how to capture packets in a Windows application that must be installed as non-admin?

Question

Hi,

Is it possible to write a Windows app that can capture packets on the PC such that this application can be installed/run as non-admin? If yes, what would be the approach, e.g. which language, which API/Library to use etc (e.g. would it be with the Windows Sockets 2 (Winsock) library?)

I've looked at Network Monitor API's however the issue here is that NM needs to be installed, and this requires "admin" access (to get the driver in place).

Note what I'm after is to capture/monitor packets to sum frame sizes for all packets of a particular type [e.g. HTTP] going out to a specific set of IPs.

thanks

Answer 1

Not sure this helps, but you can run any application with different privileges than that of the currently logged in user. See "Run as" tools.