C# How would I intercept all packets and find out the IPs through hooking?

Question

Actually I have three questions:

1- According to Nazar Grynko answer, Is it only intercepting the three functions(send , recv,and connect) will help me to anticipate all the packet in my machine?

2- If I hooked the three functions, How to get an IntPtr which points to a sockaddr structure from a P/Invoked native function?

3- Send, and recv are not having sockaddr, so how to figure out the addresses?

Thank you in advance.

Answer 1

1. The functions you described are a part of the POSIX standard. This means that when you use these functions on Windows, you're actually calling a wrapper that eventually translates to a system call . You can send packets without the use of this function (eg, by using the Windows API).

2. See answer number one. This won't help you. You'd also have to provide a hook for all processes.

3. The functions you describe use a file descriptor which is a POSIX construct, and are user-mode simulated on other systems.

To inspect your traffic you must use a driver that will do it for you. You might want to look at Pcap.Net which is a C# project aimed exactly at your problem, and provides the driver and API necessary.