-
VB 6.0: How is packet sniffing done?
How is packet sniffing done in Visual Basic 6.0?
I looked around a little bit and found the example http://pscode.com/vb/scripts/ShowCod...46567&lngWId=1 but it dosent seem to compair to ethersnoop when it comes to the IPv4-UPD protocall.
Another note: I use a 56k dileup modem and when I last looked for a packet sniffer/logger very few, if any, supported dileup.
-
Re: VB 6.0: How is packet sniffing done?
I've never really looked into packet sniffing, but I do know it shouldn't matter if you're on dial-up or not. All the packet work's done before it hits the hardware, be it a LAN port or a dial-up modem.
-
Re: VB 6.0: How is packet sniffing done?
If you Google for packet sniffers you will find some hits on them and there are some that you can download the source code. Studying the source code can give you more answers than anyone here could explain it. I downloaded the source code for one some time back and was able to use that source to make my own custom packet sniffer in VB. If I can find where I stored all that stuff I will post the info here but it will take me awhile to find it since it has been a few years ago and I dont remember exactly the name or where I put all that stuff.
-
Re: VB 6.0: How is packet sniffing done?
I can recommend the winpcap library, I dont know if its "directly" usable from VB6 or if you'd need to compile some kind of DLL yourself but...have a look at it, you might find something.
-
Re: VB 6.0: How is packet sniffing done?
Quote:
Originally Posted by Atheist
I can recommend the winpcap library, I dont know if its "directly" usable from VB6 or if you'd need to compile some kind of DLL yourself but...have a look at it, you might find something.
That's it. That is exactly what I downloaded and used it to make my own VB packet sniffers. And yes, it is in C so you will need to convert the code to DLL's and then use the DLL's in your VB program. Now if I can just remember where I put that stuff. Now since I know the name maybe I can find it sooner.
-
Re: VB 6.0: How is packet sniffing done?
I found the PacketX thinggy off the winpcap FAQ. The only documentation for it is how to add it to your project; didn't see any information on its use, but it did come with a VB6.0 example that I'm trying to muddle my way through.
-
Re: VB 6.0: How is packet sniffing done?
I have now have a working code as seen below. It seems to be displaying what seem to be hex numbers.
How do you convert a hex number to a string?
Code:
Dim WithEvents oPacketX As PacketX
Private Sub Form_Load()
Set oPacketX = New PacketX
'MsgBox oPacketX.Adapter.Description
oPacketX.Start
End Sub
Private Sub Form_Unload(Cancel As Integer) 'some cleanup
oPacketX.Stop
End Sub
Private Sub FileExit_Click() 'end program
End
End Sub
Private Sub oPacketX_OnPacket(ByVal pPacket As PacketXLib.IPktXPacket)
vnCounter = vnCounter + 1
Dim vByte As Variant
Dim sData As String
Dim nPosition, nColumns As Integer
nColumns = 16
For Each vByte In pPacket.Data
If nPosition = 8 Then
sData = sData + " "
End If
If vByte <= &HF Then
sData = sData + "0"
End If
sData = sData + Hex(vByte) + " "
Next
Text1.SelText = sData & vbCrLf & Text1.SelText
End Sub
-
Re: VB 6.0: How is packet sniffing done?
Isn't it already converted to a String and being displayed as such?
vByte is the value and sData is the Hex String of that value.
Example:
vByte = 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
sData = 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-
Re: VB 6.0: How is packet sniffing done?
Its displaying raw data.
I want to convert it to actual words.
IE: according to eathersnoop
3A 68 6D 6D 6D 0A
converts to
:hmmm.
68 = h
6D = m
-
Re: VB 6.0: How is packet sniffing done?
Well first you say convert to string and now you say convert to words. Make up your mind.
Define word
Are you saying you want a space between each HEX digit?
Most hex dump displays are in the following format:
Code:
0000000000 00 00 3B C7 0F 85 33 00 04 00 8B C7 5F C2 04 00 ..;...3....._...
0000000010 56 8B F1 F6 86 58 01 00 00 06 75 1C FF 15 20 12 V....X....u... .
0000000020 00 71 8B 8E 54 01 00 00 81 C1 C4 09 00 00 3B C1 .q..T.........;.
