How to intercept packets sent by an application and check their header and content?

Question

I'd like to know how can I intercept packets sent by a certain application and then to check what those packets contain. I need some advice what to do because I've never done such a thing and I want to learn by myself.

Use something like [Pcap.net](http://pcapdotnet.codeplex.com/). — Nasreddine, Sep 15 '12 at 13:07
btw, can you let me know what `PACKETS` you are refering html, tcp or else ? — Harsh Baid, Sep 15 '12 at 13:08
@Nacereddine I don't know what you name it but it is useful to check http traffic in [Fiddler](http://www.fiddler2.com/fiddler2/) rather than using capture anything tool which can be complex to use and learn at start. :D — Harsh Baid, Sep 15 '12 at 13:14
Http packets , for example a game launcher. I want to learn how to do it in c# not to use other programs. Thanks — Jax, Sep 15 '12 at 13:25

score 22 · Accepted Answer · edited Jun 20 '20 at 09:12

Pcap.Net

Pcap.Net is a .NET wrapper for WinPcap written in C++/CLI and C#. It Features almost all WinPcap features and includes a packet interpretation framework.

SharpPcap

SharpPcap is a cross-platform packet capture framework for the .NET environment, based on the famous pcap / WinPcap libraries. It provides an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.

Comparision of Pcap.Net and SharpPcap

Wireshark

It is used for network troubleshooting, analysis, software and communications protocol development, and education. And I think it is the most versatile packet sniffer I used till now.

Fiddler

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Recently Fiddler has been overtook by Telerik. But it is still free AFAIK.

You can also use FiddlerCore from here http://www.telerik.com/fiddler/fiddlercore — Vinod Srivastav, Nov 20 '15 at 15:12

Ruslan F. · Answer 2 · 2012-09-15T13:39:52.267

Some example of c# sniffer socket creation.

    mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw,
                           ProtocolType.IP);

    // Bind the socket to the selected IP address
    mainSocket.Bind(newIPEndPoint(IPAddress.Parse(cmbInterfaces.Text),0));

    // Set the socket options
    mainSocket.SetSocketOption(SocketOptionLevel.IP,  //Applies only to IP packets
                               SocketOptionName.HeaderIncluded, //Set the include header
                               true);                           //option to true

    byte[] byTrue = newbyte[4]{1, 0, 0, 0};
    byte[] byOut = newbyte[4];

    //Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
    mainSocket.IOControl(IOControlCode.ReceiveAll,  //SIO_RCVALL of Winsock
                         byTrue, byOut);

    //Start receiving the packets asynchronously
    mainSocket.BeginReceive(byteData, 0, byteData.Length, SocketFlags.None,
                            newAsyncCallback(OnReceive), null);

This code is taken from - http://www.codeproject.com/Articles/17031/A-Network-Sniffer-in-C — , Apr 22 '16 at 19:45

score 2 · Answer 3 · answered Sep 15 '12 at 13:16

You can use Fiddler to see HTTP traffic http://www.fiddler2.com/fiddler2/.

Alternatively Wireshark http://www.wireshark.org/ for more advanced stuff

Summary of Packet Analyzers here http://en.wikipedia.org/wiki/Packet_analyzer

More details of what you are trying to achieve would help us advise.