|
|
|
| |
|
 Download code
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzipto decompress it.
Virus note:All files are scanned once-a-day by Planet Source Code for viruses,but new viruses come out every day, so no prevention program can catch 100% of them.
FOR YOUR OWN SAFETY, PLEASE:
1)Re-scan downloaded files using your personal virus checker before using it.
2)NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
3)Scan the source code with Minnow's Project Scanner
If you don't have a virus scanner, you can get one at many places on the net including:McAfee.com
|
Terms of Agreement:
By using this code, you agree to the following terms...
1) You may use
this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
2) You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
3) You may link to this code from another website, but ONLY if it is not wrapped in a frame.
4) You will abide by any additional copyright restrictions which the author may have placed in the code or code's description. |
Other 4 submission(s) by this author
|
|
| |
| Report Bad Submission |
|
| |
| Your Vote! |
|
See Voting Log |
| |
| Other User Comments |
10/2/2000 2:56:28 AM:Nick Johnson
If you like this code, I would REALLY
appreciate it if you could vote for it!
It would really help!
|
10/2/2000 4:37:58 AM:AMeoBA
Cool ! I vote for ya =)
it will be
better if there is UDP or TCP
indications..
|
10/2/2000 4:50:12 AM:Nick Johnson
Thanks for the vote & comment, AMeoBA.
The module only supports TCP, as there
is no such thing as a UDP connection. I
may build in UDP listening ports,
though.
|
10/2/2000 5:15:17 AM:Digital Vampire
AweSome ! have an excellent vote from
me :)
|
10/2/2000 11:38:53 AM:HenYa
funny... i submit code much better than
this in July.. and i only got 5
votes...
ummmm...
|
10/2/2000 11:41:42 AM:Nathan Evans
i checked out the code.. it seems quite
different to mine.. so i guess your
ok.. :P
|
10/2/2000 11:43:58 AM:Nathan Evans
oddd. it doesn't show up all my
connections...
only shows up 3... is
there a limit on this code or summit?
|
10/2/2000 3:38:51 PM:Nick Johnson
To address a few concerns:
I have NOT
plagairised this code! I did use a
'netstat example' as a basic guide, and
the API structures are the same, but I
have rewritten this code from scratch
in my own hand. The only code that is
not mine is that from Michael Tutty, as
credited above, and the two API
structures, which are identical, copied
or not (except comments).
RE: only 3
connections showing:
I have not had
any problems with this, is there anyone
else? Can you help me hunt down the
offending code, if any?
|
10/2/2000 4:33:10 PM:Ultimatum
As far as the netstat command, there is
a way to show ALL connection types,
including listening UDP ports and UDP
transmissions using this netstat
command:
netstat -an | MORE
|
10/2/2000 5:07:30 PM:Nick Johnson
Ultimatum:
I'm aware of that, but as I
stated above, in the Windows API, the
call to get listening UDP sockets is a
different one from the TCP one. IF
there is enough demand, I may make a
UDP class as well.
|
10/2/2000 6:52:26 PM:Anonymous
Yes, there is a demand, go for it.
Also, can you get the executable file
names that are using these
connections??? Like WAOL.EXE, or
IEXPLORE.EXE, or ZONE.EXE? Also, is it
possible to view the raw data going in
and our of these connection? If so,
that would be really cool. This code
is very professional, yet very
complicated. I only understand about
half of it...
|
10/3/2000 9:07:01 AM:Zenethian
Anonymous:
That probably isnt possible
unless you first hook the API calls and
store the names of the callers. Even
then I dunno if its possible. Either
way it would be a MAJOR pain.
Of
course, Linux stores that info for you,
but this isnt Linux. Heh. (shameless
plug)
|
10/3/2000 9:17:14 AM:Jim
Very good code. It worked without
problems as the screen shot showed and
can be a very useful utility
|
10/3/2000 4:59:20 PM:Drakken
This is good code. exactly what i
needed, i give ya a 5.
|
10/3/2000 5:31:12 PM:Salvador
Excellent code ... tks
|
10/3/2000 6:22:26 PM:HenYa
think i should resubmit my code.. since
it was much better than this... pity
mine didn't get hardly any votes to
start with tho..
|
10/4/2000 4:57:25 AM:CaRnAgE
i think it missing a file, every time i
run the ee and code i always get file
missing the file is IPhlpAPI can u
please send it to me thanx
|
10/4/2000 11:33:22 AM:HenYa
it is possible to hook into the network
subsystem and have you program to
receive all inbound/outbound data, but
it won't use the IPHLPAPI, it will use
the TDI Layer..
