Actually I have three questions:
1- According to Nazar Grynko answer, Is it only intercepting the three functions(send , recv,and connect) will help me to anticipate all the packet in my machine?
2- If I hooked the three functions, How to get an IntPtr which points to a sockaddr structure from a P/Invoked native function?
3- Send, and recv are not having sockaddr, so how to figure out the addresses?
Thank you in advance.
The functions you described are a part of the POSIX
standard. This means that when you use these functions on Windows, you're actually calling a wrapper that eventually translates to a system call . You can send packets without the use of this function (eg, by using the Windows API).
See answer number one. This won't help you. You'd also have to provide a hook for all processes.
The functions you describe use a file descriptor which is a POSIX
construct, and are user-mode simulated on other systems.
To inspect your traffic you must use a driver that will do it for you. You might want to look at Pcap.Net which is a C# project aimed exactly at your problem, and provides the driver and API necessary.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.