C# Sniff Packets from another computer on the same Network

StackOverflow https://stackoverflow.com/questions/18604046

Question

I've looked around at various C# Packet Sniffing tutorials and have built one that can parse packets sent to and from my computer. This is awesome, but I haven't found anything that relates to intercepting packets from another computer (obviously on the same network), e.g. from a different computer to a router.

Am I correct in thinking that any packets sent by a computer are visible to, not only the router, but any other computers on the same network? If this is the case, does that not mean that intercepting these packets is something we can do in C#?

To those who are desperately copying and pasting links to Wireshark etc. I appreciate your time but this is more of a learning experience for me, so I'd like answers relevant to C# if possible!

In summary, how can I intercept packets in C# that don't concern my computer? E.g. From my laptop to my router?

Was it helpful?

Solution

Assuming you're in an ethernet switched network rather than something funky like a token ring: Even the great Wireshark is limited in what it is able to see because it runs in the same confines as what you're trying to build - its host PC.

Unfortunately, your PC can only see the packets that hit its network interface. This means that in a layer 3 routed network you're unlikely to see any packets that aren't intended for you, unless of course your PC is the router.

You'll need to look into SOCKS5 proxies and the like to achieve the level of network transparency your question infers. While implying a small bit of network and configuration overhead, a proxy will provide you the most visibility into the traffic you're after.

OTHER TIPS

M.Babcock already mentioned in his answer that your computer in a switched network won't see the traffic between two other computer.

Some (managed) switches and routers have the feature to send all traffic to a monitoring port. On this port you can connect your computer and use wireshark/pcap etc. to see the all the traffic that is passing through the switch/router.

Or, if you still have one reachable, put a Hub between Laptop and router and connect your pc to the hub. The Hub will forward all traffic to the other ports, as he doesn't care about the mac addresses.

So this is really not depending on any programming language but only on network management.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top