WinAsm Studio, The Assembly IDE - Free Downloads, Source Code
Sponsors
Articles
Programming Quick Start
32-bit Assembler is Easy
Porting Iczelion tutorials
What is FASM
What is FASM G
Hard Drive Recovery
Wiring your own LAN
Personal menu
Welcome Guest
User:
Pass:
Register!
Resend Validation Email
 
Forum
Pages (2) [1] 2   ( Go to first unread post )

Packet Sniffing, Using a good packet sniffer to capture network port data

SeaFarer
Quote Post


Extremely Active Member
******

Group: Members
Posts: 1753
Member No.: 1464
Joined: 2-September 05


Sponsored Links
Hi.

Should we be calling this sub-forum Internet & Networking? No matter... I know this is the place for this post. ;)

Background

Last year ragdog and I were talking about coding a status dialog for our ADSL Modem/Routers.

Well... I hit a road block on the project until I could find a good packet sniffer to help determine what is being POSTed to the router through HTTP when you want to load the status and settings pages.

Likewise I wanted to use the same technique to turn the router's Internet gateway on or off without the need to use a browser to run the router's built-in www.engine for changing its internal settings. ( Man the old Hayes AT Modem command days were so much easier for programmers, now the opposite is true! :D )

The main purpose of this idea was to increase the speed/access times and eliminate a lot of redundancy when updating the router settings.

Now if we took this a step further and groomed this into an LAN admin tool, it would be very easy to add some network activity logging with regard to the Internet gateway on the ADSL Modem + 10M/100M Router.

After experimenting from a proof of concept angle. This has some security bennefits and drawbacks.

• The only drawback would be stored credentials/passwords for router autentification and admining. Unless you want to be prompted for a password versus storing one for automation purposes?

• The main benefit seems to be no browser history on the local machine of accessing the router. Handy if your accessing the router accross the LAN or web and want to avoid such things from a different computer.


Ragdog did offer some advice for different packet sniffers and similar browser type plug-ins, but I could never get them to work on this retirement home PC. :P

Foreground

As of this morning I found a great utility at Nir's place! Its called SmartSniff. :tup

This packet sniffer will work for Win7 systems backwards to Win95. WinPcap required for 9x systems

You can visit the download page here...

www.nirsoft.net/utils/smsniff.html

The site also features many other great tools.

Finally a tool that works! Keeping me from having to learn PHP/JAVA/HTML for now while staying focused with Assembler. ;)

And thanks to XeS for helping too! )(
PM
Top
XeS
Quote Post


Extremely Active Member
******

Group: Members
Posts: 253
Member No.: 15879
Joined: 3-December 08


QUOTE
Ragdog did offer some advice for different packet sniffers and similar browser type plug-ins, but I could never get them to work on this retirement home PC.

Great firefox addons for analysing HTTP/HTML/JS/....
-Live HTTP headers
-Firebug
-Web developer
-Firecookie
-Leetkey

To share network traffic dumps you should use something like TCPDump/WinDump. Because wireshark users can open such files and see a lot more information regarding the connection and the traffic. If you need more information you should try to get ethereal running. It's really great in comparism with smartsniff. And i'm sure it works with win98/ME.

With this link you can access all releases of ethereal:
http://www.ethereal.com/distribution/win32/all-versions/

With this link you can access all releases of wireshark:
http://www.wireshark.org/download/win32/all-versions/
1.2.5 is the last stable release! (2009-12-27)

Referencing supported plattforms from wireshark doc
QUOTE

Windows 95, 98 and ME are no longer supported. The "old technology" releases of Windows lack memory protection (specifically VirutalProtect) which we use to improve program safety and security. The last known version to work was Ethereal 0.99.0 (which includes WinPcap 3.1). You can get it from http://ethereal.com/download.html. According to this bug report, you may need to install Ethereal 0.10.0 on some systems. Microsoft retired support for Windows 98 and ME in 2006.


