I'm on Win7 and Qt and I need to track local network interfaces. The problem is - some of them don't have IP layer but I want to know if they are connected or not.
I've tried
QNetworkInterface::allInterfaces() from Qt
and
GetInterfaceInfo() from iphlpapi.h
But both work only for interfaces with IP assigned. Duh.
I've also tried
pcap library
But pcap_if_t has no fields to track connection status, only MAC and others.
I feel stuck between two layers and don't know how to handle this.
I suppose there is a way with WMI query but it seems to be an overkill.
I found out that internal interface status can be checked with the Win32 GetIfTable() function.
This example helped me a lot.
Related
I'm writing a program that uses winpcap to capture some specific network traffic that is sent out by our switches.
However, wireless devices will never receive those packet so I'm trying to figure out how to determine if a network adapter is wireless or wired (so that I can then skip capturing on the wireless adapters altogether).
My first thought is to check the medium of the interface chosen (currently chosen based on the IP address of that adapter - the logic is that if it has an IP address, it is connected). The problem is, is that pcap_datalink() will return DLT_EN10MB, whether its wired or wireless.
The next thought was to try pcap_can_set_rfmon(), which should tell me if the device cannot be set to monitoring mode (and therefore if it is or isn't wired). However, I seem to get a 2019 linking error when I try to use this, which seems to be supposedly to do with the function not being supported on Windows without Airpcap?
I don't really see what else to try but it would be great if someone had any pointers. I'm wondering how difficult and convoluted it would end up becoming if I had to start using NDIS to determine what each adapter on a system is and then match that up to the device names used by WinPCap.. surely this is something I could keep in-house with lib/WinPCap?
Thanks!
I have a solution of sorts, just for Windows systems.
For an adapter that I want to select, based on the network it is connected to, I can compare the IP address associated with that adapter with each of the IP addresses in objects generated by GetAdaptersInfo. If they match, then I can see whether or not the "Type" on that same object is ethernet.
if ((pAdapterInfo->Type == MIB_IF_TYPE_ETHERNET) && (WINVER > _WIN32_WINNT_WS03))
{
}
I also check the Windows version; since it is only from Vista (Winver 6+) onwards that IF_TYPE_IEEE80211 is returned in the adapter is wireless.
It doesn't use WinPCap, but then again I'm not sure its possible to. Since I already am using these Windows libraries elsewhere, I figured that this is a platform-specific compromise I'll make. Hopefully that helps someone else one day!
(I Use Ubuntu)
I'm looking for some pointers for writing a firewall program which denies every port/ip at first and creates rules by asking you whenever a program wants to access the internet, much like the discontinued product Kaspersky Anti Hacker for Windows. I especially want to use it on web browsing. So if my web browser wants to access stackoverflow.com the program should ask me if it should make a connection to stackoverflow.com's ip address, or when torrent client wants to connect a peer It should ask to either allow that port or allow that ip/port only.
I have used gufw but I have to know the port/ip before adding the rules so it isn't as I want it to be. I'm also trying to stay out of Firestarter since the last release was in 2005. So I have decided to write my own.
I just need some pointers on this subject. It can be a terminal command to see the connections I make with other computers, or a way to prompt before making connections, an open source project that sounds like this, or a c++ library/shell program that I can use to write a program for this... Any lead at all would suffice.
If you could point me in the right direction, I would appreciate it.
PS. I am familiar with c++ and shell and php but that's irrelevant.
Hmm, you seem to be interested in Windows only. If so, you might wish to look at Windows Layered Socket Providers (LSP) infrastructure.
In short, you can write DLL, which would be automatically loaded into any application that uses Winsock. This DLL can intercept calls to any Winsock function like connect(), send() and etc. When such call is intercepted you can show user some window asking if he wish to connect to this address.
So, this can be used to build such firewall application you are thinking of.
There should be a lot of documentation on how to create LSP's on Microsoft site, but i remember especially nice example by Komodia company - http://www.komodia.com/lsp/lsp-sample.
My main goal is to create an advanced program for manipulating the packets that route within my network via the router. Let my program have total control over the router. Set the download/upload speeds to my inputs, apply the effect to certain devices within in my network. Block upload or download traffic. Set second delay for either the upload or download speed. Specify % of loss packets, and the list goes on.
The problem is that I don't know where to start. I know most languages at the very most basic level. I'd like to create this program in either C, C++ or C# but I don't know yet. What else do I need to know before creating this program? Winsock or something? Winpcap APIs?
This goal is my motivation to learn programming to the extreme, and I'm really looking forward to it.
Thanks in advance!
