I am wanting to write a C# service which runs on my server and monitors network traffic and writes it to a database for analysis. I have used Wireshark, but I think that Microsoft Network Monitor may have a better C# .NET interface for programming against. Is this true?
Can you point me to some good code samples for using Microsoft Network Monitor?
Wireshark uses the pcap (or possibly winpcap) library to capture network packets. Although they are written in C/C++ there are various .net wrappers available for them including WinPcapNet, SharpPcap and Pcap.net. I haven't used any of these so I can't comment on their usability.
I'm posting this from my phone so it's an absolute pain adding links, if you go to the Wikipedia page for pcap you should find the links you need there.
I ended up using SharpPcap, it is a great utility.
Related
I want to write a method in C# to check which applications in my machine/server are using internet connection at a particular point in time and if possible, how much bandwidth they are using. Can anyone please help me get a head start on this?
I decided to write an answer because comments are too small.
Well, reading other Q&A on stackoverflow and looking around on the internet, I didn't find a simple solution for your problem.
Actually, for .NET processes is really simple, you just need to retrieve informations from ".NET CLR Networking - Bytes Received/Bytes Sent" performance counters, as shown in this Q&A
But in general, getting per-process used bandwidth isn't an easy work.
For example "Microsoft Network Monitor" sniffer can trace the process that generates internet packets only for TCP traffic, because probably it maps IP-port pairs with processes using them (or something similar, TCP is a connected protocol so it is simpler).
Anyway if you want to give it a try you can use the exposed API (look at this blog entry for some hint).
However, as suggested in these Q&A's (LINK 1, LINK 2), the right, and probably the only way, is to write a NDIS/TDI driver that can intercept network traffic and exposing a .NET callable API to it.
The problem is that such drivers can't be written in managed code, and so you need to implement it in C/C++.
Obviously, if you manage to find an already written driver/sniffer exposing a callable API, you can use it.
For example WinPCap has one (and some .NET wrappers like SharpPCap or PCap.Net), but I don't think (not sure) it's able to get packets's source-process information.
As digEmAll noted, in pre-Vista Windows you are reduced to writing your own driver or using a 3-rd party one. In Vista, 2008 and Windows 7 you can use the GetPerTcpConnectionEStats API (there is a large example of its usage on the MSDN page). Resource Monitor relies on this API, together with the older GetTcpTable/GetTcpRow APIs, for extended network statistics.
I found Process Monitor as a very useful tool and it served my purpose so I didnt had to write any code although i am yet to check out whether it gives any API which i can use in my application to get some information I need.
Thanks everyone for helping me out.
Greeting,
This month I will start working on my master thesis. My thesis's subject is about network security.
I need to deal with network interfaces and packets.
I've used shappcap before to interact with packets but I'm not sure if C# is the most powerful language to deal with network programing and packets.
I worked a bit with wireshark and I saw how powerful it is and as you know winsharp is open source developed using C++.
I'm not sure if I should use C# or C++ for network security programming and I want your through about the best language might be for network programming and packets interaction.
should I use C#, C++, or java or some thing else?
please give me your advice.
Thank you,
UPDATE
..........................
I'm going to do different packet mining by taking each packet and read each field on it then use these values and in same stages I would modify some of the packets value then resend them back.
I want to control the packet since it received by the network interface until it passes to the application layer.
also
You'd be able to do network programming using almost any language you want to. If you are equally comfortable in all of the languages you've mentioned, you should determine what system libraries or APIs will you be interfacing with. For example, if you will be doing packet-level network programming on a Unix system, C would probably be your best best. If you want to integrate with Wireshark, go with C++. If you want to use an Apache Commons component, use Java. I suggest you come up with a more specific set of requirements for your actual program before trying to decide which language to use.
WireShark uses WinPCap so you could go that route as well.
For security application, is that a intrution detection system or do you actually want to drop offending packets? WinPCap, SharpPCap etc. do not allow you you drop packets, for this you will need to look at some kind of intermediate driver or look at Windows Filtering Platform (WFP)
http://www.microsoft.com/whdc/device/network/WFP.mspx
IMHO, if you can find a callback driver that calls back to user mode and allows you to filter the packets from C# or C++, this would probably be fine for experimental purposes etc. but for a production solution, I think you would need to stick to the kernel level to ensure that you can keep-up with the peek volume.
