tags:

views:

239

answers:

3
+3  Q: 

How to sniff local outgoing network traffic in .NET without using PCap?

Hi there,

I'd like to somehow hook into the local system's network stack to capture outgoing network packets without using Winpcap. Unfortunately it tends to crash my system every now and then.

Is there a way to "sniff" outgoing traffic of the local system from a user space process written in a .NET language?

Thanks a lot!

Hendrik

+2  A: 

What you want is the Network Monitor API. Here's a C# example of how to use the APIs: NMCaptureData. More here and here.

Mike Atlas  2010-06-01 21:48:01
+1  A: 

Yes, the System.Net classes have tracing capability built in. All you have to do is configure it in your app.exe.config file. It is explained well in this MSDN Library article.

Hans Passant  2010-06-01 21:53:33
I don't think this will allow SeveQ to sniff userland traffic, though - only within his own process space, right?
Mike Atlas  2010-06-01 22:13:02
Well, any program written in .NET supports tracing.
Hans Passant  2010-06-01 22:23:38
I don't think he wants to trace his own application's traffic, though.
Mike Atlas  2010-06-01 22:27:27
Yeah, looks like this only allows me to trace traffic of the local process. Nice to have but not what I'm actually looking for. I'd like to trace down HTTP requests of my browsers. SharpPcap somehow unfortunately makes my system crash with a BSOD every now and then.
SeveQ  2010-06-03 16:51:21
+2  A: 

I use smsniff from NIRSOFT. You need to be admin on the machine to sniff any traffic.

http://www.nirsoft.net/utils/smsniff.html

I have never seen .net used to sniff traffic. But maybe NetMon from Microsoft has a COM interface you call from .Net

But as always you need to be admin to sniff traffic, since it is needed to put the NIC in promiscuous mode.

ggonsalv  2010-06-01 21:57:14
Getting admin rights shouldn't be an issue since the program I'm working on is primarily for my own use. Well, if someone else would like to have a proggy that traces HTTP requests to specific filetypes and, after finding such a request, offers a way to actually download those files (like videos, mp4, flv) I'm sure I can make it public somewhere down the road. I don't want to go through the all the mess of writing a fully functional HTTP proxy, so sniffing is the only alternative.
SeveQ  2010-06-02 04:06:59
Try fiddler as a HTTP debugging proxy. IT rulez http://www.fiddler2.com/fiddler2/
ggonsalv  2010-06-02 04:40:06
Yes, Fiddler is great. I'm using FiddlerCore to trace the HTTP requests with my application by now. But I'd really like to capture them independently from the proxy settings of the browsers.
SeveQ  2010-06-03 16:57:00

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?