How to intercept packets sent by an application and check their header and content? [closed]

I'd like to know how can I intercept packets sent by a certain application and then to check what those packets contain. I need some advice what to do because I've never done such a thing and I want to learn by myself.

What can be used to intercept packages as they are transmitted over the network?

A packet sniffer — also known as a packet analyzer, protocol analyzer or network analyzer — is a piece of hardware or software used to monitor network traffic. Sniffers work by examining streams of data packets that flow between computers on a network as well as between networked computers and the larger Internet.

What tool is used to capture and analyze packets?

Two of the most useful and quick-to-use packet capture tools are tcpdump and Wireshark. Tcpdump is a command line tool that allows the capture and display of packets on the network. Wireshark provides a graphical interface for capturing and analyzing packet data.

Pcap.Net

Pcap.Net is a .NET wrapper for WinPcap written in C++/CLI and C#. It Features almost all WinPcap features and includes a packet interpretation framework.

SharpPcap

SharpPcap is a cross-platform packet capture framework for the .NET environment, based on the famous pcap / WinPcap libraries. It provides an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.

Comparision of Pcap.Net and SharpPcap

Wireshark

It is used for network troubleshooting, analysis, software and communications protocol development, and education. And I think it is the most versatile packet sniffer I used till now.

Fiddler

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Recently Fiddler has been overtook by Telerik. But it is still free AFAIK.

Some example of c# sniffer socket creation.

    mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw,
                           ProtocolType.IP);

    // Bind the socket to the selected IP address
    mainSocket.Bind(newIPEndPoint(IPAddress.Parse(cmbInterfaces.Text),0));

    // Set the socket options
    mainSocket.SetSocketOption(SocketOptionLevel.IP,  //Applies only to IP packets
                               SocketOptionName.HeaderIncluded, //Set the include header
                               true);                           //option to true

    byte[] byTrue = newbyte[4]{1, 0, 0, 0};
    byte[] byOut = newbyte[4];

    //Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
    mainSocket.IOControl(IOControlCode.ReceiveAll,  //SIO_RCVALL of Winsock
                         byTrue, byOut);

    //Start receiving the packets asynchronously
    mainSocket.BeginReceive(byteData, 0, byteData.Length, SocketFlags.None,
                            newAsyncCallback(OnReceive), null);

You can use Fiddler to see HTTP traffic http://www.fiddler2.com/fiddler2/.

Alternatively Wireshark http://www.wireshark.org/ for more advanced stuff

Summary of Packet Analyzers here http://en.wikipedia.org/wiki/Packet_analyzer

More details of what you are trying to achieve would help us advise.

How to intercept packets sent by an application and check their header and content? [closed]

Tags:

c#

sniffing

packet-sniffers

Jax

People also ask