COmpact Framework Network Sniffing

[Graville]

Hi All,

I am having a problem writing a a simpe IP packet sniffer for Windows
Mobile 5. I have taken a simple piece of code that works fine on the
standard framework but when I run under CF 2.0 I get compilation
errors in relation to the IOControlCode enum which the compact
framework does not recognise. I get an error "The name 'IOControlCode'
does not exist in the current context" I'm assuming raw socket
capturing is supported in CF 2.0. Does anyone know what the enum value
should be as CF expects an int but i tried the int -1744830463 which i
found on the MSDN website but this fails.

//For sniffing the socket to capture the packets has to be a raw
socket, with the
//address family being of type internetwork, and protocol being IP
mainSocket = new Socket(AddressFamily.InterNetwork,
SocketType.Raw, ProtocolType.IP);

//Bind the socket to the selected IP address
mainSocket.Bind(new IPEndPoint(IPAddress.Parse(cmbInterfaces.Text),
0));

//Set the socket options
mainSocket.SetSocketOption(SocketOptionLevel.IP, //Applies
only to IP packets
SocketOptionName.HeaderIncluded, //
Set the include the header
true); //
option to true

byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4];

//Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
mainSocket.IOControl(IOControlCode.ReceiveAll, //THIS LINE
FAILS
byTrue,
byOut);

//Start receiving the packets asynchronously
mainSocket.BeginReceive(byteData, 0, byteData.Length,
SocketFlags.None,
new AsyncCallback(OnReceive), null);


Hope you can help,

Dave Hanson

 

[Paul G. Tobey [eMVP]]

You aren't going to be able to do that. At most, you'll be able to display
the UI with a Compact Framework application. You'll have to completely
rewrite the actual sniffing code to work with the Windows CE network stack
and that's very likely to involve writing an intermediate driver (native
code) to capture the packets and forward them, via a point-to-point message
queue, maybe, to the waiting UI program.

Paul T.

 

[Graville]

You aren't going to be able to do that. At most, you'll be able to display
the UI with a Compact Framework application. You'll have to completely
rewrite the actual sniffing code to work with the Windows CE network stack
and that's very likely to involve writing an intermediate driver (native
code) to capture the packets and forward them, via a point-to-point message
queue, maybe, to the waiting UI program.

Paul T.

Hi All,

I am having a problem writing a a simpe IP packet sniffer for Windows
Mobile 5. I have taken a simple piece of code that works fine on the
standard framework but when I run under CF 2.0 I get compilation
errors in relation to the IOControlCode enum which the compact
framework does not recognise. I get an error "The name 'IOControlCode'
does not exist in the current context" I'm assuming raw socket
capturing is supported in CF 2.0. Does anyone know what the enum value
should be as CF expects an int but i tried the int -1744830463 which i
found on the MSDN website but this fails.

//For sniffing the socket to capture the packets has to be a raw
socket, with the
//address family being of type internetwork, and protocol being IP
mainSocket = new Socket(AddressFamily.InterNetwork,
SocketType.Raw, ProtocolType.IP);

//Bind the socket to the selected IP address
mainSocket.Bind(new IPEndPoint(IPAddress.Parse(cmbInterfaces.Text),
0));

//Set the socket options
mainSocket.SetSocketOption(SocketOptionLevel.IP, //Applies
only to IP packets
SocketOptionName.HeaderIncluded, //
Set the include the header
true); //
option to true

byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4];

//Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
mainSocket.IOControl(IOControlCode.ReceiveAll, //THIS LINE
FAILS
byTrue,
byOut);

//Start receiving the packets asynchronously
mainSocket.BeginReceive(byteData, 0, byteData.Length,
SocketFlags.None,
new AsyncCallback(OnReceive), null);

Hope you can help,

Dave Hanson- Hide quoted text -

- Show quoted text -

Paul,

Thanks for this but I am confused as I thought reading from a raw
socket was supported in .NET CF 2.0. All the functions are there and
intellisence understands them? Why would the API's be available if
they had not been implemented?

Dave

 

[Graville]

You aren't going to be able to do that. At most, you'll be able to display
the UI with a Compact Framework application. You'll have to completely
rewrite the actual sniffing code to work with the Windows CE network stack
and that's very likely to involve writing an intermediate driver (native
code) to capture the packets and forward them, via a point-to-point message
queue, maybe, to the waiting UI program.

Paul T.

news:[email protected]...

