Capturing Another Application's Network Traffic

[aldente]

I could not log in to my account for quite a long time, so that's why it took me so long to answer.

Here are the answers to your questions:

Quote:

- Do you have general admin access?

Sure. But I wanted to design my tool so it works without administrator rights. That seems to be impossibile though...

Quote:

- Are you interested in the packets' data or in the packets themself?

I want to access the packets content.

Quote:

- How will the program you're capturing data from access the network?

WinSocks.

Quote:

- Will the program run at Ring-3 or Ring-0?

It's a normal usermode-application.

Quote:

- Will the data be encrypted?

No, just unencrypted TCP-data.

Quote:

- How much traffic do you expect to be captured?

Very little.

Quote:

- What transport and communication protocol will be used?

Only TCP.


In the meantime I tried a network sniffer based on raw sockets and filtered out just the traffic of the target application. Anyway, the CPU-load of this sniffer is quite high when there are other applications which produce network traffic (a 250 kb/s download makes a 3-4% CPU load in the sniffer tool).
Installing a driver for the sniffing application is NOT an option, so WinPCap can't be used.

Any other ideas of howto get the traffic besides from raw sockets?
How about some winsock-tricks?