Short: NetworkSnoop-Aros Author: Marcin Kielesiński Uploader: serk118 gmail com (serk118uk) Type: comm/tcp Version: 0.1 Architecture: i386-aros NetworkSnoop is a patch which purpose is similiar to SnoopDos but it is aimed at tracing bsdsocket.library calls. This is not a program for an ordinary user - it is not going to improve the functionality of TCP/IP stack. NetworkSnoop is for developers who develop tools which use bsdsocket.library. This tool offers them ability to check eg. content of the buffers of such functions as recv(), send(), content of the system's structures which are used by bsdsocket.library. The developers may also like to check if the function receives proper parameteres and what are they. This tool can also be used to monitor "uncertain" software: suspected for spamming, software that sends unwanted information in non-specified web places. -Requirements any AROS x86 based distros Requirements are as follows: -any TCP/IP stack compatible with bsdsocket.library (practically all stacks; bsdsocket.library emulation built into WinUAE also works) -MUI 3.x or newer, -MUI NList class, -any tool that uses bsdsocket.library (to test on something) -How does it work? As already mentioned, NetworkSnoop patches bsdsocket.library functions and exec.library functions (OldOpenLibrary(), OpenLibrary(), CloseLibrary()). The patches are tracing all the calls to the basic API of bsdsocket.library (currently NetworkSnoop traces calls of procedures in offsets table of jumps within the range of -30 and -300). It is a common knowledge that each process that uses bsdsocket.library has to open the library only for its very own purposes - database of the library is connected with the process and can not be shared between other processes. According to this and in contrary to all the others AmigaOS libraries, it is impossible to assemble a single patch for bsdsocket.library as well as simply monitor the calls of this library. It is necessary to assemble patches dynamically into each database of bsdsocket.library which was created by exec.libary/OpenLibrary() calls. Basically it means that NetworkSnoop must be run BEFORE any tool which has to be monitored. -What exactly can I do with NetworkSnoop? You may observe the functions' calls and their parameters (top lister). In the bottom lister there are contents of structures or buffers of functions which assign more complexed parameters. In the second tab you can turn on/off patches, choose the name of the process to trace (by default, NetworkSnoop traces all the process which in any way are connected with bsdsocket.library), turn on/off saving to file information about the buffers of the functions recv()/send() (you can choose between saving to progdir or to the directory of the traced process). Every session is logged and can be saved to a text file. All the changes take place immediately, including saving the preferences. Uploaded using: archives.aros-exec.org