Jump to content
Tuts 4 You

Writing a RAW Packet Sniffer...


Recommended Posts

I've listed a list (and listed them by order usage) of Winsock APIs needed in order to create a RAW packet sniffer...

Needed APIs of WS2_32.dll

1. WSAStartup();2. inet_addr(); (Local Address, e.g: 192.168.123.XXX or the address you wanna capture packets from)3. socket(); ( IPPROTO_IP [Protocol] , SOCK_RAW [Type] , AF_INET [Family] )4. ntohs(); 5. bind(); 6. WSAAsyncSelect(); ( [hWnd] Handle to the class Window to receive Events, [Events] FD_READ )7. setsocketopt(); ( [LEVEL] SOL_SOCKET , [OPTION] SOL_RCVBUF )8. WSAIoctl();9. getsrvbyport();To stop capturing:1. WSAAsyncSelect();2. getsrvbyport();OnApplicationTerminate:1. WSACleanup();
Edited by rotem156
Link to comment

yes, all these are networking apis, which may help you in creating a "raw sniffer". I fail to see the point of the list, though...obviously this is miles away from anything useful.

you might as well have linked to the winsock2 msdn documentation:


  • Like 1
Link to comment

I agree with deepzero...

Could you explain how you would actually sniff data with any of these? As far as I know you need a driver to peek into existing connections.

Link to comment
  • 6 months later...


i just debugged smsniff... and i think it binds itself into existing connections... it's a fully user-mode sniffer...

portable and only a couple of KB's.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...