0xFF Posted August 12, 2011 Share Posted August 12, 2011 (edited) I've listed a list (and listed them by order usage) of Winsock APIs needed in order to create a RAW packet sniffer...Needed APIs of WS2_32.dll 1. WSAStartup();2. inet_addr(); (Local Address, e.g: 192.168.123.XXX or the address you wanna capture packets from)3. socket(); ( IPPROTO_IP [Protocol] , SOCK_RAW [Type] , AF_INET [Family] )4. ntohs(); 5. bind(); 6. WSAAsyncSelect(); ( [hWnd] Handle to the class Window to receive Events, [Events] FD_READ )7. setsocketopt(); ( [LEVEL] SOL_SOCKET , [OPTION] SOL_RCVBUF )8. WSAIoctl();9. getsrvbyport();To stop capturing:1. WSAAsyncSelect();2. getsrvbyport();OnApplicationTerminate:1. WSACleanup(); Edited August 12, 2011 by rotem156 Link to comment
deepzero Posted August 12, 2011 Share Posted August 12, 2011 yes, all these are networking apis, which may help you in creating a "raw sniffer". I fail to see the point of the list, though...obviously this is miles away from anything useful.you might as well have linked to the winsock2 msdn documentation:/>http://msdn.microsoft.com/en-us/library/ms740673%28v=vs.85%29.aspx 1 Link to comment
Killboy Posted August 14, 2011 Share Posted August 14, 2011 I agree with deepzero...Could you explain how you would actually sniff data with any of these? As far as I know you need a driver to peek into existing connections. Link to comment
0xFF Posted February 29, 2012 Author Share Posted February 29, 2012 @Killerboy:i just debugged smsniff... and i think it binds itself into existing connections... it's a fully user-mode sniffer...portable and only a couple of KB's. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now