Hi All,
I am having a problem writing a a simpe IP packet sniffer for Windows
Mobile 5. I have taken a simple piece of code that works fine on the
standard framework but when I run under CF 2.0 I get compilation
errors in relation to the IOControlCode enum which the compact
framework does not recognise. I get an error "The name 'IOControlCode'
does not exist in the current context" I'm assuming raw socket
capturing is supported in CF 2.0. Does anyone know what the enum value
should be as CF expects an int but i tried the int -1744830463 which i
found on the MSDN website but this fails.
//For sniffing the socket to capture the packets has to be a raw
socket, with the
//address family being of type internetwork, and protocol being IP
mainSocket = new Socket(AddressFamily.InterNetwork,
SocketType.Raw, ProtocolType.IP);
//Bind the socket to the selected IP address
mainSocket.Bind(new IPEndPoint(IPAddress.Parse(cmbInterfaces.Text),
0));
//Set the socket options
mainSocket.SetSocketOption(SocketOptionLevel.IP, //Applies
only to IP packets
SocketOptionName.HeaderIncluded, //
Set the include the header
true); //
option to true
byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4];
//Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
mainSocket.IOControl(IOControlCode.ReceiveAll, //THIS LINE
FAILS
byTrue,
byOut);
//Start receiving the packets asynchronously
mainSocket.BeginReceive(byteData, 0, byteData.Length,
SocketFlags.None,
new AsyncCallback(OnReceive), null);
Hope you can help,
Dave Hanson- Hide quoted text -

- Show quoted text -

Paul,

Thanks for this but I am confused as I thought reading from a raw
socket was supported in .NET CF 2.0. All the functions are there and
intellisence understands them? Why would the API's be available if
they had not been implemented?

Dave- Hide quoted text -

- Show quoted text -

So can anyone help me on this? Just came back to this post and thought
it would have an answer by now! :-(

Dave

 

[Paul G. Tobey [eMVP]]

I think there's just nothing more. The OS doesn't support doing what you
want to do, so what the framework allows is irrelevant. I've given you the
basics of what you'll have to do to capture packets (driver/application
combination).

Paul T.

You aren't going to be able to do that. At most, you'll be able to
display
the UI with a Compact Framework application. You'll have to completely
rewrite the actual sniffing code to work with the Windows CE network
stack
and that's very likely to involve writing an intermediate driver
(native
code) to capture the packets and forward them, via a point-to-point
message
queue, maybe, to the waiting UI program.

Paul T.

Hi All,

I am having a problem writing a a simpe IP packet sniffer for Windows
Mobile 5. I have taken a simple piece of code that works fine on the
standard framework but when I run under CF 2.0 I get compilation
errors in relation to the IOControlCode enum which the compact
framework does not recognise. I get an error "The name
'IOControlCode'
does not exist in the current context" I'm assuming raw socket
capturing is supported in CF 2.0. Does anyone know what the enum
value
should be as CF expects an int but i tried the int -1744830463 which
i
found on the MSDN website but this fails.

//For sniffing the socket to capture the packets has to be a raw
socket, with the
//address family being of type internetwork, and protocol being IP
mainSocket = new Socket(AddressFamily.InterNetwork,
SocketType.Raw, ProtocolType.IP);

//Bind the socket to the selected IP address
mainSocket.Bind(new IPEndPoint(IPAddress.Parse(cmbInterfaces.Text),
0));

//Set the socket options
mainSocket.SetSocketOption(SocketOptionLevel.IP, //Applies
only to IP packets
SocketOptionName.HeaderIncluded, //
Set the include the header
true); //
option to true

byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4];

//Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
mainSocket.IOControl(IOControlCode.ReceiveAll, //THIS LINE
FAILS
byTrue,
byOut);

//Start receiving the packets asynchronously
mainSocket.BeginReceive(byteData, 0, byteData.Length,
SocketFlags.None,
new AsyncCallback(OnReceive), null);

Hope you can help,

Dave Hanson- Hide quoted text -

- Show quoted text -

Paul,

Thanks for this but I am confused as I thought reading from a raw
socket was supported in .NET CF 2.0. All the functions are there and
intellisence understands them? Why would the API's be available if
they had not been implemented?

Dave- Hide quoted text -

- Show quoted text -

So can anyone help me on this? Just came back to this post and thought
it would have an answer by now! :-(

Dave

 

[Graville]

I think there's just nothing more. The OS doesn't support doing what you
want to do, so what the framework allows is irrelevant. I've given you the
basics of what you'll have to do to capture packets (driver/application
combination).

Paul T.

On 22 Mar, 15:52, "Paul G. Tobey [eMVP]" <p space tobey no spam AT no
instrument no spam DOT com> wrote:
You aren't going to be able to do that. At most, you'll be able to
display
the UI with a Compact Framework application. You'll have to completely
rewrite the actual sniffing code to work with the Windows CE network
stack
and that's very likely to involve writing an intermediate driver
(native
code) to capture the packets and forward them, via a point-to-point
message
queue, maybe, to the waiting UI program.
Paul T.

