c# - how to sniff packets in an app without relying on WinPCap?

Greg picture Greg · Aug 15, 2010 · Viewed 17.9k times · Source

BACKGROUND: I now understand how to write a C# application that can monitor packets going in/out of the network card on the PC the application is running on. The approach I know relies on http://www.winpcap.org/ being already installed on the PC however, and then I use a C# wrapper such as http://pcapdotnet.codeplex.com/ or http://sourceforge.net/projects/sharppcap/ .

QUESTION: My question however, what would I need to do to be able to have a C# application that can sniff packets that does NOT require a 3rd party application/drivers to be pre-installed?

CLARIFICATION: That is I really want the application I currently have but without any requirement for me to tell the user to have to go and download/install XYZ prior to being able to use the application. For the purpose of the question assume that automating the download and install of a 3rd party application/drivers is not allowed either. (with WinPCap I'm not sure if you can bundle it, however I believe you're not supposed to in any case unfortunately)

thanks

Answer

Chris Taylor picture Chris Taylor · Aug 15, 2010

Personally I would stick to WinPCap. But since you asked, it is possible to sniff packets from the network using for the following code to enable raw sockets.

Socket s = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
s.Bind(new IPEndPoint(IPAddress.Parse("<IP Address Here of NIC to sniff>"), 0));
s.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, 1);
byte[] inBytes = new byte[] { 1, 0, 0, 0 };
byte[] outBytes = new byte[] { 0, 0, 0, 0 };
s.IOControl(IOControlCode.ReceiveAll, inBytes, outBytes);

Once this is done, you can use Socket.Receive or Socket.BeginReceive to read the raw IP packets.