Reputation: 192
Monitoring TCP traffic that contains specific strings in C#
Recently one of my machines was infected with malware using IRC to communicate back to it's command and control center.
This just sparked interest within me to see if there was a program I could create in C# that is capable of monitoring traffic over TCP that contains strings such as PONG / NICK / USER (strings the irc rfc needs to communicate), and then can tell me the process that that traffic is coming from.
It would be an interesting learning experience for me, and it's something that I want to attempt.
I've done some research and I found something that did make use of WinPcap but i think I'd like to avoid a solution using pcap if possible, can anyone send any suggestions my way?
I know I may be able to view connections between my computer and other hosts using System.Net.NetworkInformation.TcpConnectionInformation and possibly IPGlobalProperties but I'm not sure if there is anyway I can view the information in realtime, or easily trace it back to a process on my PC.
Thank you.
Upvotes: 2
Views: 1019
Answers (1)
Reputation: 54148
This is going to be hard. The API you need is native, Windows Filtering Platform (WFP). According to Microsoft, this is not accessible from C#, you would have to wrap it in C++/CLI first.
See here and here for discussion. The second thread has some 'could be useful' stuff for you.
Upvotes: 2
Related Questions
- C# - Capturing Network Traffic
- Comparing a string received via TCP against another string
- Tcp raw packets
- How to capture TCP packets in C#
- C# How to handle TCP packets/segments
- Monitor tcp data
- How to monitor outgoing HTTP connections in .NET?
- read sniffing data over tcp
- How can i monitor syslog messages in c# console app with TCP
- Filter TCP Packets in C#