Use C++, Boost and Poco and you can do what you want. Boost asio is: Portable networking, including sockets, timers, hostname resolution and socket iostreams. Poco library also provides solutions for network, cryprography NetSSL ... and more. For more information you can visit www.boost.org and www.pocoproject.org
You can use java if you like - jpcap works well.
I would suggest using C#, since there is a very strong library called Pcap.Net that wraps WinPcap with .NET code. This should make it easy for you to receive, send and interpret packets different packets of different protocols.
Could you people please give some good resource / ideas of implementing VOIP in c#.net, Asp.net or Java.
Why I am specifying 2 different language platforms is we are yet to take up a call.
Basically we don't have the idea henceforth the concept is more important to us.
We are going to make a White board application and one of the client requirement is
White board should have VOIP
conferencing, chat image sharing and
ability to upload .pdf files
I reckon your looking into developing software like orange business webex or something similar. The software is not too difficult to develop. First, are you planning to write the entire application yourself or just purchase the components and integrate ? I would recommend you shop around for components and just integrate because VOIP is rather complex.
Here is a link for SIP communicator in java which supports VOIP
Doing simple point-to-point VOIP isn't too difficult. Basically, you need a codec on each end, and then typically use UDP to send encoded packets from one end to the other.
There can also be network connectivity issues, particularly related to NAT.
If you want to interoperate with existing VOIP-based systems, then you will need to support one of the underlying connection protocols, such as H.323, and you may also need monitoring and control over RTP. Those protocols are notoriously complex.
There are a bunch of tricks to play when doing this kind of thing with a managed language like C# or Java, particularly related to avoiding hiccups due to GC.
A link to a few more Java VOIP projects/components:
http://voip.dev.java.net/
One "gotcha" to beware of, in terms of future functionality, is that Java's (as opposed to JavaFX's) video support is something of an open question at the moment.
I'm developing what is essentially a specialized firewall application. The solution needs to be 32 and 64-bit compatible. My company wants to keep the current program interface, which is written in C#.
What I need is this: a way to monitor and manipulate all network traffic on the system. My research has led me to believe that a NDIS (Network Driver Interface Specification) Intermediate driver is the way to go. If I can write this kind of driver in C#, great, but I'm not sure that's possible. At the very least, I need an interface in C# to a driver written in any language.
I found a great resource online for creating one in a series of articles entitled "Extending the Microsoft PassThru NDIS Intermediate Driver":
Part 1 - Adding a DeviceIoControl Interface
Part 2 - Two IP Address Blocking NDIS IM Drivers
Part 3 - Supporting Windows XP 64-Bit Edition
However, it is dated (2003). Before I invest in reading and learning what it has to say, I want to make sure I'm not wasting my time.
Is there a better way to do this? Are there any open source projects or articles that explain the process better than the articles above? Am I even in the ballpark? Help please.
There's another page from the same author, titled Windows Network Data and Packet Filtering, which provides "a brief introduction to various techniques that can be used to filter network data and network packets on the Microsoft Windows platforms".
It mentions others options, e.g. "TDI flter driver" and "User-Mode Network Data Filtering", which may suit instead, depending on whether you really want to manipulate all the network traffic on the system.
My requirement is to write an application to send a file from a remote machine to another machine using internal modem. Both system are connected thru VPN or a internet.
Basically we have two systems both having internal dial up modems. The two systems are connected through either VPN or Internet.
One system should send a file (XML) to another.
I was given the freedom to do it in either C++ or C#. Or is there any other language we can do this easily?
How can I go about this task? Do we need an client/server type application or do we need an app only at the receiving end?
Is there any built in technology available for this type of file transfers using modems?
Since I don't have the programming point of view, my question may not be clear! I tried to put max information on my requirements, but if I am not clear, please ask me.
If you are connected via a VPN, then there are many existing programs available to transfer files between each other. The most well known is FTP. There are many freely available FTP or SFTP packages.
The fact that you are using a modem does not matter. Only that they are in the same network or visible on the internet.
It's been a while, so my memory is fuzzy:
There are modem libraries out there. Find one and use it. No need to reinvent the low level software. I seem to remember using a product from Dialogic (At least I think that was the company). It worked well. I did a quick search and there are 50 companies with that name, but I did see some that mention C, C++ and C# librariers. If you do a little research you'll find what you need.
You will need to learn how to initiate communications between the modems. Almost all modems use the Hayes Modem AT Command Set.
Modems are slow: So pick a compression algorithm before sending data. zlib is an industry favorite.
Your modem library of choice should provide several mechanisms for doing the pure data transfer that you are asking about. Choose the one that fits your data best.