Re: [twsocket] Monitoring TCP/IP traffic

2005-07-13 Thread Arno Garrels
Angus Robertson - Magenta Systems Ltd wrote:
 I always though that proper monitoring of TCP/IP traffic required a
 device driver, but BMExtreme seems to manage it through the standard
 winsock API:
 
 http://www.lp23.com/bmextreme/
 
 It's able to list IP addresses visited, and distinguish internal and
 external traffic on a adaptor, on most OSs (I'm using XP SP2).  A quick
 look at it's dependencies suggests only WSAIotl is used, plus open
 socket, etc.
 
 So is there a way to monitor traffic on an adaptor using winsock?  It
 would make a very useful ICS component, allowing bandwidth monitoring
 in particular which is important to many with capped ADSL connections.
 I currently use IP Helper, but this only sees total traffic through an
 adaptor, and I need to exclude local stuff.

May be it's possible with SOCK_RAW socket type. Have you read the article 
Hands on TCP/IP programming in Delphi by Alfred Mirzagitov?
It's in the TCPIP sub directory. 

http://www.thedelphimagazine.com/disks/dmag101.zip


Arno Garrels

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] Monitoring TCP/IP traffic

2005-07-13 Thread Arno Garrels
 May be it's possible with SOCK_RAW socket type. Have you read the article 
 Hands on TCP/IP programming in Delphi by Alfred Mirzagitov?
 It's in the TCPIP sub directory. 

 http://www.thedelphimagazine.com/disks/dmag101.zip

It's not the article but some interisting demo code, including a logger.


Arno Garrels

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] Monitoring TCP/IP traffic

2005-07-13 Thread Angus Robertson - Magenta Systems Ltd
  May be it's possible with SOCK_RAW socket type. Have you read the 
  article Hands on TCP/IP programming in Delphi by Alfred Mirzagitov?
  It's in the TCPIP sub directory. 
 
  http://www.thedelphimagazine.com/disks/dmag101.zip
 
 It's not the article but some interisting demo code, including a 
logger.

Thanks, just pulled the January 2004 issue of the magazine off the 
shelf and shall have a read of it.

The IP packet logger does seem to be exactly what I need.  Had to fix 
one line to allow for an empty packet, but it's now scrolling TCP/IP 
packets onto my screen.  It's really quite surprising how much crap is 
flowing around my network, in particular a Netgear router broadcasting 
UPD packets every second g

Only slight worry is I thought Microsoft was trying to stop raw sockets 
being used, but this is still running OK under the latest XP patches.

Angus

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] Monitoring TCP/IP traffic

2005-07-13 Thread Dan
RAW sockets were introduced with Windows 2K and are only usable by 
Administrator accounts.  I don't think they're trying to remove them.


Dan

- Original Message - 
From: Angus Robertson - Magenta Systems Ltd [EMAIL PROTECTED]

To: twsocket@elists.org
Sent: Wednesday, July 13, 2005 10:11 AM
Subject: Re: [twsocket] Monitoring TCP/IP traffic



 May be it's possible with SOCK_RAW socket type. Have you read the
 article Hands on TCP/IP programming in Delphi by Alfred Mirzagitov?
 It's in the TCPIP sub directory.

 http://www.thedelphimagazine.com/disks/dmag101.zip

It's not the article but some interisting demo code, including a

logger.

Thanks, just pulled the January 2004 issue of the magazine off the
shelf and shall have a read of it.

The IP packet logger does seem to be exactly what I need.  Had to fix
one line to allow for an empty packet, but it's now scrolling TCP/IP
packets onto my screen.  It's really quite surprising how much crap is
flowing around my network, in particular a Netgear router broadcasting
UPD packets every second g

Only slight worry is I thought Microsoft was trying to stop raw sockets
being used, but this is still running OK under the latest XP patches.

Angus

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be




--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] Monitoring TCP/IP traffic

2005-07-13 Thread Francois Piette
 Only slight worry is I thought Microsoft was trying to stop raw sockets 
 being used, but this is still running OK under the latest XP patches.

