flat assembler
Message board for the users of flat assembler.

Index > Windows > Packet Sniffing

Author
Thread Post new topic Reply to topic
me



Joined: 21 Jun 2003
Posts: 7
me
I wondering how to packet sniff in windows xp / win2k in fasmw.
Post 15 Aug 2003, 00:01
View user's profile Send private message Reply with quote
scientica
Retired moderator


Joined: 16 Jun 2003
Posts: 689
Location: Linköping, Sweden
scientica
Why are yu interested in sniffing pagaes? I only know of one purpose with package snifffing, and I don't think it's appropriate to discuss such topics on this board. Please, tell me what are your instensions (perhaps there is a usage where it's legitime, but I've never heard of any) :/

_________________
... a professor saying: "use this proprietary software to learn computer science" is the same as English professor handing you a copy of Shakespeare and saying: "use this book to learn Shakespeare without opening the book itself.
- Bradley Kuhn
Post 15 Aug 2003, 10:17
View user's profile Send private message Visit poster's website Reply with quote
me



Joined: 21 Jun 2003
Posts: 7
me
Sorry about my first post. I was very busy at the time that I posted it and did not realise how general it sounded.

I wondering what api calls to use packet sniff in windows XP and 2000. So that I can write a simple packet sniffer for my self in fasm. I know that I need to get the network card into promiscuous mode but how ?.

I hope that this is suitable for this forum.
Post 18 Aug 2003, 00:11
View user's profile Send private message Reply with quote
Rottbott



Joined: 03 Sep 2003
Posts: 3
Rottbott
It could be used to help debug programs that use the network...
Post 03 Sep 2003, 15:16
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
If you want to just sniff socket activity, you can getaway with simple API hooks on wsock32.send and wsock32.recv. For complete network sniffing, you need NDIS driver hooking. There is article somewhere on http://www.sysinternals.com/ on how to build a firewall (with functioning source I believe) and accomplishes NDIS hooking.

_________________
comrade (comrade64@live.com; http://comrade.ownz.com/)
Post 04 Sep 2003, 01:55
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
Not sysinternals article, but there is somewhere mention of Mark Russinovich, so I mixed up. Smile

Here it is:
http://www.ntkernel.com/articles/firewalleng.shtml

_________________
comrade (comrade64@live.com; http://comrade.ownz.com/)
Post 04 Sep 2003, 02:01
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
me



Joined: 21 Jun 2003
Posts: 7
me
Yo , hi . Yeah i'm i'm currently studing network engineering. I was planning to make a firewall and i was not trying to hack. If i wanted to hack i would have used tools like fluke or ethereal. drr.So i wanted to do the complete opisite.

I read in a windows 2000 api manual that there was an eaiser way called,Windows 2000 Filter-Hook Driver. I really don't want to play around with NDIS drivers. As most corperate servers are windows 2000 server.

NOTE : ( I'm not trying to start a OS war here )

I worked out how to get the network card into pericous mode but then realised that in pericous mode that network does not send packets.

I'm sorry for not explaining my self better but it's hard to think when you are so busy.

Thanks Rottbott and comrade for trusting me.

rm.
Post 04 Sep 2003, 06:20
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
Why would hacking discussion be inappropriate for this forum?

_________________
comrade (comrade64@live.com; http://comrade.ownz.com/)
Post 04 Sep 2003, 23:18
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
HarryTuttle



Joined: 26 Sep 2003
Posts: 211
Location: Poland
HarryTuttle
comrade wrote:
Why would hacking discussion be inappropriate for this forum?


because it would be to associate with harmful activity

but in the past hacker was a good name unforunatele the meaning has changed...

_________________
Microsoft: brings power of yesterday to computers of today.
Post 26 Sep 2003, 13:49
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
HarryTuttle wrote:
comrade wrote:
Why would hacking discussion be inappropriate for this forum?


because it would be to associate with harmful activity

but in the past hacker was a good name unforunatele the meaning has changed...


So?

_________________
comrade (comrade64@live.com; http://comrade.ownz.com/)
Post 26 Sep 2003, 14:29
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
HarryTuttle



Joined: 26 Sep 2003
Posts: 211
Location: Poland
HarryTuttle
everybody are shivering all over when something sounds like hacking hack or something like that.

The fear is in my opinion groundless but the others think differently.
Anyway I respect this convention.

_________________
Microsoft: brings power of yesterday to computers of today.
Post 26 Sep 2003, 14:51
View user's profile Send private message Reply with quote
scientica
Retired moderator


Joined: 16 Jun 2003
Posts: 689
Location: Linköping, Sweden
scientica
comrade wrote:
HarryTuttle wrote:
comrade wrote:
Why would hacking discussion be inappropriate for this forum?


because it would be to associate with harmful activity

but in the past hacker was a good name unforunatele the meaning has changed...


So?

Let's change it back, and inform the mases, hackers aren't crackers. Unless we do that the big masses will continue to belive the media, that calls crackers hackers - one should send them an e-mail pointing out their fact error. (because that's what it is, it's kinda like AV-programmers being confused with virii-makers, the AV-makers know the tricks of the viriists but they're not writing viriis but user their knowledge to counter act (unless they have nothing to do a booring monday - "if you aint got job, make job" Wink) - do you understand what I'm saying?)

btw, Rottbott, didn't think of that.

_________________
... a professor saying: "use this proprietary software to learn computer science" is the same as English professor handing you a copy of Shakespeare and saying: "use this book to learn Shakespeare without opening the book itself.
- Bradley Kuhn
Post 26 Sep 2003, 16:35
View user's profile Send private message Visit poster's website Reply with quote
HarryTuttle



Joined: 26 Sep 2003
Posts: 211
Location: Poland
HarryTuttle
yes I do,

it means that "to change it back" is hard to do or rather impossible...

_________________
Microsoft: brings power of yesterday to computers of today.
Post 26 Sep 2003, 18:20
View user's profile Send private message Reply with quote
scientica
Retired moderator


Joined: 16 Jun 2003
Posts: 689
Location: Linköping, Sweden
scientica
HarryTuttle wrote:
is hard to do or rather impossible...

It just a matter of whenever somebody "confuses"/mis-uses the word hacker to correct that person. Informing him/her about the difference, so that (s)he don't make the same misstake/error.

_________________
... a professor saying: "use this proprietary software to learn computer science" is the same as English professor handing you a copy of Shakespeare and saying: "use this book to learn Shakespeare without opening the book itself.
- Bradley Kuhn
Post 26 Sep 2003, 22:15
View user's profile Send private message Visit poster's website Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
Change szFileName symbol in loader.asm to hook a different executable.


Description:
Download
Filename: ws32dump.zip
Filesize: 12.29 KB
Downloaded: 6539 Time(s)


_________________
comrade (comrade64@live.com; http://comrade.ownz.com/)
Post 06 Oct 2003, 03:55
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
HarryTuttle



Joined: 26 Sep 2003
Posts: 211
Location: Poland
HarryTuttle
not so bad Exclamation Wink

_________________
Microsoft: brings power of yesterday to computers of today.
Post 08 Oct 2003, 13:47
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.