Sample application to read and inspect packets on a network?

Question

I'm looking to write a quick program to read and inspect packets of a certain format and then blacklist ips with a certain style of packet-traffic (packet patterns of an attack against the network). Are there decent samples of reading and inspecting packet flow on a network?

score 1 · Answer 1 · answered Apr 06 '10 at 15:54

1

Instead of writing your own program you might consider using WireShark, which can collect packets and filter data to identify certain patterns.

answered Apr 06 '10 at 15:54

Justin Ethier

131,333
52
229
284

It doesn't seem overly easy to interface with Wireshark though. Since I'd like this to be automated, I'm not sure how feasible that would be.. Maybe I've just never seen that done though. – franz Apr 06 '10 at 15:56

score 0 · Answer 2 · edited May 23 '17 at 11:48

0

There's a related question here:

Which .NET library / wrapper do you recommend for sniffing packets?

Id have to suggest though, implementing software monitoring is almost guaranteed to add a bottleneck to your network, and there are plenty of existing hardware solutions.

edited May 23 '17 at 11:48

Community

1
1

answered Apr 06 '10 at 15:56

Russ Clarke

17,511
4
41
45

score 0 · Answer 3 · answered Apr 06 '10 at 16:00

0

Wireshark, on Windows at least, uses libpcap. You could try that.

Also, if you're using Windows, I know several apps that use the Windows firewall stuff to remove themselves from a blacklist, so going the other way should be possible.

This is a lot easier on Unix... ;-P

answered Apr 06 '10 at 16:00

Nate

484
3
6

This is not Windows specific :) – franz Apr 06 '10 at 16:03

Sample application to read and inspect packets on a network?

3 Answers3