Sample application to read and inspect packets on a network?

views:

answers:

Sample application to read and inspect packets on a network?

Hi, I'm looking to write a quick program to read and inspect packets of a certain format and then blacklist ips with a certain style of packet-traffic (packet patterns of an attack against the network). Are there decent samples of reading and inspecting packet flow on a network?

+1 A:

Instead of writing your own program you might consider using WireShark, which can collect packets and filter data to identify certain patterns.

Justin Ethier 2010-04-06 15:54:46

It doesn't seem overly easy to interface with Wireshark though. Since I'd like this to be automated, I'm not sure how feasible that would be.. Maybe I've just never seen that done though.

franz 2010-04-06 15:56:34

note that Wireshark has a Lua scripting API (http://wiki.wireshark.org/Lua)

Javier 2010-04-06 16:11:24

There's a related question here:

http://stackoverflow.com/questions/742024/which-net-library-wrapper-do-you-recommend-for-sniffing-packets

Id have to suggest though, implementing software monitoring is almost guaranteed to add a bottleneck to your network, and there are plenty of existing hardware solutions.

Russ C 2010-04-06 15:56:23

Wireshark, on Windows at least, uses libpcap. You could try that.

Also, if you're using Windows, I know several apps that use the Windows firewall stuff to remove themselves from a blacklist, so going the other way should be possible.

This is a lot easier on Unix... ;-P

Nate 2010-04-06 16:00:56

This is not Windows specific :)

franz 2010-04-06 16:03:29

ansaurus

tags:

views:

answers:

Sample application to read and inspect packets on a network?

related questions