I need to write a program (preferably C/C++) that identifies running processes that connect to the internet, together with the domain name/URL they are trying to access.
( in case the process accesses a domain name, e.g. google.com, I need to be able to identify that domain name, not the resolved IP).
The program needs to run on Windows XP, Vista, 7.
From what I have studied, winpcap cannot identify the process.
I have searched stackoverflow on similar topics, but no satisfactory answer found...
Google for tools like tcpdump , tcptrace , tcpsplit , libpCap , wireShark. And you will be able to look at their source code about how to capture on going TCP/IP flows and analyse them
You can use Detours to hook the DNS, this is a project example: CodeProject and heres the Detours Page
Related
First post on this forum,
I work on an offline network with a lot of computers on an active directory. I would like to automatically update Windows on all of them. I found WSUS offline but it only works on a single computer. I also found WSUS Server but from what I understood, it needs to be connected to another WSUS machine with Internet (which is not possible for me).
What I wish to do is a mix between them: being able to download updates on a computer, transfer them manually to a WSUS Server, and change the windows update source through GPO to my WSUS Server.
I've found other software like batchpatch or autopatcher but none of them could do that.
Does anyone know if it is possible ?
Yes, you can configure a WSUS server to operate offline, check the MS documentation regarding this:
https://learn.microsoft.com/de-de/security-updates/windowsupdateservices/18127442
Hope this help
The status says - connected.
In windows 10 I have list of configured internet connections, how I can get that list and connect to or disconnect from one of them programmatically with C++?
I suggest you to take a look at https://www.codeproject.com/articles/574446/using-network-list-manager-cplusplus
I hope this will help you also I provide you full project source I learned from it.
We are developing win-mac file sync installer which is quite similar to Dropbox. The installer is built with c++ and QT. We had a use case, where if the internet is disconnected(plugged out network cable (or) not connected to any wifi) so basically no access to web, During this case we need to make the installer into offline.
I tried few approaches like polling continuously to our web servers. If we are not able to reach then we detect as internet dis-connectivity. Due to some reasons we wanted to have clean native implementation which will look for machines network connectivity.
I even tried http://msdn.microsoft.com/en-us/library/aa965303%28VS.85%29.aspx for windows but this is failing in wifi cases even though we don't connect to wifi this example is saying "Network connected".
Can anyone suggest other alternatives. Platform specific solutions also invited.
You probably want to look at INetworkManager::GetConnectivity, and check for NLM_CONNECTIVITY_IPV4_INTERNET or NLM_CONNECTIVITY_IPV6_INTERNET in the response.
in previous question i try to get all valid ip addresses in a subnet , so i use for loop , but after i try it , i find that my code takes more that 2 minutes to find an all ip addresses in a sub net , and in some cases it's take more than 5 minutes!
My code is writing in C++ under Mac OS ;
but in windows , to do the same thing you only write net view/all command , and it print all ip addresses in a subnet in a moment !
and in MAC os you can use Bonjour service to do such job .
how these techniques work like this speed (Net view /all and Bonjour service ) ?
is there any way to do this job very fast like this ?
if not please tell me if is it there is APi to use Bonjour service directly into my code (C++) in mac os?
EDIT:
i found new idea
i found on apple develop some api called Bonjour API , my be it's help ,but how i can use it i c++ , because i know that mac use opbjectiv-c .
bonjour
net view /all is working on Windows networking level, not on IP level. It will only list machines with Windows networking and name resolution enabled. If you have computers that are not running Windows (or samba) they won't be listed. The same with printers, routers etc.
With IPv4 the best way is to extract the list of IP addresses in the current subnet by examining the IP address and netmask of your computer. Then force an ARP lookup to be done of each IP address. The ARP lookup will always work if the unit is present on the network, even if it is completely locked down (no ports open, not answering to ping).
With IPv6 you are essentially out of luck. The number of available IP addresses in a single subnet (18 446 744 073 709 551 616) is so wast that an exhaustive search is impossible.
You should work asynchronously. You need a function that issues a communication request but returns immediately like IcmpSendEcho2. You will have to create an array of completion events for each call. Each event handle is passed to one IcmpSendEcho2 call.
After that you call WaitForMultipleObjects waiting for ALL events set.
My objective is to have an event that is triggered when a website is accessed.
Now, maybe through the window title, or the text in the window. Or maybe even reading a URL.
As of now I am aware of FindWindow (class,title);
However all attempts to put this line of code into a loop and it's exit condition being when the window appears have been fruitless.
Any assistance would be very helpful.
That's not possible. At least if I understood you correctly.
You want to register a callback when ANY software on your machine accesses a specific website?
Just imagine a browser uses SSL, there is no way to detect this by listening to the traffic or something similar.
However, if you want to be notified about all connections to a specific IP, then you could use sniffing mechanisms of your kernel or even redirect all traffic to this IP to a proxy you have set up with iptables or similar.
Windows has a sniffing library called WinPCap, on linux you could use tcpdump.
Though, more information about your problem would be nice.
Looking for window titles can be a bit problematic. I don't know how much control you have over the desktop, but you might consider building an addon for Firefox (or the equivalent in IE) to look for this particular site.
https://developer.mozilla.org/En/Extensions/Firefox
You might also consider building a simple local proxy server (depending on what you are doing) that looks for this site and performs some action. You would have to make sure all the browsers on the machine point to this local proxy to get it working correctly. See the link below for some discussion on a custom proxy server:
How to create a simple proxy in C#?