Results 1 to 24 of 24

Thread: VB 6.0: How is packet sniffing done?

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    VB 6.0: How is packet sniffing done?

    How is packet sniffing done in Visual Basic 6.0?

    I looked around a little bit and found the example http://pscode.com/vb/scripts/ShowCod...46567&lngWId=1 but it dosent seem to compair to ethersnoop when it comes to the IPv4-UPD protocall.

    Another note: I use a 56k dileup modem and when I last looked for a packet sniffer/logger very few, if any, supported dileup.

  2. #2
    Junior Member MushroomSamba's Avatar
    Join Date
    Sep 2008
    Location
    In my room.
    Posts
    19

    Re: VB 6.0: How is packet sniffing done?

    I've never really looked into packet sniffing, but I do know it shouldn't matter if you're on dial-up or not. All the packet work's done before it hits the hardware, be it a LAN port or a dial-up modem.

  3. #3
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    If you Google for packet sniffers you will find some hits on them and there are some that you can download the source code. Studying the source code can give you more answers than anyone here could explain it. I downloaded the source code for one some time back and was able to use that source to make my own custom packet sniffer in VB. If I can find where I stored all that stuff I will post the info here but it will take me awhile to find it since it has been a few years ago and I dont remember exactly the name or where I put all that stuff.

  4. #4
    Raging swede Atheist's Avatar
    Join Date
    Aug 2005
    Location
    Sweden
    Posts
    8,018

    Re: VB 6.0: How is packet sniffing done?

    I can recommend the winpcap library, I dont know if its "directly" usable from VB6 or if you'd need to compile some kind of DLL yourself but...have a look at it, you might find something.
    Rate posts that helped you. I do not reply to PM's with coding questions.
    How to Get Your Questions Answered
    Current project: tunaOS
    Me on.. BitBucket, Google Code, Github (pretty empty)

  5. #5
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    Quote Originally Posted by Atheist
    I can recommend the winpcap library, I dont know if its "directly" usable from VB6 or if you'd need to compile some kind of DLL yourself but...have a look at it, you might find something.
    That's it. That is exactly what I downloaded and used it to make my own VB packet sniffers. And yes, it is in C so you will need to convert the code to DLL's and then use the DLL's in your VB program. Now if I can just remember where I put that stuff. Now since I know the name maybe I can find it sooner.

  6. #6

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    I found the PacketX thinggy off the winpcap FAQ. The only documentation for it is how to add it to your project; didn't see any information on its use, but it did come with a VB6.0 example that I'm trying to muddle my way through.

  7. #7

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    I have now have a working code as seen below. It seems to be displaying what seem to be hex numbers.

    How do you convert a hex number to a string?

    Code:
    Dim WithEvents oPacketX As PacketX
    Private Sub Form_Load()
    
    Set oPacketX = New PacketX
    'MsgBox oPacketX.Adapter.Description
    
    oPacketX.Start
    
    
    End Sub
    Private Sub Form_Unload(Cancel As Integer) 'some cleanup
    
        oPacketX.Stop
    
    End Sub
    
    Private Sub FileExit_Click() 'end program
      End
    End Sub
    Private Sub oPacketX_OnPacket(ByVal pPacket As PacketXLib.IPktXPacket)
      vnCounter = vnCounter + 1
    
      Dim vByte As Variant
      Dim sData As String
      Dim nPosition, nColumns As Integer
      nColumns = 16
      For Each vByte In pPacket.Data
        If nPosition = 8 Then
          sData = sData + " " 
        End If
        If vByte <= &HF Then
          sData = sData + "0"
        End If
        sData = sData + Hex(vByte) + " "
      Next
      Text1.SelText = sData & vbCrLf & Text1.SelText
    End Sub

  8. #8
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    Isn't it already converted to a String and being displayed as such?

    vByte is the value and sData is the Hex String of that value.

    Example:

    vByte = 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
    sData = 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    Last edited by jmsrickland; Sep 28th, 2008 at 09:15 AM.

  9. #9

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    Its displaying raw data.

    I want to convert it to actual words.

    IE: according to eathersnoop

    3A 68 6D 6D 6D 0A
    converts to
    :hmmm.

    68 = h
    6D = m

  10. #10
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    Well first you say convert to string and now you say convert to words. Make up your mind.

    Define word

    Are you saying you want a space between each HEX digit?

