Skip to content

Latest commit

 

History

History
86 lines (74 loc) · 4.85 KB

README.md

File metadata and controls

86 lines (74 loc) · 4.85 KB

Sniffer

A WinPcap-based network packet sniffer implemented in MFC (Visual C++). This project demonstrates how to:

  1. Select a network adapter (via CAdpDlg).
  2. Set capture filters (via CFilterDlg).
  3. Capture and parse packets (TCP, UDP, ICMP, ARP, DNS, etc.).
  4. Display both a list view (summary) and tree view (detailed protocol layers).
  5. Save the hex dump of captured data to a local file (Record.txt).

Features

  1. Adapter Selection
    • The CAdpDlg dialog enumerates local network interfaces using WinPcap (i.e., pcap_findalldevs_ex) and allows you to select one adapter for subsequent packet capture.
  2. Protocol Filter
    • The CFilterDlg dialog provides checkboxes for TCP, UDP, ARP, ICMP, and DNS. Once filters are chosen, the combined expression is compiled via pcap_compile and applied with pcap_setfilter.
  3. Packet Capture
    • Uses a capture thread (CreateThread) that runs CapturePacket continuously until the user clicks Stop or closes the program.
    • Captures raw Ethernet frames, parses the headers (Ethernet, ARP/IP, TCP/UDP/ICMP, DNS), and displays relevant fields in a list control.
  4. Live Display
    • List View (CListCtrl): Summarizes each packet with time, MACs, IPs, protocol, and length.
    • Tree View (CTreeCtrl): Shows a hierarchical breakdown of each protocol header (Ethernet layer → Network layer → Transport layer → Application layer).
  5. Hex Dump
    • For each selected packet, a formatted hex dump is appended to Record.txt.
    • Additionally, the raw bytes for the selected packet appear in the text edit control (IDC_EDIT1).
  6. MFC
    • Standard MFC dialogs, controls, resource files, and a main application class CSnifferApp.

Building & Requirements

  1. Prerequisites
    • Visual Studio (the project is in .vcxproj and .sln format).
    • WinPcap or Npcap SDK installed (headers + libraries in IncludePath and LibraryPath). The .vcxproj references WpdPack_4_1_2\WpdPack paths—adjust these to your local WinPcap/Npcap path.
  2. Clone & Open
    • Clone or download the repository.
    • Open Sniffer.sln in Visual Studio.
  3. Configuration
    • The solution supports Debug and Release configurations for Win32 and x64.
    • Ensure your IncludePath and LibraryPath point to the correct WinPcap/Npcap installation. Check the .vcxproj to update if needed.
  4. Build
    • Right-click the project → Build.
    • If the compilation is successful, you get an EXE (e.g., Debug\Sniffer.exe).

How to Use

  1. Start the Application
    • Run the generated Sniffer.exe.
  2. Select Adapter
    • Go to MenuAdp.
    • In the CAdpDlg dialog, choose the network interface you want to capture from. Click OK to bind.
  3. Set Filter (optional)
    • Go to MenuFilter.
    • Check or uncheck protocols (TCP, UDP, ARP, ICMP, DNS) and click OK.
    • This sets up a BPF (Berkeley Packet Filter) expression behind the scenes.
  4. Start Capture
    • Go to MenuStart.
    • A worker thread begins capturing packets. Newly captured packets appear in the list view with summarized info.
  5. Stop Capture
    • Go to MenuStop.
    • The capture thread stops.
  6. Inspect Packet Details
    • Click a packet in the list to view a hierarchical breakdown in the tree view (Ethernet → IP → TCP/UDP/ICMP, etc.).
    • The edit box shows the raw bytes (hex dump).
    • The project also appends this hex dump to the text file Record.txt for your reference.

Project Structure

  • Sniffer.sln / Sniffer.vcxproj The main solution and project files for Visual Studio.
  • Sniffer.cpp / SnifferDlg.cpp MFC application entry point and the main dialog that handles capturing logic.
  • CAdpDlg.cpp Dialog for listing/choosing local network adapters.
  • CFilterDlg.cpp Dialog for filtering packets by protocols (TCP/UDP/ICMP/ARP/DNS).
  • head.h Contains protocol header structures (Ethernet, IP, TCP, UDP, ARP, ICMP, DNS).
  • Record.txt The output file where hex dumps are appended each time you click on a captured packet.

Notes & Tips

  • If you have Npcap instead of WinPcap, check that pcap_findalldevs_ex and related calls are still valid. In many cases, Npcap is backward compatible, but be mindful of the installation path.
  • By default, the project is set to promiscuous mode to capture all traffic passing the chosen adapter.
  • The hex dump logic in ShowPacketList() appends data to Record.txt at runtime. This is a simplistic approach; watch out for concurrency issues if you adapt it for multi-threaded usage.
  • The filter expression is compiled with pcap_compile(...); an empty or invalid filter results in capturing all packets. Ensure your BPF expression is valid if you rely on advanced filters.