View unanswered posts | View active topics
 
|
Page 1 of 1
|
[ 7 posts ] |
|
| Author |
Message |
|
swooshy
|
Post subject: Capturing packets without recv/send hook
 Posted: Mon Mar 12, 2012 5:33 pm
|
|
| User |
 |
Joined: Tue Oct 27, 2009 9:04 pm
|
|
Hi guys,
what options do i have to caputer packets from a certain process beside hooking the network functions of the process?
I tried to use WinPCap but at the moment i have an usb modem which is not supported by winpcap.
Any other options?
|
|
| Top |
|
|
DragonGeo2
|
Post subject: Re: Capturing packets without recv/send hook
Posted: Tue Mar 13, 2012 6:02 am
|
|
| User Gold |
 |
 |
Joined: Wed Sep 22, 2004 11:55 pm
Location: The Wired
|
|
If you only want to capture packets, then you can just fire up Wireshark, do your thing, and then save out the capture.
Or if you need to do realtime packet capturing, then you have a few options:
Write a Winsock LSP (layered service provider) to do your capturing in software at the Winsock-level
Write a driver that interfaces with NDIS and do your capturing at the driver-level
Buy a hardware packet capturing device (pricey)
Or just use a send/recv hook. There's loads of fun methods of getting that working. By the way, what's your goal in doing this packet capturing?
_________________
 Lewis Carroll wrote: Still she haunts me, phantom-wise, Alice moving under skies; Never seen by waking eyes... Name origins
|
|
| Top |
|
|
swooshy
|
Post subject: Re: Capturing packets without recv/send hook
Posted: Tue Mar 13, 2012 1:11 pm
|
|
| User |
|
Joined: Tue Oct 27, 2009 9:04 pm
|
|
I was just curious if there is another way to obtain the packet stream of a process.
Because when i try to capture packets with WPE Pro it doesnt catch the diablo 3 login packets. (WPE Pro hooks recv/send/sendto/recvfrom afaik). Maybe they load some kind of login module for the login process which isnt affected by the hook?
Sadly Wireshark uses WinPcap and so even wireshark doesnt work on my internet connection. It cannot find the USB modem.
|
|
| Top |
|
|
DragonGeo2
|
Post subject: Re: Capturing packets without recv/send hook
Posted: Wed Mar 14, 2012 6:03 am
|
|
| User Gold |
|
|
Joined: Wed Sep 22, 2004 11:55 pm
Location: The Wired
|
|
Why are you trying to capture the D3 login packets? I think that the packet format for those is already documented somewhere.
_________________
Lewis Carroll wrote: Still she haunts me, phantom-wise, Alice moving under skies; Never seen by waking eyes... Name origins
|
|
| Top |
|
|
swooshy
|
Post subject: Re: Capturing packets without recv/send hook
Posted: Wed Mar 14, 2012 6:27 am
|
|
| User |
|
Joined: Tue Oct 27, 2009 9:04 pm
|
|
Yes i know, i was just curious why the packets didnt show up on WPE Pro and if there is another possibility to capture them.
|
|
| Top |
|
|
crutex
|
Post subject: Re: Capturing packets without recv/send hook
Posted: Thu Mar 15, 2012 1:25 pm
|
|
| Half Moderator |
 |
 |
Joined: Tue Jul 23, 2002 1:43 pm
Location: gone
|
|
Run d3 in a vm with bridged network and capture the traffic from host to vm if you want to use wireshark with usb modem. (I think will work) does your usb modem not add a network device?
_________________
the best thing that's happened to bh
|
|
| Top |
|
|
Dark_Mage-
|
Post subject: Re: Capturing packets without recv/send hook
Posted: Thu Mar 15, 2012 6:31 pm
|
|
| Section Leader Gold |
 |
 |
Joined: Fri Sep 20, 2002 2:38 am
Location: ٩(͡๏̯͡๏)۶0x3CC4E7C0 CHATSUBO
|
|
| Top |
|
|
|
Page 1 of 1
|
[ 7 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 2 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
|
Login 
Register
FAQ
Search
