Thread: packet sniffer

  1. #1
    Registered User
    Join Date
    May 2006
    Posts
    630

    packet sniffer

    Hello

    I've been using wire shark for packet sniffing..
    Now I'd like to have new features to be able to sniff packets that are being sent/received by particular application.

    Does anyone know of any packet sniffer that allows this?

  2. #2
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by l2u View Post
    Hello

    I've been using wire shark for packet sniffing..
    Now I'd like to have new features to be able to sniff packets that are being sent/received by particular application.

    Does anyone know of any packet sniffer that allows this?
    Ehm, how do you know which application is receiving which packet? If we assume that there is a socket connection, then a socket number is assigned to each packet, but there's nothing saying that for example port 80 isn't sending data to one Opera and Firefox "at the same time".

    For Linux, I've used tcpdump, which allows you to filter on IP address and PORT number if you wish. Not sure if there's something similar on Windows.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  3. #3
    Registered User
    Join Date
    May 2006
    Posts
    630
    I'd like to monitor a process/program so that sniffer would be able to filter data that is being recevied/sent by this process.

  4. #4
    S Sang-drax's Avatar
    Join Date
    May 2002
    Location
    Göteborg, Sweden
    Posts
    2,072
    You can use microsoft's TCPView in combinations with Wireshark perhaps. It takes some manual work though.
    Last edited by Sang-drax : Tomorrow at 02:21 AM. Reason: Time travelling

  5. #5
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    Sounds suspicious. Why do you want to do this?

  6. #6
    Registered User
    Join Date
    May 2006
    Posts
    630
    Why do you want to know?
    Because I suspect some application so I want to sniff packets it sends.

  7. #7
    S Sang-drax's Avatar
    Join Date
    May 2002
    Location
    Göteborg, Sweden
    Posts
    2,072
    Do you have a lot of other stuff going on? I am always able to apply Wireshark filtering to get the packages I want. I guess you don't really know what you're looking for and just wants to see everything a certain program sends/recieves over a long period of time, right?

    Also, I don't really see why this should be suspicious. Since he asked for a way to monitor a specific program it is clear that he is monitoring a computer where he is the administrator himself. Just monitoring your own computer is perfectly legal and sometimes very useful if you don't trust a program.
    Last edited by Sang-drax : Tomorrow at 02:21 AM. Reason: Time travelling

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Packet processing in Socket programming, please help
    By pumpkin in forum Networking/Device Communication
    Replies: 5
    Last Post: 05-28-2009, 01:33 AM
  2. Replies: 4
    Last Post: 05-05-2009, 05:35 AM
  3. Global Variables
    By Taka in forum C Programming
    Replies: 34
    Last Post: 11-02-2007, 03:25 AM
  4. Problem while constructing IP packet and sending using socket() system call
    By cavestine in forum Networking/Device Communication
    Replies: 10
    Last Post: 10-15-2007, 05:49 AM
  5. Raw Packet (sorry tripple weird Post)
    By Coder87C in forum Networking/Device Communication
    Replies: 6
    Last Post: 03-04-2006, 11:34 AM