0000000030 72 15 33 C0 5E C2 04 00 0F B7 44 24 08 83 F8 0A r.3.^.....D$....
0000000040 7C 05 83 F8 11 7E EB 68 8A 7F 00 00 6A 00 FF 15 |......h....j...
0000000050 98 12 00 71 50 FF 15 14 19 00 71 33 C0 40 EB D4 ...qP.....q3.@..
0000000060 F0 92 08 71 E8 64 00 71 17 81 01 71 81 8F 08 71 ...q.d.q...q...q
0000000070 F2 64 00 71 8A 8A 08 71 30 49 09 71 E8 64 00 71 .d.q...q0I.q.d.q
0000000080 FD 8A 01 71 7B 8D 01 71 CB B4 04 71 30 49 09 71 ...q{..q...q0I.q
0000000090 E8 64 00 71 FD 8A 01 71 81 46 09 71 F4 46 09 71 .d.q...q.F.q.F.q
00000000A0 30 49 09 71 E8 64 00 71 FD 8A 01 71 4E 8D 01 71 0I.q.d.q...qN..q
00000000B0 3B 47 09 71 52 9B 0A 71 E8 64 00 71 9F 9E 0A 71 ;G.qR..q.d.q...q
Is this what you want?
-
Re: VB 6.0: How is packet sniffing done?
I want to change the ZZs to what shows up in the QQQQs
-
Re: VB 6.0: How is packet sniffing done?
Most hex dump displays are in the following format:
Code:
0000000000 00 00 3B C7 0F 85 33 00 04 00 8B C7 5F C2 04 00 ..;...3....._...
0000000010 56 8B F1 F6 86 58 01 00 00 06 75 1C FF 15 20 12 V....X....u... .
0000000020 00 71 8B 8E 54 01 00 00 81 C1 C4 09 00 00 3B C1 .q..T.........;.
0000000030 72 15 33 C0 5E C2 04 00 0F B7 44 24 08 83 F8 0A r.3.^.....D$....
0000000040 7C 05 83 F8 11 7E EB 68 8A 7F 00 00 6A 00 FF 15 |......h....j...
0000000050 98 12 00 71 50 FF 15 14 19 00 71 33 C0 40 EB D4 ...qP.....q3.@..
0000000060 F0 92 08 71 E8 64 00 71 17 81 01 71 81 8F 08 71 ...q.d.q...q...q
0000000070 F2 64 00 71 8A 8A 08 71 30 49 09 71 E8 64 00 71 .d.q...q0I.q.d.q
0000000080 FD 8A 01 71 7B 8D 01 71 CB B4 04 71 30 49 09 71 ...q{..q...q0I.q
0000000090 E8 64 00 71 FD 8A 01 71 81 46 09 71 F4 46 09 71 .d.q...q.F.q.F.q
00000000A0 30 49 09 71 E8 64 00 71 FD 8A 01 71 4E 8D 01 71 0I.q.d.q...qN..q
00000000B0 3B 47 09 71 52 9B 0A 71 E8 64 00 71 9F 9E 0A 71 ;G.qR..q.d.q...q
Is this what you want?
-
Re: VB 6.0: How is packet sniffing done?
Yes, just the section on the right.
-
Re: VB 6.0: How is packet sniffing done?
debug.print Chr(Val("&H" & "6D")) returns m
but when I change a line in the code to
sData = sData + Chr(Val("&H" & Hex(vByte))) + " "
it dosent seem to come out right
-
Re: VB 6.0: How is packet sniffing done?
You're making more out of it than necessary
Instead of
sData = sData + Chr(Val("&H" & Hex(vByte))) + " "
do this
sData = sData & Hex(vByte) & " "
WAIT A MINUTE:
Isn't "m" what you want? That's the translation of "6D" But why are you putting a space after each hex translation?
Of course you could simplify it
sData = sData & Chr(vByte) & " "
-
Re: VB 6.0: How is packet sniffing done?
Quote:
Isn't "m" what you want? That's the translation of "6D"
That is correct.
6D is a the hex number 109, wich is the carater code for m ( chr(109) returns m)
-
Re: VB 6.0: How is packet sniffing done?
So then what is your problem?