Best regards,

XeS
PMEmail PosterUsers WebsiteICQ
Top
SeaFarer
Quote Post


Extremely Active Member
******

Group: Members
Posts: 1753
Member No.: 1464
Joined: 2-September 05


Hi XeS. ;)

Thanks for sharing this great information!

While working the project some more, I discovered this link for SDK's from Netgear...

Netgear GPL open source SDK's for Programmers

If the link does not work in the future, try Google Search: "Netgear SDK"

Although I have no real need for the SDK for my router, the download did include all the built-in www.engine files. ( Html, java, css, etc.)

Great reference for the project. Plus there are some web pages in the router I was not aware of! ;)

I'll drop back into this thread again soon! )(
PM
Top
SeaFarer
Quote Post


Extremely Active Member
******

Group: Members
Posts: 1753
Member No.: 1464
Joined: 2-September 05


Hi... Just some follow-up here. :D

I've managed to get a dialog working that will fetch status information and allow toggling on or off, the internet gateway on this router by software vs. webware.

Do not get overly excited though. :huh:

The status information is not formatted & displayed yet, and I need to work on the authentification aspect of negotiating with the router.

Despite authenticating credentials, it works perfectly thus far. Virtually instant control of the router via stand alone PE versus a browser. It's so great not to have to load the settings web pages anymore! :)

The last consideration will be some logging abilities.


Currently the only delay is when recieving headers & content back from the router after issuing a POST command with a custom script. This seems normal and is nominal by comparison to using a browser. ( its a failrly good size control string anyway, over 375bytes )


Now after some experimentation over the last two days to see how communication with the router works, I have discovered that its built-in www.engine based configuration is pretty flexible with what you can send it with the POST method.

For example...

Here is a packet of the HttpRequest sent out with the new router control as seen with SmartSniff.

CODE
POST /setup.cgi HTTP/1.0
Referer: http://192.168.0.1/router_controls.htm
Accept: application/router.control.script
Content-Type: application/x-www-form-urlencoded
User-Agent: Sea Systems - Router Status/Control - (c)2009.
Host: 192.168.0.1
Content-Length: < size >

< - content - >

Naturally the size and content vary depending on the script data and its size.


Oh... one nice thing about this header versus one sent from the browser, is size!

The text you see for the header above is now only about 1/3 compared to the OEM browser based headers, which has a lot of extra junk that really has no effect for this intended application. Particularly the "Accepted Types" header entry.

Our new format is also easier to read and a bit more descriptive. A nice feature of a custom control. Do you not agree?

With this method of controlling the router another great bennefit is saving a lot of redundant disk activity!

No more cached browser files from router web setup or downloading them to disk, period! Unless desired. Plus it can be run from anywhere on the LAN without leaving tracks everywhere to cleanup.


Now that I can communicate effectively with the router, have learned about http headers, and reviewed the router SDK, I see some powerful flexiblity for customizing its engine.

Like adding new features, removing ones that never get used, and customizing the web interface. Although I probably will not be taking advantage of this since I'll need to learn more about php/java/html, something I really have little interest in presently, it is nice to know its there if needed later on.

Besides... this control almost has all the added features I've wanted for a while now without the need of such things. :D

Another possible bennefit when the time comes to add some logging features to this control, is that saving of logs locally can be added. The router lacks a built-in feature to save logs locally to a file, only send to email and/or syslog servers. :(


In summary...

This type of project really has a lot of possibilities, especially from an automation standpoint. Not to mention the same techniques should work with other routers & switches that have this type of setup mechinism.


Regards! )(


@XeS...

Thanks again for taking the time to explain some technical matters & share an example in MASM. btw - I like your style compared to the ICQ example from last year. :tup


@Shoorick...

What say you? Is this in the category of BorgWare or GarbageWare? :lol: :P :lol:


@Anyone...

And does anyone have a link for the 2001 PSDK, or even the inet98.chm, or inet.chm file? I need better, readable, off-line help files.
PM
Top
XeS
Quote Post


Extremely Active Member
******

Group: Members
Posts: 253
Member No.: 15879
Joined: 3-December 08


QUOTE

@XeS...

