TCP/IP & Packet Sniffer?

[Limpster]

I just recently finished a book on TCP/IP and I was wondering if theres a tool out there for windows that could read TCP packets and UDP packets and break them down and tell me the contents like flags, header info, types, raw data, and such. Im guessing this would be a apcket sniffer but I didnt know if there is one for windows with functions such as these.

Also is there a tool to stop a TCP packet from sending ACK back to acknowledge the data as been recived, change the data in the headers and such, then send it back on its way? Sorry if I sound incompentent but this is my first time dealing with TCP/IP and protocols. Any help would be appricated.

P.S. If you know any other online books or tuts that are a bit more advanced on TCP/IP or related topics please tell me. Thanks. Oh and I have cygwin if that helps for linux command line programs.

[HTRegz]

Hey Hey,

As far as packet sniffing goes, you're gonna wanna get http://www.ethereal.com/ .


To stop an ACK and send back a packet, I'm sure you could block the incoming packets with a firewall, and then use a packet builder to generate similar packets. Although someone else will be able to explain this better.


As far as books, check out anything out there. There is tons of good information. Learn the TCP Model and the OSI Model and how they relate. Stuff like that.

[Showtime8000]

Here are some alternatives to ethereal:

Sniffit by Brecht Claerhout -- http://reptile.rug.ac.be/~coder/sniffit/sniffit.html

tcpdump by Steve McCanne -- http://www-nrg.ee.lbl.gov

snort -- http://www.snort.org

Dsniff -- http://www.monkey.org/~dugsong/dsniff/

[seabass55]

Another great alternative is ettercap. Great for arp poisening and sniffing of switched networks. And you don't need X to run it. Runs in CLI

[tampabay420]

yeah seabass55, i like the ettercap GUI

if you like wiriting you're own applications, i'd suggest download the pcap development lib(s)...
http://www.tcpdump.org/

[Juridian]

tcpdump is great, but he asked for a windows solution. Go grap the winpcap libraries and windump. That is a great one to get your feet wet.

Snort would be a good one to play with too because once you get your feet wet with sniffing you can also tinker with it's ids capabilities.

[tampabay420]

tcpdump is great, but he asked for a windows solution. Go grap the winpcap libraries and windump. That is a great one to get your feet we

the win32 port of tcpdump can be found at tcpdump.org as well as the winpcap lib.
http://www.tcpdump.org/wpcap.html

[bukuren]

I'm a newer,you are great ,thanks.

[Limpster]

Hey thanks for all the help. I was kinda looking into making my own in VB. I still need more knowledge in C/C++ to make it in that though. Thanks for your help though!

[tampabay420]

in VB... maybe not. but here is a nice class you can use with VB...
http://starkoff.hypermart.net/Files/nmfce114.zip

NMF Community Edition is a collection of COM classes for monitoring network traffic and decoding network protocols. All framework classes can be used from Microsoft C++, Visual Basic and VBScript programming environments.