I could not log in to my account for quite a long time, so that's why it took me so long to answer.
Here are the answers to your questions:
Quote:
|
- Do you have general admin access?
|
Sure. But I wanted to design my tool so it works without administrator rights. That seems to be impossibile though...
Quote:
|
- Are you interested in the packets' data or in the packets themself?
|
I want to access the packets content.
Quote:
|
- How will the program you're capturing data from access the network?
|
WinSocks.
Quote:
|
- Will the program run at Ring-3 or Ring-0?
|
It's a normal usermode-application.
Quote:
|
- Will the data be encrypted?
|
No, just unencrypted TCP-data.
Quote:
|
- How much traffic do you expect to be captured?
|
Very little.
Quote:
|
- What transport and communication protocol will be used?
|
Only TCP.
In the meantime I tried a network sniffer based on raw sockets and filtered out just the traffic of the target application. Anyway, the CPU-load of this sniffer is quite high when there are other applications which produce network traffic (a 250 kb/s download makes a 3-4% CPU load in the sniffer tool).
Installing a driver for the sniffing application is NOT an option, so WinPCap can't be used.
Any other ideas of howto get the traffic besides from raw sockets?
How about some winsock-tricks?