0

I just buildet a simple networksniffer in c#. Its working fine but im only capturing udp packets (i want to sniff for http packets). i thing i should change the socketinformation but i dont know how. btw is the ip address correct(i already chacked that). here is the source code:

    static Socket socket;
    static byte[] data = new byte[4096];

    static void Main(string[] args)
    {
        IPAddress ip = Dns.GetHostAddresses(Dns.GetHostName())[3];

        socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
        socket.Bind(new IPEndPoint(ip, 80));
        socket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, true);
        socket.IOControl(IOControlCode.ReceiveAll, new byte[4] { 1, 0, 0, 0 }, new byte[4] { 1, 0, 0, 0 });

        socket.BeginReceive(data, 0, data.Length, SocketFlags.None, new AsyncCallback(receive), null);
        System.Threading.Thread.Sleep(System.Threading.Timeout.Infinite);
    }

    static void receive(IAsyncResult ar)
    {
        int nReceived = socket.EndReceive(ar);
        MemoryStream ms = new MemoryStream(data, 0, nReceived);
        BinaryReader br = new BinaryReader(ms);
        byte protocol = br.ReadBytes(10)[9];
        if (protocol == 17)
        {
            //udp
        }
        else if (protocol == 6)
        {
            //tcp
        }
        else
        {
            //something else
        }

        data = new byte[4096];
        socket.BeginReceive(data, 0, data.Length, SocketFlags.None, new AsyncCallback(receive), null);
   }
jakob
  • 147
  • 1
  • 7
  • https://stackoverflow.com/questions/226784/how-to-create-a-simple-proxy-in-c ? – Alexei Levenkov Nov 01 '17 at 16:40
  • Protocol `6` is not IP, it is TCP, which is what will carry HTTP. IP would be an EtherType on the frame, not a Protocol number. The IPv4 EtherType is `2048` (`0x0800`), and the IPv6 EtherType is `34525` (`0x86DD`). – Ron Maupin Nov 01 '17 at 16:45
  • @alexei levenkov thank you for that awnser but i dont think i understood it (im not building a proxy) – jakob Nov 01 '17 at 16:45
  • @ron maupin i solved that but im still not capturing http packets – jakob Nov 01 '17 at 16:53
  • Is your sniffer separate from the HTTP client and server? Is it connected to a switch? – Ron Maupin Nov 01 '17 at 16:55
  • i want to capture packages my computer is sending – jakob Nov 01 '17 at 16:57
  • But, on which device is the code running? Is it on the HTTP server or client, or a different machine altogether? – Ron Maupin Nov 01 '17 at 17:02
  • it is running on the clients pc – jakob Nov 01 '17 at 17:03
  • The client will only use TCP port 80 for outgoing HTTP requests, and an ephemeral port for HTTP replies. If the requests are HTTPS, the outgoing requests will be on port 443, and replies will be on an ephemeral port. – Ron Maupin Nov 01 '17 at 17:05
  • HTTP uses TCP as transport layer. So as other stated that capturing port 80 or 8080 will get the http data. – jdweng Nov 01 '17 at 17:18
  • ok, i changed to port 8080 and got shure im sending http requests(not https) but ... nothing. only udp – jakob Nov 01 '17 at 17:25

0 Answers0