0xFF Posted August 12, 2011 Posted August 12, 2011 (edited) I've listed a list (and listed them by order usage) of Winsock APIs needed in order to create a RAW packet sniffer...Needed APIs of WS2_32.dll 1. WSAStartup();2. inet_addr(); (Local Address, e.g: 192.168.123.XXX or the address you wanna capture packets from)3. socket(); ( IPPROTO_IP [Protocol] , SOCK_RAW [Type] , AF_INET [Family] )4. ntohs(); 5. bind(); 6. WSAAsyncSelect(); ( [hWnd] Handle to the class Window to receive Events, [Events] FD_READ )7. setsocketopt(); ( [LEVEL] SOL_SOCKET , [OPTION] SOL_RCVBUF )8. WSAIoctl();9. getsrvbyport();To stop capturing:1. WSAAsyncSelect();2. getsrvbyport();OnApplicationTerminate:1. WSACleanup(); Edited August 12, 2011 by rotem156
deepzero Posted August 12, 2011 Posted August 12, 2011 yes, all these are networking apis, which may help you in creating a "raw sniffer". I fail to see the point of the list, though...obviously this is miles away from anything useful.you might as well have linked to the winsock2 msdn documentation:/>http://msdn.microsoft.com/en-us/library/ms740673%28v=vs.85%29.aspx 1
Killboy Posted August 14, 2011 Posted August 14, 2011 I agree with deepzero...Could you explain how you would actually sniff data with any of these? As far as I know you need a driver to peek into existing connections.
0xFF Posted February 29, 2012 Author Posted February 29, 2012 @Killerboy:i just debugged smsniff... and i think it binds itself into existing connections... it's a fully user-mode sniffer...portable and only a couple of KB's.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now