Results 1 to 7 of 7

Thread: VB6 - Packet Ananlyzer

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,470

    VB6 - Packet Ananlyzer

    PacketVB Version 2 is a Network Packet Analyzer. It utilizes Windows Packet Filter Kit 3.2.3 from NT Kernel Resources, which is available for download free of charge for personal use. This version of the Filter Kit supports IPv6, and loads on all supported versions of Windows (including 64 bit). After upgrading Version 1 to work with this latest version of "NDISRD.sys", I discovered that it did not work properly on Win 8.1. The data view window requires a fixed width font, for which I chose the Terminal Font due to it's limited width. This font exists on Win 8.1 (dosapp.fon), but is not enabled by default. The font that Windows chose to use in it's place exceeded the width allowed for in the data view window.

    So I chose to use the Courier New Font instead. This caused a major rewrite of the program because I had to change all the allowances for width.

    PacketVB also uses COMDLG32.OCX, MSFLXGRD.OCX, and mscomctl.ocx, which the user must have available.

    PacketVB supports IPv6, but as usual it has undergone very limited testing for this particular protocol because of the lack of a native IPv6 network other than local. If someone has access to such a Wide Area Network, I would appreciate feedback.

    J.A. Coutts

    Bug Fixes: 01/04/2015 - See later post for details.
    Bug Fix: 01/06/2018 - See later post for details.
    Attached Images Attached Images  
    Attached Files Attached Files
    Last edited by couttsj; Jan 6th, 2018 at 05:49 PM.

  2. #2

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,470

    Re: VB6 - Packet Ananlyzer

    With the "Filter On" option checked, PacketVB would not capture any packets. Hex strings were changed to use 3 characters for every byte, but the adapter MAC address was formatted without the trailing colon. The colon was added to the adapter address.

    The other problem was considerably more difficult to debug. Using the NDISRD filter in the LISTEN mode (versus the TUNNEL mode), and with the NDIS_PACKET_TYPE_PROMISCUOUS mode set, the Interface appeared to not get released, even though no errors were produced during the ReleaseInterface routine. The consequence of this was that network access was disabled until the computer was rebooted.

    Attempts to isolate the problem were unsuccessful, but the routines to setup and release the Interface were the same as the sample PacketSniffer program that I updated to work with the latest version of WinpkFilter. Since the PacketSniffer program did not exhibit the same problem, I took that program and gradually added the code from PacketVB until the problem surfaced. The very last change was to add support for the Check box options. The problem that surfaced was not exactly the same as the original program, in that PacketVB did not want to capture packets originating from other machines on the network (Promiscuous Mode). That was resolved by clearing the "PacketBuffer" on packets that were not being examined.

    When I transferred those changes to the original program, it did not correct the issue, so I still don't know what caused the original problem. This newer version (2.0.1) has been tested on Windows Vista and Windows 8.1.

    J.A. Coutts
    Last edited by couttsj; Jan 8th, 2015 at 01:59 AM.

  3. #3

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,470

    Re: VB6 - Packet Ananlyzer

    Bug Fix
    I discovered that if the user just wanted to examine saved packets, and did not actually start the active capture, the network adapter would hang when the program exited. The only way to reactivate it was to reboot. The problem was traced to the Network Interface being released before it was started, so a flag was added to follow it's state.

    J.A. Coutts

  4. #4
    Junior Member
    Join Date
    Mar 2016
    Posts
    16

    Re: VB6 - Packet Ananlyzer

    Is there possibility to decode SMB packets to get list of files transferred over network?

  5. #5

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,470

    Re: VB6 - Packet Ananlyzer

    Quote Originally Posted by izero76 View Post
    Is there possibility to decode SMB packets to get list of files transferred over network?
    PacketVB is a Packet capture utility. It does not attempt to analyze the data being transported, just the transport method itself. That does not mean that it cannot be made to do so, but it does not do it inherently.

    I cannot minimize the difficulty in analyzing SMB packets. WireShark attempts to do that, and I do not know how successful it is. There are different versions (1.0, 2.0, 2.1, 3.0) operating over different ports (137/138, 139, 445), and the client and server will negotiate what to use.

    SMB1 had more than 10 dialects and supported over a hundred different commands. SMB2 reduced that to 19 commands and improved performance. SMB3 supports parallel sessions.

    J.A. Coutts

  6. #6
    Junior Member
    Join Date
    Mar 2016
    Posts
    16

    Re: VB6 - Packet Ananlyzer

    Quote Originally Posted by couttsj View Post
    PacketVB is a Packet capture utility. It does not attempt to analyze the data being transported, just the transport method itself. That does not mean that it cannot be made to do so, but it does not do it inherently.
    Hi, thanks, I know it is capturing utility Wireshark is able to analyze SMB, some Nirsoft utilities also capture and analyze SMB. I am interested to create some monitoring tool or extend my USB file copy monitor. So I must study SMB packet by yourself Thanks for your shared code

  7. #7
    Junior Member
    Join Date
    Aug 2006
    Posts
    24

    Re: VB6 - Packet Ananlyzer

    great thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width