It is also possible
to find out which application is using
what port.. but this requires alot of
knowledge of the win32api with piping
etc.. I could fix together some code
for this.. but i dont think there is
much point.
|
10/4/2000 3:49:18 PM:Nick Johnson
Carnage: This file should be with your
copy of windows if you are running
Windows '98 or NT. IF you are running
'95, it won't work.
|
10/5/2000 4:19:23 PM:Nick Johnson
To all those that have given me less
than 5/5:
I still REALLY appreciate
your votes, but can I ask one extra
thing of you? Tell me what I did or
didn't do that cut me out of getting a
5/5! If you can suggest improvements,
I can continue to improve my code!
|
10/8/2000 6:07:42 AM:Biznatchasaurus
cool code...thanks!
|
10/13/2000 4:53:58 PM:Thomas Pleasance
Can any one tell me how to view the raw
data that is going in and out of a
selected port
|
10/13/2000 6:55:01 PM:Nick Johnson
Thomas:
Unfortunately, this is not
possible from VB, AFAIK. This requires
Raw sockets, an advanced C topic, and
none of the necessary facilities are
available from VB.
|
10/14/2000 11:17:24 AM:HenYa
absolutely not!
It is entirely
possible, you will need to research the
TDI interface or NDIS driver.
Nick:
raw sockets is completely different to
packet monitoring... :)
Raw sockets
is also possible from vb... anything
you can do in c++ can be done in vb...
although some things may require some
work, raw sockets is easy in vb.
vb6
that is.. since vb6 has AddressOf
operator.
|
10/14/2000 4:12:17 PM:Nick Johnson
Ok, I got that wrong, but I'm not the
only one ;)
Addressof has been
available since VB5, not just VB6.
MS
has made threads just about impossible
in VB6 non-activex exe's.
|
10/15/2000 2:29:44 AM:Curlew
You're talking about different things
when it comes to monitoring data.
Henya: You might be right, but you're
talking about IP Packet Sniffing
directly from the network device.
Nick's talking about creating a
system-wide hook and intercepting
winsock messages, which is not possible
in VB right now.
|
10/28/2000 6:05:12 AM:HenYa
anon: haha, she?
System-wide hooks
are quite possible in VB.. its just a
callback (addressof).
You not one of
them people who think you can't
system-wide keyboard hook in vb, are
you?
|
10/28/2000 6:26:17 AM:Henya
curlew:
the reason you can
"system-wide hook" the "winsock
messages" is because microsoft arent
that dumb in sending massive amounts of
data to every single process on the
computer at the same time...
It is
IMPOSSIBLE to just "hook in to" a
system-wde hook that receives all the
windows socket notifications and data,
i guess you've never programmed real
implementations before?
To
intercept "winsock messages" YOU WILL
have to use the TDI or NDIS layers. As
shown on various programs from
www.sysinternals.com and/or
www.winternals.com.
|
11/5/2000 11:44:12 PM:zelon200@yahoo.com
Hey People,
Just noticed this little
discussion you have. I'm in serious
need of help with creating something
that will intercept data that is coming
to the Winsock. The only think I
figured out myself is to recreate the
winsock dll and have my program do all
the routing but thats too much work.
Please help.
zelon2000@yahoo.com
Fuzzy Logic
|
11/6/2000 6:10:02 AM:gary
Henya, can you put a link here to your
code, i dont see it anywhere
|
11/6/2000 7:46:41 AM:skream
i get errors, it says stuff about SPLIT
sub or function not defined, i got vb5,
but it only says it when new ip shows
up. Like its trying to determine, and
split up IP with
|
11/6/2000 7:55:25 AM:skream
ACK
i get errors, it says stuff
about SPLIT sub or function not defined
i got vb5 but it only says it when new
ip shows up. Like its trying to
determine and split up IP with "."s
inbetween.
Another problem the
multiuse and persistable and all that
stuff at top of the class modules
before Option Explicit doesn't like
being there. Nick Please contact me.
865965 icq ta
|
11/6/2000 1:30:14 PM:Nick Johnson
Hmm, seems somewhere along the line it
got fed through VB6 by the sounds of
it. With the multiuse bits at the top,
just delete them. For the split, there
should be a replacement function here
on PSC. Has anyone else had this
problem?
|
11/6/2000 7:57:52 PM:ged
yeah i get that split problem, seems
you haven't included the split sub for
splitting up the ip
|
11/8/2000 11:34:59 AM:Henya
Gary: since this has happened.. im not
releasing any more of our code..
Actually, for a number of
reasons.
I'm not sure if i should do
this.. but Skream and the Split
function;
MSDN has a plenty of
information related to this function.