I think you must have administrator priviledges now.

--
[EMAIL PROTECTED]
http://www.overbyte.be


-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] Monitoring TCP/IP traffic

2005-07-13 Thread Arno Garrels
Angus Robertson - Magenta Systems Ltd wrote:
 The IP packet logger does seem to be exactly what I need.  Had to fix
 one line to allow for an empty packet, but it's now scrolling TCP/IP
 packets onto my screen.  It's really quite surprising how much crap is
 flowing around my network, in particular a Netgear router broadcasting
 UPD packets every second g

Do you now write a logger-component based on TWSocket?
Would be a 'nice to have':)

Arno Garrels

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] Monitoring TCP/IP traffic

2005-07-06 Thread Dod
Hello Angus,

IP Helper is the only thing you need, no specific driver if it's only
bandwidth.

It permit also to get separate traffic for each card.

Regards.

ARMSL I always though that proper monitoring of TCP/IP traffic required a 
ARMSL device driver, but BMExtreme seems to manage it through the standard 
ARMSL winsock API:

ARMSL http://www.lp23.com/bmextreme/

ARMSL It's able to list IP addresses visited, and distinguish internal and 
ARMSL external traffic on a adaptor, on most OSs (I'm using XP SP2).  A quick 
ARMSL look at it's dependencies suggests only WSAIotl is used, plus open 
ARMSL socket, etc.  

ARMSL So is there a way to monitor traffic on an adaptor using winsock?  It 
ARMSL would make a very useful ICS component, allowing bandwidth monitoring 
ARMSL in particular which is important to many with capped ADSL connections.  
ARMSL I currently use IP Helper, but this only sees total traffic through an 
ARMSL adaptor, and I need to exclude local stuff.  

ARMSL Angus


-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] Monitoring TCP/IP traffic

2005-07-06 Thread Dod
Hello Angus,

I forgot to tell that if you need to stats specific ports or IP then
you'll need to use WinPcap packet capture (finding delphi wrapper is
easy).

Delphi cannot be used to create dynamic drivers so you'll not be able to create
some .sys that would load/unload easy.

Regards.

ARMSL I always though that proper monitoring of TCP/IP traffic required a 
ARMSL device driver, but BMExtreme seems to manage it through the standard 
ARMSL winsock API:

ARMSL http://www.lp23.com/bmextreme/

ARMSL It's able to list IP addresses visited, and distinguish internal and 
ARMSL external traffic on a adaptor, on most OSs (I'm using XP SP2).  A quick 
ARMSL look at it's dependencies suggests only WSAIotl is used, plus open 
ARMSL socket, etc.  

ARMSL So is there a way to monitor traffic on an adaptor using winsock?  It 
ARMSL would make a very useful ICS component, allowing bandwidth monitoring 
ARMSL in particular which is important to many with capped ADSL connections.  
ARMSL I currently use IP Helper, but this only sees total traffic through an 
ARMSL adaptor, and I need to exclude local stuff.  

ARMSL Angus


-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] Monitoring TCP/IP traffic

2005-07-06 Thread Angus Robertson - Magenta Systems Ltd
 IP Helper is the only thing you need, no specific driver if it's only
 bandwidth.
 It permit also to get separate traffic for each card.

Sorry, you are wrong.  IP Helper only monitors all traffic through a 
card, it does not distinguish LAN or WAN (via a router) traffic.  

So it is useless for monitoring routed WAN traffic, which needs to be 
identified by IP address range. 

Angus

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


RE: [twsocket] Monitoring TCP/IP traffic

2005-07-06 Thread Angus Robertson - Magenta Systems Ltd
 I think that the BME only checks the netmask of the adapter (you can 
get
 this via IP Helper) and then treats anything from those addresses as 
 local traffic. That's how I would program this, anyway.

Quite probably, but the original question was how does it get 
statistics per connection, rather than by adaptor.  

Angus

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be