Menu
I'd like to somehow hook into the local system's network stack to capture outgoing network packets without using Winpcap. Unfortunately it tends to crash my system every now and then.
Is there a way to "sniff" outgoing traffic of the local system from a user space process written in a .NET language?
667
The most reliable way to sniff traffic is to use a network tap. A network tap is a “bump-in-the-wire” device designed only to copy traffic passing through it to a monitor port. You typically insert a network tap inline between two nodes in a network, such as between your firewall and your first switch.
To capture network traffic, you can use tcpdump. This is a packet sniffer that can observe and record network traffic on an interface. In the following example, we capture 1,000 packets using tcpdump. An easier way to analyze network traffic is to use an actual network traffic analyzer, such as Wireshark.
By default, Wireshark only captures packets going to and from the computer where it runs. By checking the box to run Wireshark in promiscuous mode in the capture settings, you can capture most of the traffic on the LAN.
Access your router by entering your router's IP address into a web browser. Once you sign in, look for a Status section on the router (you might even have a Bandwidth or Network Monitor section depending on the type of router). From there, you should be able to see the IP addresses of devices connected to your network.
What you want is the Network Monitor API. More here and here.
196
I use smsniff from NIRSOFT. You need to be admin on the machine to sniff any traffic.
http://www.nirsoft.net/utils/smsniff.html
I have never seen .net used to sniff traffic. But maybe NetMon from Microsoft has a COM interface you call from .Net
But as always you need to be admin to sniff traffic, since it is needed to put the NIC in promiscuous mode.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