Thanks again for taking the time to explain some technical matters & share an example in MASM. btw - I like your style compared to the ICQ example from last year.

Thanks. No problem at all.

I post the procedure for sending a http request so everyone can benefit of it.

The whole source code is attached at the bottom of the post.
QUOTE

SendHTTPRequest Proc lpBuffer:DWORD,dwBufferSize:DWORD,lpszHost:DWORD,lpszURI:DWORD,lpszHeader:DWORD,
lpszPOSTHeader:DWORD
local hInternet:DWORD, hConnect:DWORD, hRequest:DWORD
local nBytes:DWORD
local lpLocBuff:DWORD

invoke InternetOpen,addr UserAgentName,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0
mov hInternet,eax
invoke InternetConnect,hInternet,lpszHost,INTERNET_DEFAULT_HTTP_PORT,NULL,NULL,INTERNET
_SERVICE_HTTP,0,0
mov hConnect,eax
mov eax,lpszPOSTHeader
cmp eax,NULL
jz @F
  invoke HttpOpenRequest,hConnect,addr C_POST,lpszURI,NULL,NULL,NULL,NULL,0
  jmp next
@@:
  invoke HttpOpenRequest,hConnect,addr C_GET,lpszURI,addr vHTTP,NULL,NULL,INTERNET_FLAG_RELOAD or INTERNET_FLAG_NO_CACHE_WRITE or INTERNET_FLAG_NO_AUTO_REDIRECT,0
next:
mov hRequest,eax
invoke lstrlen,lpszPOSTHeader
invoke HttpSendRequest,hRequest,lpszHeader,-1,lpszPOSTHeader,eax
mov nBytes,0
@@:
invoke InternetReadFile,hRequest,addr lpLocBuff,4,addr nBytes
mov edx,lpBuffer
mov ecx,lpLocBuff
mov [edx],ecx
add lpBuffer,4
cmp nBytes,0
jz @F
cmp eax,TRUE
jz @B
@@:
invoke InternetCloseHandle,hRequest
invoke InternetCloseHandle,hConnect
invoke InternetCloseHandle,hInternet
mov eax,nBytes
ret
SendHTTPRequest endp

It's only a quick written example. Be aware that it doesn't really contain any error handling!

Another thing you have to know about the "wininet.dll" is that it doesn't support chunk encoding. This means that the server can start sending his response before he know's the fixed size of it. You can do a workaround with "HTTP/1.0" if you pass NULL for "lpszVersion" but that would be ignored if you have internet explorer 5.1 or higher installed.

How to do it anyway:
QUOTE

For typical connections:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
"EnableHttp1_1"=dword:00000001 (default for HTTP/1.1 enabled)
"EnableHttp1_1"=dword:00000000 (for HTTP/1.0 enabled)
For proxy connections:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
"ProxyHttp1.1"=dword:00000000 (default for HTTP/1.1 disabled through proxy)
"ProxyHttp1.1"=dword:00000001 (for HTTP/1.1 enabled through proxy)


source: Microsoft support

But be aware that this workaround would take affect to all applications which are using the wininet.dll!!!!

)(

Best regards,

XeS

@Edit:
Damn... forgot the source code
:coder

Attached File ( Number of downloads: 68 )
 Login or Register to download
PMEmail PosterUsers WebsiteICQ
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Pages (2) [1] 2  Reply to this topicStart new topicStart Poll

 

Sponsors
Computer Science

Internet
C/C++
Hardware & PC maintenance

HiEditor

General Discussions
Suggestions/Bug Reports
WinAsm Studio

General Discussions
Suggestions/Bug Reports
WinAsm Studio FAQ
Multilingual User Interface
Add-Ins
Assembly Programming

Main
Newbies
Projects
Custom Controls
Snippets
Announcements & Rules

Announcements

General

Online Degrees - Distance Learning
The Heap
Russian
Google