sniffer

winsock sniffer 1.0 limited number of frames 1.1 added : socket event oriented 1.2 added : get datas beyond ip header (port src/dest) added : button clean 1.21 added : choose interface 1.22 added : filter (len, ip, proto) 1.23 added : capture analyse 1.25 fixed : minor bugs added :filter ports 1.29 detailed infos (protocol & transport) added : parsing at the application level: -137/udp (question only), -138/udp (type 10,11,12 only), -139/tcp (request only), -1433/tcp (login only). 1.30 added : replay frame added : tcp spoof (with checksum) added : icmp echo spoof (with checksum) added : udp spoof (with checksum) 1.31 fixed : tcp syn,ack+syn,rst in tcp spoof added : application filter 1.34 added : icmp redirect spoof added : decode sql (tds 7) added : decode base 64 1.35 added : save/load standard cap file 1.36 added : resolve ip 1.37 added : filtre DNS added : filtre MSN added : filtre HTTP fixed: dont crash anymore when sniffing too many packets at a time (dont processmessages) added : rawsocket object created added : no more decode nor dump during capture decode filter functions prototype changed 1.38 added : decoder will check the ip checksum and give the correct one if uncorrect added : ip traffic monitor fixed : push flag=0 and no data caused crashes sometimes... 1.39 filter screen redesigned 1.40 changed : ioctlssocket instead of wsaIOCtlSocket fixed : buffer for send function up to 64k added : auto scroll list option added : refresh list option added : process priority fixed : in filter screen (stringlist no more set to nil...) 1.41 added : sql decoder now decodes queries added : filters and decoders can be set in config.ini 1.42 added : decode edonkey verbs (port 4662) added : icmp decode type 3 and 5 1.43 fixed : one bug in winpcap mode : last 14 bytes were missing... added : tsplitter control added : toolbar in main window fixed : in statistics more than 10 ip's would crash the app... added : adapters stats (icmp,tcp,udp) added : adapters stats graph (proto distribution) added : ip length filter added : copy,print,save in all stats graph added : selection in decoder window will match selection in hexa window fixed : bug in decoding http data length fixed : sequence number & id in decoding icmp (ntohs) added : decode icmp type 4,11,12,18 added : code description for icmp type 3 todo : icmp 17 spoof added : auto expand for decoder todo : fix bug with udp within icmp added : resolve src/dest ip in listview 1.44 added : tcp scanner 1.45 added : network adpaters added : interface cards modifed : network stats modified (ip,tcp,udp,icmp in one screen) fixed : horizontal splitter added : iphlpapi dynamic linked on init 1.46 added : layer 2 (winpcap) or layer 3 (raw socket) capture added : winpcap api dynamic link added : arp frames decode (ip src & ip dest) added : pppoe frames (ip withing ppoe) added : sending packet in layer 2 mode added : ping tool added : winpcap drivers installed automatically added : support for w9x, NT4, w2k, xp, w2k3 v1.47 (feb. 2004) fixed : selection in decoder window in snoop mode added : sendarp (iphlpapi) fixed : send arp reply spoof (winpcap) added : arp entries added : network params changed : stats form redesigned added : copy ip/mac in arp entries form changed : arp spoof form redesigned added : resolve hostname added : getmac, getlocalip, getlocalhostname todo : getgateway v1.48 added : firewall layer 3 (iphlpapi) added : copy all to clipboard from main listview todo : arp delete todo : change display in L2 changed : load and save all frames: time loaded and saved as well. added : read cap file and capture has same decode routine added : decode ftp v1.49 added : mode promiscuous true/false added : icmp net mask request (type 17) added : icmp timestamp request (type 13) added : decode time in icmp 13/14 added : systray + systray menu added : delete arp entry added : arp spoof request & promisc node detect v1.50 added : tcp client added : whois client v1.51 fixed : winpcap no more loaded on startup but on 1st use fixed : 'winpcap files set to system dir' when winpcap files are installed added : win32error exception for pcap loadlibray error or else generic exception todo : custom exception... added : decode sslv3 content type & handshake type added : decode sslv3 handshake protocol added : netstat, with process name for xp & above added : F1 will minimize to tray v1.52 added : treeview display faster added : kill process in netstat added : kill tcp entry in netstat added : set NIC up/down in interface cards added : ping subnet (multi threaded & resolve) added : firewall now support null address added : tcp spoof : listen to traffic added : monitor trafic now can use all cards v1.53 added : dns query (api not dynamically linked yet) added : wins query todo : check reported len (loaded frame <> replayed frame...) added : tcp scan range added : udp netbios name service spoof added : find dhcp servers (with so_broadcast) added : so_broadcast supported in tcp/udp/icmp spoof added : so_broadcast supported in wins query added : decode bootp changed : udp ports are no more created on startup todo : ping subnet crash randomly... todo : qos v1.54 added : tcp reset attack changed : dnsapi.dll dynamically linked on demand (should work again on nt4/9x) todo : on 9x / nt4, warning about raw socket not working added : save,copy,print on network monitor fixed : maximize screen works again (align mode pb...) v1.55 added : winsock protocols added : test bandwidth todo : set ipforwarding on/off with SetIpStatistics fixed : bad division in adapter stats added : mac to ip added : processmessages in mac to ip v1.56 added : winsock hooking added : ws2_32_hook.dll for winsock 2 hooking added : wsock32_hook.dll for winsock 1 hooking added : forwarding on/off changed : icmp.dll dynamically loaded on demand changed : ws2_32.dll dynamically loaded on init (winsock 2.2) todo : remove hard links to wsock32.dll (winsock 1.1) added : get internet ip added : save/load filters in firewall added : save to file in netstat form added : save to file in adapters form added : save to file in network interface cards form added : save to file in route print form added : save to file in arp entries form added : tracert redesigned + save to file added : hostname / ip in ping host form added : hostname / ip in tracert form added : hostname / ip in tcp scan host form v1.57 added : http proxy in whois form added : http proxy in tcp client form todo : dhcp ack added : wake up call added : delete route entry added : add route entry added : modify route metric todo : fix listprocesses-ports added : proto in config.ini is now used for appli filters added : display ebcdic (ascii by default) v1.58 added : resolve all ip protocols (in main listview) added : tcpip parameters added : show ip protocols added : show ethernet protocols todo : ipv6 support added : resolve all ethernet protocol (in decoder panel) changed : udp/tcp ports no longer shown in listview in ethernet mode changed : ethernet protocol number shown in listview in ethernet mode todo : fixed parseip and decode proto //added : tcp/udp port is resolve to service name in decode view added : services file included in package : copy in %systemroot%\system32\drivers\etc added : GetAdapterNames (winpcap) displays error message if failed added : change network adapter mac address (w2k and up) added : save to file in decoder view added : save to clipboard in decoder view added : decode PPPoe frames in ethernet mode added : show mac address vendor codes v1.59 fixed : ports by processes, now works fully on xp/w2k3 (iphlpapi)- nt4/w2k (native api) added : quick search in mac vendor codes added : enter key in