You use the following params.. that i
have simplified:
myArray =
Split("myExpression or myArray",
"delimiter")
There are two more
params. but they are not required for
your specific problem.
|
11/17/2000 12:44:00 PM:vbmojo
Excellent Code. It works like a charm.
|
11/20/2000 7:40:08 AM:Joe
It works fine when I'm testing it in
vb, a little lagged though. But after I
compile it, it freezes. I have
Windows98 and vb6. Is there a a fix for
this?
BTW: Great coding!!
|
11/24/2000 3:47:45 PM:SqueakMac
You guys were saying that you get an
error on the Split function...
The
Split function is only VB6, not VB5,
AFAIK.
|
11/25/2000 8:28:40 PM:opello
Great code! (contest win in fact) ...
The split function can be replaced.
Just add some 'compatibility' code that
you can find here code #3611 works good.
|
11/26/2000 1:01:51 PM:antiduh
henya, quit your ranting!
|
12/6/2000 3:29:16 PM:Anonymous
Teis program could not resolve the
first IP, so it just hanged forever
after it listed only the first IP.
|
12/28/2000 6:50:26 PM:Vasilis Sagonas
best :)
|
2/1/2001 1:29:23 PM:KaReL
Nice code, but can you gimme sometimes
the API-calls & a sample prog HOW to
make an UDP connection & send a sample
of data & then close the
connection?
Thx alot!
email:
half_life_fool@bigfoot.com
|
8/24/2001 4:09:05 PM:Vicky
i love your work is there an update you
done for this ?
|
8/24/2001 4:11:32 PM:Vicky
mail me
|
12/6/2001 12:21:48 PM:Tako
anyone know how to get around the
|
12/6/2001 12:23:20 PM:Tako
*anyone know how to get around the
stucture too small error when trying to
get the tcptable?
|
12/11/2001 12:29:09 PM:sick
Is there a way to get the amount of
data being sent/recieved.
|
12/29/2001 1:25:45 PM:DeAtH RyDeR
I haven't run the code yet but it looks
pretty cool, you have an excellent vote
from hacker supreme (a.k.a
T_R_I_C_K_S_T_E_R)
|
2/20/2002 11:05:41 AM:Michiel Schermer
Why you people want to get RAW
incoming/outgoing data? - you want to
make any project very insecure or
something? - then even newbies could
get the datastreams into projects and
make simple hacks for it... happy
microsoft protected that part very good
since everything (even FTP, Emailing)
is using a winsock control... should be
fun if i could see the
incoming/outgoing data but its not
possible
|
4/11/2002 12:19:28 PM:chris
thanks for these excellent lines of
code - they finally showed me how to
deal with all these "IP Helper
Functions"!
As you might know your
code can be very easy enhanced to
support udptable too.
|
4/14/2002 12:47:37 PM:Jerry
How map the port to its own application?
|
5/15/2002 2:12:34 PM:
I´ll like to learn TDI layer in vb,
very thanks and greetings.
|
5/16/2002 12:56:24 PM:bote
I want to learn TDI layer in vb,
very
thanks and greetings.
|
5/17/2002 6:05:59 AM:bote
nobody have saved the HenYa
code????
please, send me
|
6/5/2002 6:39:10 PM:X°Celcius
I got the same error someone mentioned
above. The code works beautifully in
testing, but when compiled it only
freezes. Any suggestions on how to go
about fixing that?
X°C
|
6/14/2003 11:23:34 AM:gridrun
raw sockets (IP level) are possible in
VB6, just check out Erwan's Promiscuous
Sniffer (use search box, Im too lazy to
paste URL/CodeID).
To see what port
is owned by what process (ie map
executable path/name to port) would be
*so* very useful.. Obviously there must
be more than one approach, as several
utilities exist(foundstone fport, and
that sysinternals utility, for
example), which can do it, and are
lightning fast at it, too.
|
6/14/2003 11:24:14 AM:gridrun
I dont think any of the mentioned
programs work by hooking winsock API
calls. While some older tools used this
method, they had all the restriction of
being unable to map ports that were
opened prior to the tool's
execution.
Yet another tool,
ntsecurity.nu's Inzider, takes awfully
long to execute, using, it seems, yet
another method to accomplish the
result.
At least for XP, there exist
a special API call that will return the
process name, again sysinternals.com is
demonstrating this with sourcecode on
there site.
|
|
| Add Your Feedback! |
Note:Not only will your feedback be posted, but an email will be sent to the code's author in your name.
NOTICE: The author of this code has been kind enough to share it with you. If you have a criticism, please state it politely or it will be deleted.
For feedback not related to this particular code, please click here.
|
|
