10. Packet sniffing, in C# and VB.NET
Packet sniffing has got a bad rap over the past few years,
since it makes it possible to read anything sent over the wire, whether it was
destined for your PC or not. This makes plain text username/password pair
protection laughably insecure. However, packet sniffing isn’t just a hacker’s
tool, it is an excellent non-invasive means of monitoring network traffic, to
scan for bandwidth usage, worms, DOS attacks etc.
Whilst it is possible to use native raw sockets in .NET to
capture packets at IP level, using a technique first published by Lance Olson
at Microsoft. This has some limitations, as it cannot drill down below IP
level, into the frame stack, nor can it capture in ‘promiscuous’ mode – that
is, packets destined for other machines.
However, by using an open-source packet driver, and a C++
DLL (available for download separately), it is possible to drill down into the
frame stack, below IP level, and capture packets promiscuously, as this example
To test this application, install the packet driver and DLL
as detailed in the book Network
programming in .NET (Buy at Amazon UK)
(Buy at Amazon US), and start the application, then open a browser, and
connect to any site you wish (excluding localhost!), and you will see all the
raw data travelling between client and server.
(Source code availabile in the book Network Programming in .NET (Buy at Amazon UK)
(Buy at Amazon US), Chapter 13,