tags:

views:

31

answers:

1
Q: 

Sniffing packets from a single executable

I have found SocketSniff to be very useful for troubleshooting network applications (like web browsers, email clients, etc). It can sniff wireless and loopback traffic without using a proxy or WinPCap. It will show you only the traffic from the executable you select, which is exactly what I need.

I would love to build and extend a similar tool. Does anyone know how this tool works? Is there a simple SDK call to listen in on all TCP traffic from an executable?

+1  A: 

I expect that it uses code injection and IAT patching to hook the various winsock functions and then simply intercepts the calls and dumps the data that is being passed.

OR, it may use a layered service provider...

Len Holgate  2010-03-09 21:45:48

related questions

How do I get the external IP of a socket in Python?
How Do Sockets Work in C?
How do you send and receive UDP packets in Java on a multihomed machine?
Can't Re-bind a socket to an existing IP/Port Combination
Reading from a socket in C#
Sockets and Processes in Java
Stream data (such as music) using PHP (or another language)
How to forcibly close a socket in TIME_WAIT?
How do I make persistent network sockets on Unix in Ruby?
What's the idiomatic way to do async socket programming in Delphi?
How do you minimize the number of threads used in a tcp server application?
WSACancelBlockingCall exception
C# Performance For Proxy Server (vs C++)
How to get your own (local) IP-Address from an udp-socket (C/C++)
Free Network Monitor
Reconnect logic with connectivity notifications
Maximum buffer length for sendto?
Configure a Java Socket to fail-fast on disconnect?
Sockets in Pascal
Firefox plugin - sockets
How can I determine the IP of my router/gateway in Java?
ActionScript 3.0 sockets can't reconnect
Reverse DNS in Ruby?
Asynchronous multi-direction server-client communication over the same open socket?
How to use the C socket API in C++ on z/OS