If you’ve ever wondered what kind of data is flowing through your computer’s ethernet cable or Wi-Fi connection, this tutorial is for you!

Before anything else, why we would want to do something like this in the first place. Well, there are a few reasons. For one, it can be useful for troubleshooting network issues if your computer isn’t connecting to a certain website or server, you can use a sniffer to see what kind of packets are being sent and received between your machine and that destination. It can also be helpful for security purposes by monitoring the traffic on your network, you can identify any suspicious activity or potential threats.

Now, let’s get into the details. To build a sniffer using raw sockets in Windows, we need to create a C++ program that listens for incoming packets and displays their contents. Here’s some sample code to get us started:

“`c++
// This script is used to build a sniffer using raw sockets in Windows, which listens for incoming packets and displays their contents.

#include
#include
#pragma comment(lib,”ws2_32″)
using namespace std;

const int BUFSIZE = 1024 * 64; // buffer size for incoming packets
char recvbuf[BUFSIZE]; // buffer to hold received data
int sockfd, bytesread; // socket file descriptor and number of bytes read
struct sockaddr_in serv_addr, cli_addr; // server and client address structures
socklen_t addr_size = sizeof(cli_addr); // size of the client’s address structure

// function to handle errors and print error messages
void err_handler(const char* msg) {
cerr << "Error: " << msg << endl; // corrected syntax for outputting error message closesocket(sockfd); WSACleanup(); exit(1); // terminate the program with a non-zero status code to indicate an error occurred } int main() { // initialize Winsock library and set up socket WORD wVersionRequested = MAKEWORD(2, 2); // version number for WS2_32.dll (IPv4) WSAData data; if (WSAStartup(wVersionRequested, &data) != 0) { err_handler("Failed to initialize Winsock library"); } sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP); // create a raw TCP socket if (sockfd == INVALID_SOCKET) { err_handler("Failed to create raw socket"); } // set up server address structure for binding the socket serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = INADDR_ANY; // listen on all available IP addresses serv_addr.sin_port = htons(1000); // set up a listening port (in this case, 1000) // bind the socket to the server address structure and start listening for incoming packets if (bind(sockfd, (SOCKADDR*)&serv_addr, sizeof(serv_addr)) == SOCKET_ERROR) { err_handler("Failed to bind socket"); } listen(sockfd, 1); // set up the maximum number of pending connections (in this case, 1) while (true) { // accept incoming connection and receive data from client SOCKET new_sock = accept(sockfd, (SOCKADDR*)&cli_addr, &addr_size); if (new_sock == INVALID_SOCKET) { err_handler("Failed to accept incoming connection"); } // read data from client and display it on the console bytesread = recv(new_sock, recvbuf, BUFSIZE, 0); if (bytesread == SOCKET_ERROR) { err_handler("Failed to receive data"); } else if (bytesread > 0) {
cout << "Received packet: "; for (int i = 0; i < bytesread; ++i) { cout << recvbuf[i] << " "; // display each byte of the received packet on a new line } cout << endl; } // close the connection and move on to the next incoming packet closesocket(new_sock); } return 0; } // The script starts by including necessary libraries and defining constants for buffer size and socket information. // The err_handler function is used to handle errors and print error messages. // The main function initializes the Winsock library and sets up the socket. // The server address structure is set up for binding the socket. // The socket is bound and set to listen for incoming packets. // A while loop is used to continuously accept incoming connections and receive data from clients. // The received data is then displayed on the console. // The connection is closed and the loop continues until the program is terminated. ``` Now, let's break down what this code is doing. First, we include the necessary header files (iostream for input/output operations and winsock2.h to use raw sockets) and define some constants and variables that will be used throughout the program. We also create a function called err_handler() which handles errors by printing an error message and terminating the program with a non-zero status code. In the main() function, we initialize Winsock library and set up socket using AF_INET (IPv4) protocol family, SOCK_RAW type of socket, and IPPROTO_TCP as the transport layer protocol. We also create a server address structure for binding the socket to listen on all available IP addresses at port 1000. After setting up the listening socket, we enter an infinite loop that accepts incoming connections from clients and reads data from them using recv(). If any errors occur during this process (such as failed connection or failed reception), we call our err_handler() function to print an error message and terminate the program with a non-zero status code. Finally, if we successfully receive some data from the client, we display it on the console using cout(). And that's it! With this simple network sniffer, you can monitor all of the traffic flowing through your computer's ethernet cable or Wi-Fi connection. Just be careful not to accidentally capture any sensitive information remember, with great power comes great responsibility! Later!