No announcement yet.

Alan Earnshaw - "you can hook the TCP/IP stack and monitor packets" ?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Alan Earnshaw - "you can hook the TCP/IP stack and monitor packets" ?

    alan, you originally posted this at
    just a thought, but you can hook the tcp/ip stack and monitor the packets that pass through your computer. although that's not the raw data stream, it might give you the information you need.
    of course, a tcp/ip session can send a lot of data across the line, and you might get buried trying to find what you're looking for.
    "hook the tcp/ip stack" - how !?!?
    id be very interested in this sort of thing


  • #2
    Windows doesn't natively allow a network card to drop in promiscuios mode
    to do this, you need a packet driver.

    Almost all packet sniffers use WinPcab NDIS Packet Capture Driver, they have drivers
    for all version of windows. All code is in C, and as far as I know nobody has
    converted it to PB. I was going to start converting it at one time but got
    side tracked. If you need some help email me privately: [email protected]

    Hope that helps.


    [This message has been edited by Gregery D Engle (edited October 04, 2001).]
    [email protected]


    • #3
      Greg, thanks - I thought he may have been referring to some other funky technique that i was unaware of
      I haven't been able to port the Winpcap headers to PB either as Im very inexperienced and 100% self-taught when it comes to C/C++, but every night before I go to sleep I pray that somebody here who knows what they're doing will port it over to my beloved PB, to make my life complete.
      The best Ive been able to do so far is a C executable that uses the winpcap driver (a VERY cool driver!), and when it receives data from the driver, it sends it to my Powerbasic DLL. Its working now, but its very 'raw' and im not sure how stable it would be, Ive only tested it with bugger-all traffic on my 10mbps LAN. I would love to just have the one Powerbasic exe receiving the data though, especially as I dont have much freedom with the C exe due to my own limitations in that I can't code in C to save my life
      Enjoy the weekend!



      • #4

        I have found that WinPcap has 'issues' to say the least when it comes to Windows 2000
        and some devices - such as modems. In fact, it won't even bind to them!

        The new version of it, recently released, doesn't seem to fix this either.

        Have you looked at the new APIs in Windows 2000 and XP for Packet Filtering et al ?

        - Nathan


        • #5
          Nathan no I haven't looked at the Win2K/XP packet API's, I know you can virtually get 'raw sockets' out of those similar to 'nix in that you can build your own packets (and thus the script kiddies can spoof their IPs etc, bleh!) - I think that may do more harm than good
          But im still on NT4 so Ive never dabbled in any Win2K/XP-specific APIs --- im installing Win2K next week though when I get a new development machine
          So WinPCap it is for me -- I haven't experienced any 'issues' with it though? It works fine on all the machines that Ive ever tested it on



          • #6
            I have had problems getting it to Bind to a Dialup Adapter (as in any modem)..
            But only on Win2k/XP - apparently it is some sort of limitation with the 'mini NDIS driver' that Pcaplib uses.

            This is on their FAQ page @ :

            Q-4: Can I use WinPcap on a PPP connection?

            A: We have tested WinPcap on PPP connections under Windows 95, Windows 98 and Windows ME. In Windows 95, due to a bug in NDIS, WinPcap sometimes resets the PPP connection. In Windows 98/ME this bug appears to be corrected, and WinPcap seems to work properly. Under Windows NT and Windows 2000 there are problems with the binding process, that prevents a protocol driver from working properly on the WAN adapter.

            Good luck with the new box!

            - Nathan