Could anyone suggest a good packet sniffer class for c++? Looking for a easy insertable class I can use in my c++ program, nothing complicated.
+2
A:
You'll need to say something about your platform, as this is a platform rather than a language thing.
But assuming you're on something common, look into pcap or winpcap.
Will Dean
2008-12-05 21:58:28
+14
A:
You will never be able to intercept network traffic just by inserting a class into your project. Packet capture functionality requires kernel mode support, hence you will at the very least need to have your application require or install libpcap/WinPcap, as Will Dean pointed out.
Most modern Unix-like distributions include libpcap out of the box, in which case you could take a look at this very simple example: http://www.tcpdump.org/pcap.htm
If you're using Windows, you're more or less on your own, although WinPcap programming is extremely similar to libpcap programming (unsurprisingly, since it's a libpcap port to Win32.) The SDK can be found here: http://www.winpcap.org/devel.htm
At any rate, no matter the operating system, you will need root / Administrator access to actually perform a capture. Just using the library to replay or analyze precaptured data doesn't require any special privilege, of course.
Mihai Limbășan
2008-12-05 22:09:50
Nitpick: WinPcap offers the option of starting as a service so that non-admins can capture packets.
Josh Kelley
2008-12-12 15:52:49
I know. However, doing this is a such *monumentally* bad idea, security-wise, that I'd rather not publicize it more.
Mihai Limbășan
2008-12-12 16:26:15
A:
Microsoft Network Monitor has a packet capture and analysis API, see the netmon blog for some basic info.