Thread: Packet Sniffing error [Wireshark etc]

  1. #1
    Registered User C_ntua's Avatar
    Join Date
    Jun 2008

    Packet Sniffing error [Wireshark etc]

    Wireshark doesn't work for my Win7 PC. Neither does WinDump or any other method. For example I have this code in C#
    mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
     mainSocket.Bind(new IPEndPoint(IPAddress.Parse(cmbInterfaces.Text), 0));
    mainSocket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, true);
    byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
    byte[] byOut = new byte[4] { 0, 0, 0, 0 }; //Capture outgoing packets
    mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut);
    Which should start a simple socket to listen to all incoming packets. I get an exception thrown (SocketException) on IOControl. If I change the parameters it runs, but it doesn't do what I want.

    Using winsock2.h in a C++ attempt, doesn't work either (gives an error when I bind). So The above code works for a WinXP PC I have, but not on this Win7 PC I have. I am guessing it is a general problem.

    Any ideas? I am running them as administrator of course in Win7/Vista

  2. #2
    Registered User kryptkat's Avatar
    Join Date
    Dec 2002
    Nmap Hackers: Microsoft Tightens the Noose on Raw Sockets

    Well, they haven't backed down this time! I know that some of you
    have been avoiding SP2 to keep your system fully functional. MS made
    a blocking tool available to Enterprises, but they overrode it on
    April 12 and forced the upgrade through Automatic Update anyway[2].
    And now they have quietly snuck the raw sockets restriction in with
    their latest critical security patch (MS05-019). The loophole that
    allowed users to defeat the limitation by stopping the ICS service has
    also been closed by MS05-019.
    I have appended an informative
    NTBugtraq post by Robin Keir on this topic. Pick your poison: Install
    MS05-019 and cripple your OS, or ignore the hotfix and remain
    vulnerable to remote code execution and DoS.
    i believe they stopped the use of raw sockets in win7 and that is why wireshark does not work for you. meow. also know the above is proof that they snuck in rogue code to disable raw socks.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Packet processing in Socket programming, please help
    By pumpkin in forum Networking/Device Communication
    Replies: 5
    Last Post: 05-28-2009, 01:33 AM
  2. Replies: 4
    Last Post: 05-05-2009, 05:35 AM
  3. Global Variables
    By Taka in forum C Programming
    Replies: 34
    Last Post: 11-02-2007, 03:25 AM
  4. Raw Packet (sorry tripple weird Post)
    By Coder87C in forum Networking/Device Communication
    Replies: 6
    Last Post: 03-04-2006, 11:34 AM
  5. packet analyzer in c
    By althagafi in forum C Programming
    Replies: 1
    Last Post: 07-26-2004, 11:46 PM