Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to intercept packets sent by an application and check their header and content? [closed]

I'd like to know how can I intercept packets sent by a certain application and then to check what those packets contain. I need some advice what to do because I've never done such a thing and I want to learn by myself.

like image 955
Jax Avatar asked Sep 15 '12 13:09

Jax


People also ask

What can be used to intercept packages as they are transmitted over the network?

A packet sniffer — also known as a packet analyzer, protocol analyzer or network analyzer — is a piece of hardware or software used to monitor network traffic. Sniffers work by examining streams of data packets that flow between computers on a network as well as between networked computers and the larger Internet.

What tool is used to capture and analyze packets?

Two of the most useful and quick-to-use packet capture tools are tcpdump and Wireshark. Tcpdump is a command line tool that allows the capture and display of packets on the network. Wireshark provides a graphical interface for capturing and analyzing packet data.


3 Answers

Pcap.Net

Pcap.Net is a .NET wrapper for WinPcap written in C++/CLI and C#. It Features almost all WinPcap features and includes a packet interpretation framework.

SharpPcap

SharpPcap is a cross-platform packet capture framework for the .NET environment, based on the famous pcap / WinPcap libraries. It provides an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.

Comparision of Pcap.Net and SharpPcap

Wireshark

It is used for network troubleshooting, analysis, software and communications protocol development, and education. And I think it is the most versatile packet sniffer I used till now.

Fiddler

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Recently Fiddler has been overtook by Telerik. But it is still free AFAIK.

like image 169
Harsh Baid Avatar answered Oct 14 '22 06:10

Harsh Baid


Some example of c# sniffer socket creation.

    mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw,
                           ProtocolType.IP);

    // Bind the socket to the selected IP address
    mainSocket.Bind(newIPEndPoint(IPAddress.Parse(cmbInterfaces.Text),0));

    // Set the socket options
    mainSocket.SetSocketOption(SocketOptionLevel.IP,  //Applies only to IP packets
                               SocketOptionName.HeaderIncluded, //Set the include header
                               true);                           //option to true

    byte[] byTrue = newbyte[4]{1, 0, 0, 0};
    byte[] byOut = newbyte[4];

    //Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
    mainSocket.IOControl(IOControlCode.ReceiveAll,  //SIO_RCVALL of Winsock
                         byTrue, byOut);

    //Start receiving the packets asynchronously
    mainSocket.BeginReceive(byteData, 0, byteData.Length, SocketFlags.None,
                            newAsyncCallback(OnReceive), null);
like image 30
Ruslan F. Avatar answered Oct 14 '22 06:10

Ruslan F.


You can use Fiddler to see HTTP traffic http://www.fiddler2.com/fiddler2/.

Alternatively Wireshark http://www.wireshark.org/ for more advanced stuff

Summary of Packet Analyzers here http://en.wikipedia.org/wiki/Packet_analyzer

More details of what you are trying to achieve would help us advise.

like image 29
GraemeMiller Avatar answered Oct 14 '22 06:10

GraemeMiller