Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
 
(untagged)

EnetstatX

0.00/5 (No votes)
9 Jun 2004 2  
Enhance netstat and packet filtering.

Sample Image - EnetstatX_img.jpg

Introduction

This article represents an update to my previous one "Enhance netstat". What's new regarding EnetstatX? It has packet filtering capabilities, sniffing using raw sock (disabled from menu, but could be enabled and extended by developers) and pop-up taskbar notifier concerning incoming and outgoing connections.

Description

What it does and base functionalities?

We have three base functionalities:

  • TCP connection manager
  • UDP connection manager
  • Packet filtering
  • Packet sniffing

How it does it?

  • TCP & UDP connection manager is using the following APIs: 
             // Gets extended TCP Connection/UDP Listener Table //

         // ! Note -> imported function from iphlpapi.dll          //

        typedef DWORD (WINAPI *pAllocateAndGetTcpExTableFromStack)(
             IN OUT PMIB_TCPTABLE_EX *pTcpTableEx, 
             IN BOOL,
             IN HANDLE,
             IN DWORD, 
             IN DWORD); 

        typedef DWORD (WINAPI *pAllocateAndGetUdpExTableFromStack) (
             IN OUT PMIB_UDPTABLE_EX *pUdpTableEx , 
             IN BOOL,
             IN HANDLE,
             IN DWORD, 
             IN DWORD);

        class content: CTCPTable and CUDPClass
  • Packet filtering is using the following APIs (iphlpapi.lib): 
             PfCreateInterface
         PfAddFiltersToInterface
         PfBindInterfaceToIPAddress
         PfUnBindInterface
         PfRemoveFiltersFromInterface
         PfDeleteInterface

         class content: CFilter
  • Packet sniffing is using raw socket capabilities: 
             // Create a raw socket 

         socket(AF_INET, SOCK_RAW, IPPROTO_IP);

         // Set sock option

         setsockopt( 
              m_hSniffSocket, 
              SOL_SOCKET,
              SO_RCVTIMEO,
              (const char *)&rcvtimeo,
              sizeof(rcvtimeo))

         class content: CFilter

How to use it?

Hmmm ... Run it, and there will be no problem. The graphical interface is intuitive, I hope ;).

Note: WinXP supported only.

Conclusion

In the final step, I would like to tell you guys that maybe there will be an update to this article regarding design part. I didn't have much time to do it, but if one of you are interested to cooperate or to continue this project, I can give you some ideas, and if necessary all my support. What more can be done? I was thinking that it could be nice to have a "passive OS fingerprinting" module that can detect the OS of connected computers. Another module can be to focus on "report and statistics" with compare capabilities and "what's new about my connection activities" ...

Enjoy!

y0d4

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2004 by y0da
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-12-08:1