I've listed a list (and listed them by order usage) of Winsock APIs needed in order to create a RAW packet sniffer...

Needed APIs of WS2_32.dll

1. WSAStartup();2. inet_addr(); (Local Address, e.g: 192.168.123.XXX or the address you wanna capture packets from)3. socket(); ( IPPROTO_IP [Protocol] , SOCK_RAW [Type] , AF_INET [Family] )4. ntohs(); 5. bind(); 6. WSAAsyncSelect(); ( [hWnd] Handle to the class Window to receive Events, [Events] FD_READ )7. setsocketopt(); ( [LEVEL] SOL_SOCKET , [OPTION] SOL_RCVBUF )8. WSAIoctl();9. getsrvbyport();To stop capturing:1. WSAAsyncSelect();2. getsrvbyport();OnApplicationTerminate:1. WSACleanup();

Edited August 12, 201114 yr by rotem156

yes, all these are networking apis, which may help you in creating a "raw sniffer". I fail to see the point of the list, though...obviously this is miles away from anything useful.

you might as well have linked to the winsock2 msdn documentation:

/>http://msdn.microsoft.com/en-us/library/ms740673%28v=vs.85%29.aspx

I agree with deepzero...

Could you explain how you would actually sniff data with any of these? As far as I know you need a driver to peek into existing connections.

@Killerboy:

i just debugged smsniff... and i think it binds itself into existing connections... it's a fully user-mode sniffer...

portable and only a couple of KB's.