Packet Sniffing, Using a good packet sniffer to capture network port data

Hi.

Should we be calling this sub-forum Internet & Networking? No matter... I know this is the place for this post.

Background

Last year ragdog and I were talking about coding a status dialog for our ADSL Modem/Routers.

Well... I hit a road block on the project until I could find a good packet sniffer to help determine what is being POSTed to the router through HTTP when you want to load the status and settings pages.

Likewise I wanted to use the same technique to turn the router's Internet gateway on or off without the need to use a browser to run the router's built-in www.engine for changing its internal settings. ( Man the old Hayes AT Modem command days were so much easier for programmers, now the opposite is true! )

The main purpose of this idea was to increase the speed/access times and eliminate a lot of redundancy when updating the router settings.

Now if we took this a step further and groomed this into an LAN admin tool, it would be very easy to add some network activity logging with regard to the Internet gateway on the ADSL Modem + 10M/100M Router.

After experimenting from a proof of concept angle. This has some security bennefits and drawbacks.

• The only drawback would be stored credentials/passwords for router autentification and admining. Unless you want to be prompted for a password versus storing one for automation purposes?

• The main benefit seems to be no browser history on the local machine of accessing the router. Handy if your accessing the router accross the LAN or web and want to avoid such things from a different computer.


Ragdog did offer some advice for different packet sniffers and similar browser type plug-ins, but I could never get them to work on this retirement home PC.

Foreground

As of this morning I found a great utility at Nir's place! Its called SmartSniff.

This packet sniffer will work for Win7 systems backwards to Win95. WinPcap required for 9x systems

You can visit the download page here...

www.nirsoft.net/utils/smsniff.html

The site also features many other great tools.

Finally a tool that works! Keeping me from having to learn PHP/JAVA/HTML for now while staying focused with Assembler.

And thanks to XeS for helping too!

Great firefox addons for analysing HTTP/HTML/JS/....
-Live HTTP headers
-Firebug
-Web developer
-Firecookie
-Leetkey

To share network traffic dumps you should use something like TCPDump/WinDump. Because wireshark users can open such files and see a lot more information regarding the connection and the traffic. If you need more information you should try to get ethereal running. It's really great in comparism with smartsniff. And i'm sure it works with win98/ME.

With this link you can access all releases of ethereal:
http://www.ethereal.com/distribution/win32/all-versions/

With this link you can access all releases of wireshark:
http://www.wireshark.org/download/win32/all-versions/
1.2.5 is the last stable release! (2009-12-27)

Referencing supported plattforms from wireshark doc

Best regards,

XeS

Hi XeS.

Thanks for sharing this great information!

While working the project some more, I discovered this link for SDK's from Netgear...

Netgear GPL open source SDK's for Programmers

If the link does not work in the future, try Google Search: "Netgear SDK"

Although I have no real need for the SDK for my router, the download did include all the built-in www.engine files. ( Html, java, css, etc.)

Great reference for the project. Plus there are some web pages in the router I was not aware of!

I'll drop back into this thread again soon!

Hi... Just some follow-up here.

I've managed to get a dialog working that will fetch status information and allow toggling on or off, the internet gateway on this router by software vs. webware.

Do not get overly excited though.

The status information is not formatted & displayed yet, and I need to work on the authentification aspect of negotiating with the router.

Despite authenticating credentials, it works perfectly thus far. Virtually instant control of the router via stand alone PE versus a browser. It's so great not to have to load the settings web pages anymore!

The last consideration will be some logging abilities.


Currently the only delay is when recieving headers & content back from the router after issuing a POST command with a custom script. This seems normal and is nominal by comparison to using a browser. ( its a failrly good size control string anyway, over 375bytes )


Now after some experimentation over the last two days to see how communication with the router works, I have discovered that its built-in www.engine based configuration is pretty flexible with what you can send it with the POST method.

For example...

Here is a packet of the HttpRequest sent out with the new router control as seen with SmartSniff.

Naturally the size and content vary depending on the script data and its size.


Oh... one nice thing about this header versus one sent from the browser, is size!

The text you see for the header above is now only about 1/3 compared to the OEM browser based headers, which has a lot of extra junk that really has no effect for this intended application. Particularly the "Accepted Types" header entry.

Our new format is also easier to read and a bit more descriptive. A nice feature of a custom control. Do you not agree?

With this method of controlling the router another great bennefit is saving a lot of redundant disk activity!

No more cached browser files from router web setup or downloading them to disk, period! Unless desired. Plus it can be run from anywhere on the LAN without leaving tracks everywhere to cleanup.


Now that I can communicate effectively with the router, have learned about http headers, and reviewed the router SDK, I see some powerful flexiblity for customizing its engine.

Like adding new features, removing ones that never get used, and customizing the web interface. Although I probably will not be taking advantage of this since I'll need to learn more about php/java/html, something I really have little interest in presently, it is nice to know its there if needed later on.

Besides... this control almost has all the added features I've wanted for a while now without the need of such things.

Another possible bennefit when the time comes to add some logging features to this control, is that saving of logs locally can be added. The router lacks a built-in feature to save logs locally to a file, only send to email and/or syslog servers.


In summary...

This type of project really has a lot of possibilities, especially from an automation standpoint. Not to mention the same techniques should work with other routers & switches that have this type of setup mechinism.


Regards!


@XeS...

Thanks again for taking the time to explain some technical matters & share an example in MASM. btw - I like your style compared to the ICQ example from last year.


@Shoorick...

What say you? Is this in the category of BorgWare or GarbageWare?


@Anyone...

And does anyone have a link for the 2001 PSDK, or even the inet98.chm, or inet.chm file? I need better, readable, off-line help files.

Thanks. No problem at all.

I post the procedure for sending a http request so everyone can benefit of it.

The whole source code is attached at the bottom of the post.

It's only a quick written example. Be aware that it doesn't really contain any error handling!

Another thing you have to know about the "wininet.dll" is that it doesn't support chunk encoding. This means that the server can start sending his response before he know's the fixed size of it. You can do a workaround with "HTTP/1.0" if you pass NULL for "lpszVersion" but that would be ignored if you have internet explorer 5.1 or higher installed.

How to do it anyway:

source: Microsoft support

But be aware that this workaround would take affect to all applications which are using the wininet.dll!!!!



Best regards,

XeS

@Edit:
Damn... forgot the source code


Attached File ( Number of downloads: 40 )
 Login or Register to download