Re: [twsocket] Can ICS raw socket be used to sniff traffic?
> Failed to Start Monitor - Error 10022 in function WSAIoctl(SIO_RCVALL) > Invalid argument Sorry, no idea. I'd make sure the latest network adaptor drivers are loaded, it will be faulty drivers causing the problem. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Can ICS raw socket be used to sniff traffic?
Hello Angus, I tried your component on two Windoes XP SP1 PCs. Both are IBM ThinkPad laptops, two different models though. On one of them it works, capturing only inbound traffic. This is ok. On the other one, I got the error below (using raw socket, not pcap) and right after that I got a blue screen with memory dump. After rebooting, I tried the second time. I got the same error but the PC didn't reboot. Any ideas why I'm getting the error and why it crashed? The error shown in the log window: Failed to Start Monitor - Error 10022 in function WSAIoctl(SIO_RCVALL) Invalid argument -- Best regards, Jack Friday, November 11, 2005, 12:19:00 PM, you wrote: >> I remember seeing an example using WinXP raw socket to >> sniff network traffic. Raw socket support has been added >> to ICS (but I have no experience with it yet.) I wonder if >> ICS raw socket can be used to sniff traffic sent to local >> PC? > My Internet Packet Monitoring Components can be downloaded from > http://www.magsys.co.uk/delphi/, and will monitor using either raw > sockets or winpcap. >> Basically, I'd like to know the IP and MAC address of the default >> gateway. If not raw socket, any other ways to know that? >> I can probably use winpcap to sniff the traffic but I would >> not use it if I don't have to. > You can use my Internet Protocol Helper Component, same URL (or the > Usermade ICS page), to read the PC IP routing table which will give you > the IP of the next hops for various destination addresses, since there > may be multiple gateways. The ARP table gives you the MAC for the IPs > you found. There's a demo program that lists all this stuff. > Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Can ICS raw socket be used to sniff traffic?
> BTW, as you mentioned on your site, the raw socket demo only > shows received packets, not the sent ones. It seems to be down to drivers, my PCs with Netgear GA311 adaptors ignore transmitted traffic, but those with common Realtek 8139 based adaptors show transmitted traffic OK. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Can ICS raw socket be used to sniff traffic?
Hello Angus, Your components seem to be exactly what I need. Thanks a lot! BTW, as you mentioned on your site, the raw socket demo only shows received packets, not the sent ones. -- Best regards, Jack Friday, November 11, 2005, 12:19:00 PM, you wrote: >> I remember seeing an example using WinXP raw socket to >> sniff network traffic. Raw socket support has been added >> to ICS (but I have no experience with it yet.) I wonder if >> ICS raw socket can be used to sniff traffic sent to local >> PC? > My Internet Packet Monitoring Components can be downloaded from > http://www.magsys.co.uk/delphi/, and will monitor using either raw > sockets or winpcap. >> Basically, I'd like to know the IP and MAC address of the default >> gateway. If not raw socket, any other ways to know that? >> I can probably use winpcap to sniff the traffic but I would >> not use it if I don't have to. > You can use my Internet Protocol Helper Component, same URL (or the > Usermade ICS page), to read the PC IP routing table which will give you > the IP of the next hops for various destination addresses, since there > may be multiple gateways. The ARP table gives you the MAC for the IPs > you found. There's a demo program that lists all this stuff. > Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Can ICS raw socket be used to sniff traffic?
> I remember seeing an example using WinXP raw socket to > sniff network traffic. Raw socket support has been added > to ICS (but I have no experience with it yet.) I wonder if > ICS raw socket can be used to sniff traffic sent to local > PC? My Internet Packet Monitoring Components can be downloaded from http://www.magsys.co.uk/delphi/, and will monitor using either raw sockets or winpcap. > Basically, I'd like to know the IP and MAC address of the default > gateway. If not raw socket, any other ways to know that? > I can probably use winpcap to sniff the traffic but I would > not use it if I don't have to. You can use my Internet Protocol Helper Component, same URL (or the Usermade ICS page), to read the PC IP routing table which will give you the IP of the next hops for various destination addresses, since there may be multiple gateways. The ARP table gives you the MAC for the IPs you found. There's a demo program that lists all this stuff. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be