Sniffer this code I have written last year, this semester is not very busy, conveniently review the network, and then try to write again.
In fact, when writing a sniffer, the main thing is to set the NIC to promiscuous mode. On this basis, the captured packets are analyzed.
This is my written effect diagram, currently only convenient to view, even the menu is not added:
The left side of the interface shows the link between the host and the host information, and the right is the selection of host information between the data interaction.
I think my sniffer should be a failure, or I can't really set the NIC to promiscuous mode. Because you can see that the above source address is all local host address, I downloaded video files, hundreds of KB per second of data interaction my program basically did not respond. Web page information is also sent to the data request, simply can not catch the receiving data. For this point hope Master can help me pointing.
The process of using the original socket to write the sniffer:
1 Use the socket to create the original socket based on the IP protocol.
2 Get the local IP address.
3 Bind the original socket to the local IP address.
4 Use the Ioctlsocket function to set socket option Sio_rcvall, that is, to accept all data.
5 endless calls to the recv function.