-
Re: VB 6.0: How is packet sniffing done?
Its not translating correctly, I keep getting a bunch of garbage and nothing that resembles what it *should* be. I'm trying to decode it into text, but im not getting any text from it.
-
Re: VB 6.0: How is packet sniffing done?
You are hard to follow.
Show me the original input data and also show me what you are getting (the garbage of what it *should be*) and show me the code that you are using. The examples I posted for you above gives you what you want so maybe you are not using them in the correct way or manner.
-
1 Attachment(s)
Re: VB 6.0: How is packet sniffing done?
Code:
2C 34 20 00 02 00 00 00 02 00 00 00 08 00 45 00 00 4B 1B C2 40 00 80 06 77 9E D8 B2 33 7C D8 9B 82 82 04 65 1F 42 10 C7 4F F3 FC F8 C0 B9 50 18 21 33 F9 52 00 00 50 52 49 56 4D 53 47 20 23 6D 79 63 68 61 6E 6E 65 6C 20 3A 74 68 69 73 20 69 73 20 61 20 74 65 73 74 0A
is a packet capture from mIRC.
EatherSnoop reads the last part as
PRIVMSG #mychannel :this is a test.
but all im getting is
,4
project is attached
-
Re: VB 6.0: How is packet sniffing done?
Kind of difficult to test with without the DLL but I will try to do it without the DLL using my modified code
-
Re: VB 6.0: How is packet sniffing done?
OK, it doesn't matter.
Your problem is that you are sending non-printable characters to the textbox.
Consider your hex string:
2C342000
This translates as ",4 "
2C = ,
34 = 4
20 = space
00 = non-printable character which causes the text box to terminate.
You need to examine each byte and if it is a non-printable character you need to subsitute a period (.) for that character. That's why you saw the hex dump as I posted it with a lot of periods in it.
Code:
0000000000 00 00 3B C7 0F 85 33 00 04 00 8B C7 5F C2 04 00 ..;...3....._...
0000000010 56 8B F1 F6 86 58 01 00 00 06 75 1C FF 15 20 12 V....X....u... .
0000000020 00 71 8B 8E 54 01 00 00 81 C1 C4 09 00 00 3B C1 .q..T.........;.
0000000030 72 15 33 C0 5E C2 04 00 0F B7 44 24 08 83 F8 0A r.3.^.....D$....
0000000040 7C 05 83 F8 11 7E EB 68 8A 7F 00 00 6A 00 FF 15 |......h....j...
0000000050 98 12 00 71 50 FF 15 14 19 00 71 33 C0 40 EB D4 ...qP.....q3.@..
0000000060 F0 92 08 71 E8 64 00 71 17 81 01 71 81 8F 08 71 ...q.d.q...q...q
0000000070 F2 64 00 71 8A 8A 08 71 30 49 09 71 E8 64 00 71 .d.q...q0I.q.d.q
0000000080 FD 8A 01 71 7B 8D 01 71 CB B4 04 71 30 49 09 71 ...q{..q...q0I.q
0000000090 E8 64 00 71 FD 8A 01 71 81 46 09 71 F4 46 09 71 .d.q...q.F.q.F.q
00000000A0 30 49 09 71 E8 64 00 71 FD 8A 01 71 4E 8D 01 71 0I.q.d.q...qN..q
00000000B0 3B 47 09 71 52 9B 0A 71 E8 64 00 71 9F 9E 0A 71 ;G.qR..q.d.q...q
Unles it is actually a period all of the periods in the above character translation part (the right side) are non-printable characters.
-
Re: VB 6.0: How is packet sniffing done?
That helps me quite a bit. Thankyou
-
Re: VB 6.0: How is packet sniffing done?
Code:
Public Function ToStr(ByVal strString As String) As String
strString = Replace(strString, " ", "")
Dim A&, strOut$, strC$
strOut$ = ""
For A = 1 To Len(strString) Step 2
If Val("&H" & Mid(strString, A, 2)) < 32 Or Val("&H" & Mid(strString, A, 2)) > 126 Then
strOut = strOut & "."
Else
strOut = strOut & Chr(Val("&H" & Mid(strString, A, 2)))
End If
Next A
ToStr = strOut
End Function