    Most hex dump displays are in the following format:
    Code:
    0000000000  00 00 3B C7 0F 85 33 00 04 00 8B C7 5F C2 04 00   ..;...3....._... 
    0000000010  56 8B F1 F6 86 58 01 00 00 06 75 1C FF 15 20 12   V....X....u... . 
    0000000020  00 71 8B 8E 54 01 00 00 81 C1 C4 09 00 00 3B C1   .q..T.........;. 
    0000000030  72 15 33 C0 5E C2 04 00 0F B7 44 24 08 83 F8 0A   r.3.^.....D$.... 
    0000000040  7C 05 83 F8 11 7E EB 68 8A 7F 00 00 6A 00 FF 15   |......h....j... 
    0000000050  98 12 00 71 50 FF 15 14 19 00 71 33 C0 40 EB D4   ...qP.....q3.@.. 
    0000000060  F0 92 08 71 E8 64 00 71 17 81 01 71 81 8F 08 71   ...q.d.q...q...q 
    0000000070  F2 64 00 71 8A 8A 08 71 30 49 09 71 E8 64 00 71   .d.q...q0I.q.d.q 
    0000000080  FD 8A 01 71 7B 8D 01 71 CB B4 04 71 30 49 09 71   ...q{..q...q0I.q 
    0000000090  E8 64 00 71 FD 8A 01 71 81 46 09 71 F4 46 09 71   .d.q...q.F.q.F.q 
    00000000A0  30 49 09 71 E8 64 00 71 FD 8A 01 71 4E 8D 01 71   0I.q.d.q...qN..q 
    00000000B0  3B 47 09 71 52 9B 0A 71 E8 64 00 71 9F 9E 0A 71   ;G.qR..q.d.q...q
    Is this what you want?
    Last edited by jmsrickland; Sep 28th, 2008 at 10:20 AM.

  11. #11

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    I want to change the ZZs to what shows up in the QQQQs

  12. #12
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    Most hex dump displays are in the following format:

    Code:
    0000000000  00 00 3B C7 0F 85 33 00 04 00 8B C7 5F C2 04 00   ..;...3....._... 
    0000000010  56 8B F1 F6 86 58 01 00 00 06 75 1C FF 15 20 12   V....X....u... . 
    0000000020  00 71 8B 8E 54 01 00 00 81 C1 C4 09 00 00 3B C1   .q..T.........;. 
    0000000030  72 15 33 C0 5E C2 04 00 0F B7 44 24 08 83 F8 0A   r.3.^.....D$.... 
    0000000040  7C 05 83 F8 11 7E EB 68 8A 7F 00 00 6A 00 FF 15   |......h....j... 
    0000000050  98 12 00 71 50 FF 15 14 19 00 71 33 C0 40 EB D4   ...qP.....q3.@.. 
    0000000060  F0 92 08 71 E8 64 00 71 17 81 01 71 81 8F 08 71   ...q.d.q...q...q 
    0000000070  F2 64 00 71 8A 8A 08 71 30 49 09 71 E8 64 00 71   .d.q...q0I.q.d.q 
    0000000080  FD 8A 01 71 7B 8D 01 71 CB B4 04 71 30 49 09 71   ...q{..q...q0I.q 
    0000000090  E8 64 00 71 FD 8A 01 71 81 46 09 71 F4 46 09 71   .d.q...q.F.q.F.q 
    00000000A0  30 49 09 71 E8 64 00 71 FD 8A 01 71 4E 8D 01 71   0I.q.d.q...qN..q 
    00000000B0  3B 47 09 71 52 9B 0A 71 E8 64 00 71 9F 9E 0A 71   ;G.qR..q.d.q...q
    Is this what you want?

  13. #13

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    Yes, just the section on the right.

  14. #14

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    debug.print Chr(Val("&H" & "6D")) returns m
    but when I change a line in the code to
    sData = sData + Chr(Val("&H" & Hex(vByte))) + " "
    it dosent seem to come out right

  15. #15
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    You're making more out of it than necessary

    Instead of

    sData = sData + Chr(Val("&H" & Hex(vByte))) + " "

    do this

    sData = sData & Hex(vByte) & " "

    WAIT A MINUTE:

    Isn't "m" what you want? That's the translation of "6D" But why are you putting a space after each hex translation?

    Of course you could simplify it

    sData = sData & Chr(vByte) & " "
    Last edited by jmsrickland; Sep 28th, 2008 at 12:02 PM.

  16. #16

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    Isn't "m" what you want? That's the translation of "6D"
    That is correct.