Hi All,
I am having a problem writing a a simpe IP packet sniffer for Windows
Mobile 5. I have taken a simple piece of code that works fine on the
standard framework but when I run under CF 2.0 I get compilation
errors in relation to the IOControlCode enum which the compact
framework does not recognise. I get an error "The name
'IOControlCode'
does not exist in the current context" I'm assuming raw socket
capturing is supported in CF 2.0. Does anyone know what the enum
value
should be as CF expects an int but i tried the int -1744830463 which
i
found on the MSDN website but this fails.
//For sniffing the socket to capture the packets has to be a raw
socket, with the
//address family being of type internetwork, and protocol being IP
mainSocket = new Socket(AddressFamily.InterNetwork,
SocketType.Raw, ProtocolType.IP);
//Bind the socket to the selected IP address
mainSocket.Bind(new IPEndPoint(IPAddress.Parse(cmbInterfaces.Text),
0));
//Set the socket options
mainSocket.SetSocketOption(SocketOptionLevel.IP, //Applies
only to IP packets
SocketOptionName.HeaderIncluded, //
Set the include the header
true); //
option to true
byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4];
//Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
mainSocket.IOControl(IOControlCode.ReceiveAll, //THIS LINE
FAILS
byTrue,
byOut);
//Start receiving the packets asynchronously
mainSocket.BeginReceive(byteData, 0, byteData.Length,
SocketFlags.None,
new AsyncCallback(OnReceive), null);
Hope you can help,
Dave Hanson- Hide quoted text -
- Show quoted text -
Paul,
Thanks for this but I am confused as I thought reading from a raw
socket was supported in .NET CF 2.0. All the functions are there and
intellisence understands them? Why would the API's be available if
they had not been implemented?
Dave- Hide quoted text -
- Show quoted text -

So can anyone help me on this? Just came back to this post and thought
it would have an answer by now! :-(

Dave- Hide quoted text -

- Show quoted text -

Fair enough

Time to dig out the manuals and refresh myself with C. :-(

 

[Paul G. Tobey [eMVP]]

In particular, look at the NetLog documentation for Windows CE. There's a
DLL which is provided to OEMs in source form by Microsoft. This DLL can be
set up to receive network logging information. The default code writes the
data to a file in the same format as NetLog on the desktop, so you can use
the desktop tools to review the data. I've fooled around with modifying it
to send the packets that it sees via a point-to-point message queue to a
client application which could parse and display the packets, if desired,
but it's just a few modifications of the MS source, at this point and I
don't expect it to go further.

If you don't have Platform Builder, you can download an evaluation copy of
CE6 from www.microsoft.com/embedded and find it there, I think; it's been
around a while.

Paul T.

I think there's just nothing more. The OS doesn't support doing what you
want to do, so what the framework allows is irrelevant. I've given you
the
basics of what you'll have to do to capture packets (driver/application
combination).

Paul T.

On 22 Mar, 17:40, (e-mail address removed) wrote:
On 22 Mar, 15:52, "Paul G. Tobey [eMVP]" <p space tobey no spam AT no
instrument no spam DOT com> wrote:

You aren't going to be able to do that. At most, you'll be able to
display
the UI with a Compact Framework application. You'll have to
completely
rewrite the actual sniffing code to work with the Windows CE network
stack
and that's very likely to involve writing an intermediate driver
(native
code) to capture the packets and forward them, via a point-to-point
message
queue, maybe, to the waiting UI program.

Paul T.

Hi All,

I am having a problem writing a a simpe IP packet sniffer for
Windows
Mobile 5. I have taken a simple piece of code that works fine on
the
standard framework but when I run under CF 2.0 I get compilation
errors in relation to the IOControlCode enum which the compact
framework does not recognise. I get an error "The name
'IOControlCode'
does not exist in the current context" I'm assuming raw socket
capturing is supported in CF 2.0. Does anyone know what the enum
value
should be as CF expects an int but i tried the int -1744830463
which
i
found on the MSDN website but this fails.

//For sniffing the socket to capture the packets has to be a raw
socket, with the
//address family being of type internetwork, and protocol being IP
mainSocket = new Socket(AddressFamily.InterNetwork,
SocketType.Raw, ProtocolType.IP);

//Bind the socket to the selected IP address
mainSocket.Bind(new
IPEndPoint(IPAddress.Parse(cmbInterfaces.Text),
0));

//Set the socket options
mainSocket.SetSocketOption(SocketOptionLevel.IP,
//Applies
only to IP packets
SocketOptionName.HeaderIncluded,
//
Set the include the header
true);
//
option to true

byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4];

//Socket.IOControl is analogous to the WSAIoctl method of Winsock
2
mainSocket.IOControl(IOControlCode.ReceiveAll, //THIS LINE
FAILS
byTrue,
byOut);

//Start receiving the packets asynchronously
mainSocket.BeginReceive(byteData, 0, byteData.Length,
SocketFlags.None,
new AsyncCallback(OnReceive), null);

Hope you can help,

Dave Hanson- Hide quoted text -

- Show quoted text -

Thanks for this but I am confused as I thought reading from a raw
socket was supported in .NET CF 2.0. All the functions are there and
intellisence understands them? Why would the API's be available if
they had not been implemented?

Dave- Hide quoted text -

- Show quoted text -

So can anyone help me on this? Just came back to this post and thought
it would have an answer by now! :-(

Dave- Hide quoted text -

- Show quoted text -

Fair enough

Time to dig out the manuals and refresh myself with C. :-(