Menu
Is there any tool that can monitor/capture/sniff named pipe traffic?
Even when max instance = 1?
712
You can use "Pipe Monitor" which lets you see what is flowing through Windows named pipes. Also, to restrict the access to your named pipe, you can specify a security descriptor for a named pipe when you call the CreateNamedPipe function.
Pipes are the answer. As long as you use the de facto standard libpcap format, you should be able to write the capture to a named pipe, and view the packets in real time with Wireshark reading from this pipe.
Named Pipes is a Windows mechanism that enables two unrelated processes to exchange data between themselves, even if the processes are located on two different networks. It's very simar to client/server architecture as notions such as a named pipe server and a named pipe client exist.
Named pipes can be used to provide communication between processes on the same computer or between processes on different computers across a network. If the server service is running, all named pipes are accessible remotely.
There's no official way.
Use API hooking. Hook ReadFile and/or WriteFile, maybe also CreateFileA/W (assuming that the app is a pipe client) and do the necessary things on their invocation.
Microsoft has also its own library for API hooking - Detours .
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
