Best IT Recipes

How to intercept packets sent by the application and check what they have?

I would like to know how I can intercept packets sent by a specific application and then check what these packets contain? I need advice on what to do, because I never did this, which I want to know for myself.

+11
c # packet-sniffers sniffing
Sep 15 '12 at 13:05
source share
3 answers

Pcap.Net

Pcap.Net is a .NET wrapper for WinPcap written in C ++ / CLI and C #. It contains almost all WinPcap features and includes an infrastructure for interpreting packages.

Sharpcap

SharpPcap is a cross-platform packet capture platform for the .NET environment, based on the well-known pcap / WinPcap libraries. It provides an API for capturing, entering, analyzing and creating packages using any .NET language such as C # and VB.NET.

Comparison of Pcap.Net and SharpPcap

Wireshark

Used to troubleshoot network problems, analyze, develop software and communications, as well as education. And I think this is the most versatile packet sniffer I've used so far.

Fiddler

Fiddler is a web debugging proxy that logs all HTTP (S) traffic between your computer and the Internet. Fiddler allows you to check traffic, set breakpoints and violin using inbound or outbound data. Fiddler includes a powerful event-driven scripting subsystem and can be extended using any .NET language. Fiddler recently overtook Telerik. But he is still free AFAIK.

+15
Sep 15 '12 at 13:22
source share

An example of creating a socket from below C #.

mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP); // Bind the socket to the selected IP address mainSocket.Bind(newIPEndPoint(IPAddress.Parse(cmbInterfaces.Text),0)); // Set the socket options mainSocket.SetSocketOption(SocketOptionLevel.IP, //Applies only to IP packets SocketOptionName.HeaderIncluded, //Set the include header true); //option to true byte[] byTrue = newbyte[4]{1, 0, 0, 0}; byte[] byOut = newbyte[4]; //Socket.IOControl is analogous to the WSAIoctl method of Winsock 2 mainSocket.IOControl(IOControlCode.ReceiveAll, //SIO_RCVALL of Winsock byTrue, byOut); //Start receiving the packets asynchronously mainSocket.BeginReceive(byteData, 0, byteData.Length, SocketFlags.None, newAsyncCallback(OnReceive), null);
+5
Sep 15 '12 at 13:32
source share

You can use Fiddler to view HTTP traffic http://www.fiddler2.com/fiddler2/ .

Alternative Wireshark http://www.wireshark.org/ for more advanced materials

A summary of package analyzers is here http://en.wikipedia.org/wiki/Packet_analyzer

More information about what you are trying to achieve will help us advise.

+2
Sep 15 '12 at 13:16
source share


More articles:


All Articles