- This topic has 2 replies, 2 voices, and was last updated 18 years, 9 months ago by
.
Viewing 3 posts - 1 through 3 (of 3 total)
-
Posts
-
Hi,
How do I get only pop3/smtp packets using winpkfilter? How do I decode raw packets to see the content? Where may I find more VB examples of using that?
Regards,
Romano
How do I get only pop3/smtp packets using winpkfilter?
You will get all packets with WinpkFilter but you can selectively process SMTP/POP3 packets. In order to implement this you have to parse packet headers (Ethernet, IP, TCP) and check source/destination ports for SMTP/POP3 ones (25/110).
How do I decode raw packets to see the content? Where may I find more VB examples of using that?
In C parsing is easy (typecasting to structures):
pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;
if ( ntohs(pEthHeader->h_proto) == ETH_P_IP )
{
pIpHeader = (iphdr*)(PacketBuffer.m_IBuffer + ETHER_HEADER_LENGTH);
if (pIpHeader->ip_p == IPPROTO_TCP)
{
// This is TCP packet, get TCP header pointer
pTcpHeader = (tcphdr*)(((PUCHAR)pIpHeader) + sizeof(DWORD)*pIpHeader->ip_hl);
....I’m not a VB expert but getting Ethernet header is shown in WinpkFilter VB samples, getting other headers should be very similar.
Viewing 3 posts - 1 through 3 (of 3 total)
- You must be logged in to reply to this topic.