12

I'd like to somehow hook into the local system's network stack to capture outgoing network packets without using Winpcap. Unfortunately it tends to crash my system every now and then.

Is there a way to "sniff" outgoing traffic of the local system from a user space process written in a .NET language?

John Smith
  • 7,243
  • 6
  • 49
  • 61
Hendrik Wiese
  • 2,010
  • 3
  • 22
  • 49

2 Answers2

16

What you want is the Network Monitor API. More here and here.

Mike Atlas
  • 8,193
  • 4
  • 46
  • 62
1

I use smsniff from NIRSOFT. You need to be admin on the machine to sniff any traffic.

http://www.nirsoft.net/utils/smsniff.html

I have never seen .net used to sniff traffic. But maybe NetMon from Microsoft has a COM interface you call from .Net

But as always you need to be admin to sniff traffic, since it is needed to put the NIC in promiscuous mode.

ggonsalv
  • 1,264
  • 8
  • 18
  • Getting admin rights shouldn't be an issue since the program I'm working on is primarily for my own use. Well, if someone else would like to have a proggy that traces HTTP requests to specific filetypes and, after finding such a request, offers a way to actually download those files (like videos, mp4, flv) I'm sure I can make it public somewhere down the road. I don't want to go through the all the mess of writing a fully functional HTTP proxy, so sniffing is the only alternative. – Hendrik Wiese Jun 02 '10 at 04:06
  • 1
    Try fiddler as a HTTP debugging proxy. IT rulez http://www.fiddler2.com/fiddler2/ – ggonsalv Jun 02 '10 at 04:40
  • Yes, Fiddler is great. I'm using FiddlerCore to trace the HTTP requests with my application by now. But I'd really like to capture them independently from the proxy settings of the browsers. – Hendrik Wiese Jun 03 '10 at 16:57