Jump to content
  • Advertisement
Sign in to follow this  
Side Winder

Packet Sniffers

This topic is 3779 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I've developed a very simple form of a packet sniffer program that looks at incoming and outgoing packets and gets the header information and transforms the whole packet into a string format. I've also made it so I can filter with an entered port and IP address. Not been able to filter via process though, how would I do this? What sort of additional features can I add for this? Is it possible to limit upload/download bandwidth this way by capturing the packets before they're sent, storing them and sending them when there's "available" bandwidth? What about being able to re-send packets with the same header information? I'm a bit unsure on this one due to the header information being seemingly unique in every packet.

Share this post


Link to post
Share on other sites
Advertisement
Quote:
Original post by Side Winder

Not been able to filter via process though, how would I do this?


It's possible, but it will be some OS-specific mechanism. I don't know off the top of my head.

Quote:
What sort of additional features can I add for this?


Firstly, what's wrong with Wireshark

Quote:
Is it possible to limit upload/download bandwidth this way by capturing the packets before they're sent, storing them and sending them when there's "available" bandwidth?


Now you're talking about traffic shaping. Winsock provides SPI, which allows you to do just that.

Quote:
What about being able to re-send packets with the same header information? I'm a bit unsure on this one due to the header information being seemingly unique in every packet.


This will depend on protocol. For UDP, you can do pretty much anything. With TCP however you wouldn't gain anything using just a dumb resend, since both peers are aware of the stream state.

Share this post


Link to post
Share on other sites
Thanks.

I don't really NEED the program for anything, I just want to do it for practice. My plan was to use the program along with some online game, like Warcraft 3. Either to create a chat bot or to build some sort of statistical analysis on players I play with/against. There's a mechanism WC3 uses, where every command you input into the chat following a "/" won't actually show to other players, but will still be sent in a packet. I could then use a regex on the packet data to determine the type of command, player, etc. The data probably wouldn't actually mean anything, but I often find when in a game that I recognise a player's name, but can never remember if they're good or not, their main unit built, general strategy, etc.

I wanted to learn more about networking. I've already built myself a three-tier chat server/client/database and I wanted to do something different. Something other than gaming... and this is what I came up with!

Share this post


Link to post
Share on other sites
Quote:
Original post by Side Winder

I don't really NEED the program for anything, I just want to do it for practice. My plan was to use the program along with some online game, like Warcraft 3. Either to create a chat bot or to build some sort of statistical analysis on players I play with/against. There's a mechanism WC3 uses, where every command you input into the chat following a "/" won't actually show to other players, but will still be sent in a packet. I could then use a regex on the packet data to determine the type of command, player, etc. The data probably wouldn't actually mean anything, but I often find when in a game that I recognise a player's name, but can never remember if they're good or not, their main unit built, general strategy, etc.


If you just need a sniffer, then libpcap is a proven way to go about that.

If you need to modify the stream, then proxy is the easiest way to do it. Have two sockets, one a server, other a client connected to real service. You then manually transfer data from one to another, modifying it in the process.

This does however require the client to be configured to connect to your proxy.

One problem with this approach is that often, at very least during the handshake, some ip/port specific data is contained withing the packets. Encrpytion is also often based actual connection data. This is conventient since it prevents exactly what you would be doing - man-in-the-middle attack.


The workaround for this is non-trivial, and requires tampering with the data within network stack itself. As mentioned, Winsock provides an API to do just that. With Linux, the choices are obviously limitless.


There might be a third option though, but it requires multiple machine on LAN.

Instead of using software proxy, you run one on a separate machine, then corrupt your real machine's routing tables so that they send all traffic to your custom proxy. This requires no modification to the client, and is effectively "replacing the internet itself".

All these are obviously budget solutions.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!