How to make a Packet sniffer/filter?

This is a discussion on How to make a Packet sniffer/filter? within the C++ Programming forums, part of the General Programming Boards category; Hey, I'm kinda new to C++ and know that I wont be able to make a packet sniffer/filter/whatever yet (unless ...

  1. #1
    Registered User
    Join Date
    Feb 2009
    Posts
    1

    Cool How to make a Packet sniffer/filter?

    Hey, I'm kinda new to C++ and know that I wont be able to make a packet sniffer/filter/whatever yet (unless its easier then I think), but for future reference, how would you make a program that captures packets that a certain program RECEIVES (not send) and make it so whenever it receives a certain packet it will filter it to a different one? Can you make it so it looks for a certain part of a packet and edits only that part? For example, if you receive a packet with the hex "FF 00 03 FE 23 2A" and only want to edit the "FE 23" part to "A2 34", how would you make a C++ program where all you have to do is click a button and the program will edit that packet for you whenever it receives it?


    Thanks.
    Last edited by shown; 02-22-2009 at 06:21 PM.

  2. #2
    Kiss the monkey. CodeMonkey's Avatar
    Join Date
    Sep 2001
    Posts
    917
    Interesting. You want to cloak the actual remote client and substitute a straw man? Could be dangerous.

    Anyway, you'd either have to use some library that works with TCP, or you'd have to work with sockets directly. Sockets, which are the low-level layer of networking, are implementation-dependent. There's a lot out there on google.

    As for the data manipulation, that's straightforward enough. The only thing you'd have to worry about is "endianness," or the ordering of the words within the data, bytes within the words, and bits within the bytes. You might use a mask:

    Code:
    #include <iostream>
    
    int main()
    {
        unsigned data = 0x45EFA6;
        unsigned wiper = 0xFF00FF;
        unsigned chunk = 0x00D200;
    
        data = (data&wiper) | chunk;
        std::cout << std::hex << data << std::endl;
    }
    "If you tell the truth, you don't have to remember anything"
    -Mark Twain

  3. #3
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    Someone correct me if I'm wrong but I believe you would have to implement the equivalent of a software firewall, not a packet sniffer. Most implementations of packet sniffers merely watch the traffic and do not intercept it. Keep in mind that this sorta thing could slow down the traffic on that computer. If you wanted a real go at it, you could try jumping into the application you want filtered and try and hook into their socket read/writes.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. unable to recieve UDP packet
    By caroundw5h in forum Networking/Device Communication
    Replies: 15
    Last Post: 09-19-2007, 12:11 PM
  2. "Cannot make pipe"
    By crepincdotcom in forum C Programming
    Replies: 5
    Last Post: 08-16-2004, 01:43 PM
  3. HELP!wanting to make full screen game windowed
    By rented in forum Game Programming
    Replies: 3
    Last Post: 06-11-2004, 05:19 AM
  4. make all rule
    By duffy in forum C Programming
    Replies: 9
    Last Post: 09-11-2003, 02:05 PM
  5. Replies: 6
    Last Post: 04-20-2002, 07:35 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21