cool software!  I wonder how they accomplish this?  The install does not install WinPCAP or any other driver that I can see.  In fact, the software installs really quick giving the impression that it simply is copying an EXE into place.  i.e. no reboots to get a kernel driver working.
Saturday, April 01, 2006
it even has this to say on the web site:

"Doesn't install any drivers neither LSPs, doesn't change system or browser settings and doesn't mess-up your system. Cannot crash it."
Saturday, April 01, 2006
You may also look at this.

Sysinternals has TONS of great FREE utilities like serial port monitors, tcp monitors, and lots of other stuff. If you have never been to their site you owe it to yourself to go there and look around for a while. They also typically don't require any additional installation components. Just run the .exe file! But they ARE still made to be filter drivers. They don't install as a standard filter driver does though. They typically attach directly to the filter stack at run time. This is very hard to do and the guys that write this kind of stuff are Windows gurus.
Turtle Rustler
Saturday, April 01, 2006
> Sysinternals has TONS of great FREE utilities

They are free for end users. Licensing from SysInternals is NOT cheap though.
Ryan Smyth Send private email
Sunday, April 02, 2006
I would imagine that the HTTP debugger tool uses API hooking techniques to grab the data as it goes into and comes out of the networking APIs... Does it display https traffic as well as http traffic?
Len Holgate Send private email
Friday, April 07, 2006
You don't need a driver hook.
You just need to place yourself on the ip stack (hint: LSP)
Free Thinker
Saturday, April 08, 2006

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz