2. NSIS Discussion
  3. nsis and packet sniffing

Archive: nsis and packet sniffing


grahama
3rd August 2005 17:36 UTC

nsis and packet sniffing
This is slightly OT...so forgiveness in advance
;
Is there a preinstalled Windows app/dll that can sniff packets?
;
I would like to listen for any communication coming from port 8181 TCP and parse the packet into commands to control a nsis app running in the background.
;
I can use netstat to get the request but have been unable to read the packet.
;
so, if I have another application that is sending a url to:
http://127.0.0.1:8181?cmd=quit
I would like to parse 'cmd=quit' out of the request and send it along to nsis.
;
is this possible with a Win2k,XP preinstalled dll/app ?
;
many thanks :)
g

onad
4th August 2005 18:30 UTC

>Is there a preinstalled Windows app/dll that can sniff packets?

No, not in a way you can get to the data easily. Offcouse you can create a Pacsniff plugin for NSIS, but that is not what you asked ;)

Better do not use sniffing, no need. You can connect to a browser session via DDE (Not easy via NSIS sytem calls), if this data comes from within the browser. You als can install a hooking driver for http traffic, basicly "sniffing" yes :-).

Better think of what you really want to achieve, most of the time longer tinking of wish gives a beter sollution proposal. Success.

grahama
4th August 2005 20:38 UTC

Hi Onad :)
My app is executing from the desktop...not in a browser.
Due to the 'limited' nature of the app platform, the only way I can communicate to the outside world is by sending http/ftp requests with GET/POST variables:( This is great when communicating with a remote server, and not so good when trying to communicate with another local app...like a nsis app running in the background. I am using NSIS to extend my app beyond its own capabilties. So far, the pairing of the two has been quite successful.
;
Worst case scenario:
Both the background Nsis app and my main app are both communicating with a remote php/mysql setup.
I could have my main app change a variable in my php/mysql server and have NSIS query the same database every couple of seconds. My fear is that this will cause way too much server overhead with a lot of needless querying.
;
Second worst cases scenario:
I can have my app send a http/ftp request to a specific port, like 8181. Netstat captures this kind of request quite well.
;
netstat -p TCP
Proto Local Address Foreign Address State
TCP virtualpc:1587 virtualpc:8181 SYN_SENT
;
My guess is that NSIS could control netstat and perform commands when certain port communication is detected. For example, port 8181 = quit, 8182 = some command. Better yet, wonder if I can detect the app the original request came from....to prevent unexpected behavior
;
Best case scenario would be for NSIS and my app to do some kind of socket communication. I do not believe the app platform is capable of this either :(
;
Packet sniffing seems to be a 'middle ground' bad solution...
;
I wish I were well versed in plugin creation. As, I have just started down this road, I think designing a plugin of this type would be a bit beyond my level. In 6 months, Yes!
;
In your opinion, would controlling nestat to listen for Specific ports be the best way ? For example, if there is a request sent down port 8181, then do something ? Or, is there a much better idea lurking out there ?
;
many thanks:)
g

grahama
5th August 2005 17:43 UTC

I got this response from quicktime api mailing list:
Based on the below info, does NSIS have a pre-existing http server component plugin? Or, should I include one ,like Indy, within the NSIS exe, and then launch it ? This looks like the best solution :)
;
"what you need is use an HTTP Server component (for example the opensouce Indy framework if you were using Delphi) and at the HTTP Server (that listens to the port you wish), just grab the URL of the request and get the params that are encoded on it. Then reply with any data you wish
for C, you can use the Curl (portable) library I think for such stuff (don't confuse it with the Curl language/environment)"
;
anyone had any experience integrating http server components into NSIS ?
;
many thanks
g

Fork me on GitHub