ARTICLE

Simple Sniffer in C#

Posted by Leonid Molochniy in Articles | Networking on December 03, 2001

Tags: C#, Creating Socket, Defining IP Header, IOControl Function, IP Header, Networking, Pointer, Retrieving Data from Packets., Sniffer, Sniffer in C#

This program shows you how to retrieve data from a packet using Sockets.

Tweet
68733
7

Reader Level: Intermediate

Download Files:

SimpSnifferRawSocketsLM.zip

In this application, first of all I define a structure using struct to store IP header in it.

[StructLayout(LayoutKind.Explicit)]
public struct IpHeader
{
[FieldOffset(0)] public byte ip_verlen; // IP version and IP Header length
[FieldOffset(1)] public byte ip_tos; // Type of service
[FieldOffset(2)] public ushort ip_totallength; // total length of the packet
[FieldOffset(4)] public ushort ip_id; // unique identifier
[FieldOffset(6)] public ushort ip_offset; // flags and offset
[FieldOffset(8)] public byte ip_ttl; // Time To Live
[FieldOffset(9)] public byte ip_protocol; // protocol (TCP, UDP etc)
[FieldOffset(10)] public ushort ip_checksum; //IP Header checksum
[FieldOffset(12)] public long ip_srcaddr; //Source address
[FieldOffset(16)] public long ip_destaddr;//Destination Address
}

To know more about IP header read RFC791. I have used attribute StructLayoutAttribute to arrange the members of this structure in the necessary positions.

After that I create a socket using the Socket class as following:

socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);

It should be Raw socket and bind socket to defined IP And called function IOControl(it must be called after you call Bind) IOControl it's analogue of WSAIoctl API function.

I must put first parameter of IOControl to SIO_RCVALL(0x98000001), in Platform SDK is told, that second parameter should be BOOL and should be equal TRUE. Therefore I create array {1, 0, 0, 0}.

Now we can receive packet. After we receive packet, we should analyze it.

For first need fixed packet in memory, differently GC can him transfer in memory and get the pointer to him

fixed(byte *fixed_buf = buf)

convert pointer from byte * to IpHeader *

Ok, now we have pointer to IP header and find length, protocol, source ip, destination ip and other.

I calculated length of the data in packets as follows is "protocol header length (TCP, UDP, ICMP etc)" + "data" without length "ip header length". Total length is "ip header length" + "protocol header length(TCP, UDP, ICMP etc)" + "data"

For TCP and UDP I calculate ports.

This program should work on Windows 2000 and Windows XP. I am not sure about Windows ME.

post comment

Nice code

Posted by Harseh Vlaera on May 16, 2009

thank you dung cai minh dang tim

Posted by azu zero on Oct 31, 2008

"just change the long to normal unsigned int" for "[FieldOffset(12)] public long ip_srcaddr; //Source address [FieldOffset(16)] public long ip_destaddr;//Destination Address"
in "definition.cs"

Posted by Andrey on Oct 17, 2008

just change the long to normal unsigned int, that should fix the problem, i still have a problem with the destination port though

Posted by Freundschaft on Sep 17, 2008

Hi,

I had the same error when I tried to run this program, i would like to know if you solve this problem...

Thanks and sorry for my english

Posted by ivjcosta ivsjcosta on Aug 26, 2008

View All

TOP LEADERS

View All

TRENDING UP

Learn .NET in 60 days – Part 1 (13 Labs) Learn MVC (Model view controller) Step by Step in 7 days – Day 3 Learn C# Corner - Home Using Border Radius and Gradients in CSS3: Part I Learn C# Corner - Footer iPhone 5 First Look Learn .NET and C# in 60 Days Lab13(Day 5): - Classes and objects Samsung Galaxy Note Review WCF - Authentication and Authorization in Enterprise Architecting How to write a good article on C# Corner

View All

Sponsored by

Become a Sponsor

MOST LIKED ARTICLE

Learn .NET in 60 days – Part 1 (13 Labs) Working with ProgressBar in C# Resizable TextBox in ASP.NET using AjaxControlToolKit Word Processing with an Extended Rich Text Box Control Notepad in C#

PREMIUM SPONSORS

Nevron Chart for .NET 2010.1 Now Available

The leading .NET charting control now features PDF, Flash and Silverlight export, visualization of large datasets and more. Deliver true charting functionality to your BI, Scorecard, Presentation or Scientific apps. Download evaluation now.

ASP.NET 4 Hosting

Get 2 Months Free of ASP.NET Hosting for Only $4.95/month! Receive FREE MS SQL and MySQL Databases Including ASP.NET 4/3.5, MVC 3.0, Silverlight 4, Windows 2008/IIS 7.0 Plus FREE IIS 7 Modules. Host UNLIMITED ASP.NET Web Sites - Click Here!

LATEST JOBS

Applying for job Metro Style App Developer .NET Developer WPF or Silverlight exp Boston MA ASP .Net Developers Split Testing Designer .NET Developer Web Developer Application Engineer Expert .NET Developer Application Developer

View All Jobs |Post a New Job

Simple Sniffer in C#

Related Articles