Can anyone give me a hint how to sniff all the data that is being sent from Zone Agent to Zone Server and vice-versa?
Data sniffing
Can anyone give me a hint how to sniff all the data that is being sent from Zone Agent to Zone Server and vice-versa?
[url=http://www.wireshark.org/]Wireshark
or you can intercept winsock functions and do yourself.
So if I use 'Socket.Bind' method of C# with Zone Server's IP and port can I get all data?
If you are running on a local machine wireshark it can not trace local packets, for such purpose you may try Local Network Monitor by ntkernel
no, socket.bind won't work. And yes you have to put one of the servers (ZA,ZS) inside a vm for wireshark to capture packets.
You will have to hijack winsock functions by e.g. injecting a dll and redirect sending/receiving functions to your dll which will then log the packet buffer.
Will try this software bit later. Right now building my own sniffer in C# which sniffs from a particular TCP/UDP port.Originally Posted by onyourrisk
Inject a DLL and hook the Winsock functions to read the data.
Download winject (search google) and try injecting this dll in your za process.
Start LS,LA etc. when communication starts it will create a file c:\zalog.txt like this:
Close ZA and study fileCode:03:44:30 PM: ZoneAgent -> 127.0.0.1:2429 (Length: 52 bytes) 0 1 2 3 4 5 6 7 8 9 A B C D E F -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 0000 20 01 41 11 00 00 73 26 b1 c0 0a 00 00 00 00 00 .A...s&........ 0010 00 00 01 ff 20 01 71 1d 00 01 04 8d f6 1b 16 00 .... .q......... 0020 00 00 00 00 00 00 01 f0 00 00 00 00 b8 9c fc 4d ...............M 0030 00 00 00 00 .... 03:44:35 PM: ZoneAgent -> 127.0.0.1:2429 (Length: 32 bytes) 0 1 2 3 4 5 6 7 8 9 A B C D E F -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 0000 2d 01 71 1d 00 02 01 9a e5 e6 16 00 00 00 00 00 -.q............. 0010 00 00 01 f0 01 00 00 00 42 b0 fc 4d 00 00 00 00
Thanks a lot :)Download winject (search google) and try injecting this dll in your za process.
Start LS,LA etc. when communication starts it will create a file c:\zalog.txt like this:
Close ZA and study fileCode:03:44:30 PM: ZoneAgent -> 127.0.0.1:2429 (Length: 52 bytes) 0 1 2 3 4 5 6 7 8 9 A B C D E F -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 0000 20 01 41 11 00 00 73 26 b1 c0 0a 00 00 00 00 00 .A...s&........ 0010 00 00 01 ff 20 01 71 1d 00 01 04 8d f6 1b 16 00 .... .q......... 0020 00 00 00 00 00 00 01 f0 00 00 00 00 b8 9c fc 4d ...............M 0030 00 00 00 00 .... 03:44:35 PM: ZoneAgent -> 127.0.0.1:2429 (Length: 32 bytes) 0 1 2 3 4 5 6 7 8 9 A B C D E F -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 0000 2d 01 71 1d 00 02 01 9a e5 e6 16 00 00 00 00 00 -.q............. 0010 00 00 01 f0 01 00 00 00 42 b0 fc 4d 00 00 00 00