Hmmm I guess you would want to look at pcap(?):
pcap
Check out:
http://beej.us/guide/bgnet/html/multi/index.html
'Beej's Guide to Network Programming
Using Internet Sockets'
All you could possibly need to know about programming sockets for capture and manipulation.
If I were you I'd write it in C, I'm writing a similar project at the moment in C++ and it's hell but too late to stop and start again.
Hope that helps.
Bear in mind that you either need a router that you can re-program or you need to use your PC as a router to do this.
Either way you want to look into how IPTABLES are implemented.
I've never seen Desktop Windows used as a router only Windows Server, though it may still be possible. libpcap is for packet capture, but not interception as I understand it. Programs like Wireshark use it to monitor copies of packets, but not to modify them. If you want to attempt this, my impression has been that there is a lot more documentation and tools for doing something like this with NetFilter/IPTables on Linux. You can even install something like OpenWRT on a compatible router and get a small, cheap Linux router, though having Desktop Linux will probably help for development. The NetFilter QUEUE library can be used with some IPTables firewall rules to redirects specific (or all) packets to a regular user program. That program can then read the packet and modify it or even request it to be dropped.
http://www.netfilter.org/projects/libnetfilter_queue/
If you want to manipulate network traffic on a Windows machine (as you mentioned), you will need some extra software. This operating system wont give you the full control over itself, which is fine for some reasons.
I think what you want to do, should be done with either winpcap or win10pcap if you are using Win10. These packages contains a windows driver and the libpcap user space library.
I'm playing around with retrieving the MAC address from the NIC - there are a variety of ways to get it, this article covers the most common:
http://www.codeguru.com/Cpp/I-N/network/networkinformation/article.php/c5451
I'm currently using the GetAdaptersInfo method, which seems the most bulletproof, but if the MAC address has been set via the registry:
http://www.mydigitallife.info/2008/06/30/how-to-change-or-spoof-mac-address-in-windows-xp-vista-server-20032008-mac-os-x-unix-and-linux/
Then it reports the MAC address that it has been changed to. The only way I've found to actually get the true MAC is to remove the registry entry, restart the NIC, get the MAC via GetAdaptersInfo, then replace the registry entry, and restart the NIC. While it gets the job done, it's hardly transparent to the user.
Is there any other methods that anyone is familiar with, that will return the hardware MAC regardless of what the registry is set to? Ideally I'd like a solution that works on XP on up.
Thanks in advance!
My guess is that in the linked CodeGuru article, the Miniport solution is likely to overcome the problem you describe, albeit painful to implement. The reason I think this is that I have used the GetAdaptersInfo solution myself in the past, and noticed that the MAC address will change without reboot when an adapter is added, e.g. a Bluetooth adapter providing PAN services.
Perhaps rather than rebooting after changing the registry setting, you could try stopping and restarting the relevent network services. You could easily check this manually prior to looking for a programmatic solution.
(n.b. the above is all guess work. If you try it and it works, perhaps add a post for those trying to do the same in future).
Parse the output of ipconfig /all
You can use WMI to enumerate the Win32_NetworkAdapter instances and look at the MACAddress property. The main issue with this technique is finding the appropriate adapter instance if you have multiple active adapters installed, e.g. on a laptop which also has a wireless connection.
I need to do a number of network-related things in C++ that I would normally do with ifconfig in Linux, but I'd like to do it without parsing the output of a group of system calls. Which C or C++ libraries can I use to tell if a network adapter is up or down, read or change an adapter's IP address and netmask, and change the default DNS gateway?
Basically you need to make a bunch of ioctl calls using a socket handle (SIOCGIFADDR, SIOCADDRT). You can find sample programs that use it in the Linux kernel source under Documentation/networking. Some other links that might be helpful:
Network Interface operations on AIX
XBMC's implementation (check out CNetworkInterfaceLinux)
EDIT: Let me also add that if your target is desktop linux, then you can consider using the DBUS API to query network parameters using the NetworkManager.
http://people.redhat.com/dcbw/NetworkManager/NetworkManager DBUS API.txt (sorry there's some issue inserting links in edits)
You can always look at ifconfig's source code to see how they did it in the first place: http://archive.ubuntu.com/ubuntu/pool/main/n/net-tools/net-tools_1.60.orig.tar.gz
The NetworkManager service exposes an API over dbus for querying/manipulating the networking on many distributions these days. This may be too high-level for your purposes (e.g. you require finer control of the network, or dbus/NetworkManager are not available on the system...), but it may provide you with what you need.
Check out the dbus C++ bindings and the NetworkManager API (sorry, I can't find a better formatted version right now, but the information is there).