I feel that if you want to develop a Sniffer before you even think about coding you will have to gain a good conceptual understanding of how the lower levels of the Systems work, and at what level you wish to intercept the traffic I.E. after the NDIS Before IP etc.

You don’t need to have the NIC in promiscuous mode to sniff packets, however I would recommend getting hold of an open source analyzer and having a play. I believe there are some out there.

The next problem is what are you going to do with the packets once you have captured them, are you going to decode the protocols and so on.

What you are proposing in not a straightforward task and there are many very capable analyzers available.

Regards,



Steve.