    6D is a the hex number 109, wich is the carater code for m ( chr(109) returns m)

  17. #17
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    So then what is your problem?

  18. #18

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    Its not translating correctly, I keep getting a bunch of garbage and nothing that resembles what it *should* be. I'm trying to decode it into text, but im not getting any text from it.

  19. #19
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    You are hard to follow.

    Show me the original input data and also show me what you are getting (the garbage of what it *should be*) and show me the code that you are using. The examples I posted for you above gives you what you want so maybe you are not using them in the correct way or manner.

  20. #20

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    Code:
    2C 34 20 00 02 00 00 00 02 00 00 00 08 00 45 00 00 4B 1B C2 40 00 80 06 77 9E D8 B2 33 7C D8 9B 82 82 04 65 1F 42 10 C7 4F F3 FC F8 C0 B9 50 18 21 33 F9 52 00 00 50 52 49 56 4D 53 47 20 23 6D 79 63 68 61 6E 6E 65 6C 20 3A 74 68 69 73 20 69 73 20 61 20 74 65 73 74 0A
    is a packet capture from mIRC.
    EatherSnoop reads the last part as
    PRIVMSG #mychannel :this is a test.

    but all im getting is
    ,4

    project is attached
    Attached Files Attached Files

  21. #21
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    Kind of difficult to test with without the DLL but I will try to do it without the DLL using my modified code

  22. #22
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    OK, it doesn't matter.

    Your problem is that you are sending non-printable characters to the textbox.

    Consider your hex string:

    2C342000

    This translates as ",4 "

    2C = ,
    34 = 4
    20 = space
    00 = non-printable character which causes the text box to terminate.

    You need to examine each byte and if it is a non-printable character you need to subsitute a period (.) for that character. That's why you saw the hex dump as I posted it with a lot of periods in it.
    Code:
    0000000000  00 00 3B C7 0F 85 33 00 04 00 8B C7 5F C2 04 00   ..;...3....._... 
    0000000010  56 8B F1 F6 86 58 01 00 00 06 75 1C FF 15 20 12   V....X....u... . 
    0000000020  00 71 8B 8E 54 01 00 00 81 C1 C4 09 00 00 3B C1   .q..T.........;. 
    0000000030  72 15 33 C0 5E C2 04 00 0F B7 44 24 08 83 F8 0A   r.3.^.....D$.... 
    0000000040  7C 05 83 F8 11 7E EB 68 8A 7F 00 00 6A 00 FF 15   |......h....j... 
    0000000050  98 12 00 71 50 FF 15 14 19 00 71 33 C0 40 EB D4   ...qP.....q3.@.. 
    0000000060  F0 92 08 71 E8 64 00 71 17 81 01 71 81 8F 08 71   ...q.d.q...q...q 
    0000000070  F2 64 00 71 8A 8A 08 71 30 49 09 71 E8 64 00 71   .d.q...q0I.q.d.q 
    0000000080  FD 8A 01 71 7B 8D 01 71 CB B4 04 71 30 49 09 71   ...q{..q...q0I.q 
    0000000090  E8 64 00 71 FD 8A 01 71 81 46 09 71 F4 46 09 71   .d.q...q.F.q.F.q 
    00000000A0  30 49 09 71 E8 64 00 71 FD 8A 01 71 4E 8D 01 71   0I.q.d.q...qN..q 
    00000000B0  3B 47 09 71 52 9B 0A 71 E8 64 00 71 9F 9E 0A 71   ;G.qR..q.d.q...q
    Unles it is actually a period all of the periods in the above character translation part (the right side) are non-printable characters.

  23. #23

    Thread Starter
    Addicted Member
    Join Date
    Oct 2006
    Posts
    172

    Re: VB 6.0: How is packet sniffing done?

    That helps me quite a bit. Thankyou

  24. #24
    PowerPoster
    Join Date
    Jan 2008
    Posts
    11,074

    Re: VB 6.0: How is packet sniffing done?

    Code:
    Public Function ToStr(ByVal strString As String) As String
     strString = Replace(strString, " ", "")
    
     Dim A&, strOut$, strC$
    
     strOut$ = ""
    
     For A = 1 To Len(strString) Step 2
       If Val("&H" & Mid(strString, A, 2)) < 32 Or Val("&H" & Mid(strString, A, 2)) > 126 Then
         strOut = strOut & "."
       Else
         strOut = strOut & Chr(Val("&H" & Mid(strString, A, 2)))
       End If
     Next A
    
     ToStr = strOut
    End Function

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width