topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday October 16, 2021, 12:12 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - pogue [ switch to compact view ]

Pages: [1]
1
UrlSnooper / Re: I'm guessing this project has been abandoned?
« on: June 24, 2021, 07:16 AM »
I would love to see this updated with winpcap and networking sniffing. The last update was 2017, so I think the Windows 10 version isn't working properly.

2
UrlSnooper / Re: I'm guessing this project has been abandoned?
« on: June 21, 2021, 06:20 PM »
I think npcap might be the way to go.

I tried using npcap but it wouldn't detect it, and when I selected it manually it wouldn't show any packets crossing the network

3
UrlSnooper / I'm guessing this project has been abandoned?
« on: June 20, 2021, 01:10 AM »
I bought this tool back years ago and recently found myself in need of it. But, it won't detect npcap or winpcap even though they're installed. The last update for this was in 2017, so I'm guessing this project has been abandoned and no longer works.

RIP URLSnooper

4
ooh, that's interesting.. and sounds quite promissing.

Can you test it for me and see if it can in fact capture on wireless networks that winpcap cannot?

Well, unfortunately I have one of those network adapters that isn't compatible.  When you turn on monitoring mode it kicks me off the network.  The further documentation said that your adapter had to be compatible with NDIS 6 drivers, and apparently Intel isn't.  But I will try it on an unsecure network and see if I get any different results.

5
I have used URL Snooper in the past, but after discovering that WinPCap doesn't support wireless adapters (for the most part) its become of limited use to me since I am unable to sniff across my wifi connection with it.  However, I recently downloaded some software called NetWitness Investigator which is a freeware packet capture suite for Windows that is a little simpler to use than WireShark.  I was reading through the manual and it had instructions for using the tool on a wireless network.

Netmon Capture Device
The Microsoft Network Monitor (Netmon) is a network analysis tool quite similar to Wireshark. Netmon can be downloaded directly from Microsoft's web site as a standalone application. Microsoft has published the underlying packet capture API that the Netmon application is based on. This means users are free to write their own custom network analysis tools in either C++ or .NET and link against the Netmon library. It is this library, namely NMAPI.dll, that the Netwitness Netmon capture device  uses.

Since Microsoft does not yet permit redistribution of the Netmon DLL, users are required to download the Netmon application directly from Microsoft, install it, then copy the NMAPI.dll from the install directory into the directory [...] This is all that is required to use the Netmon capture device.

Use the nmwifi.exe application that comes with the Microsoft Network Monitor to place the USB wireless device into monitor mode as well as set the desired frequency channel.

Windows versions prior to Vista are limited to NDIS 5, which does not support monitor (RFMON) mode. Therefore, the Netmon capture device does not support these operating systems for the purposes of wireless capture in monitor mode. However, the Netmon Capture Device does support wired capture in the same manner as WinPcap. This means that one can use the Netmon Capture device to capture wired traffic in lieu of installing WinPcap.

Here is a link to the Microsoft Network Monitor software: http://www.microsoft...details.aspx?id=4865

Netmon API info:
http://blogs.technet.com/b/netmon/
http://blogs.technet...ork-monitor-api.aspx

@Mouser: Perhaps you could look into integrating Netmon API structure into future versions of URL Snooper to allow for wireless network adapter support?  I have no coding experience personally, but just thought this was interesting and something I might pass along to you.

pogue

6
UrlSnooper / Re: No network adapters detected!?
« on: October 06, 2010, 07:42 PM »
there are definitely winpcap problems with some wireless adapters -- i think especially intel.  it's unfortunate but i don't know much more.. the winpcap site used to have an archived discussion list somewhere but it's hard to find now and im not sure where it is.

I think I found it

http://www.winpcap.org/misc/faq.htm#Q-16

Windows NT4/2000/XP/2003/Vista/2008/Win7/2008R2: the packet driver works ok on Ethernet networks. As for dial-up adapters and VPN connections, read Q5 and Q6.  As in Win9x,  FDDI, ARCNET, ATM and Token Ring are supported, but not tested by us.
Wireless adapters: these adapters may present problems, because they are not properly supported by the Windows Kernel. Some of them are not detected, other don't support promiscuous mode. In the best case, WinPcap is able to see an Ethernet emulation and not the real transiting packets: this means that the 802.11 frames are transformed into fake Ethernet frames before being captured, and that control frames are not received.

7
UrlSnooper / Re: No network adapters detected!?
« on: October 06, 2010, 07:06 PM »
I'm wondering about the auto detect adapter string, which by default says "Privacy".   Where is this line of text supposed to be coming from?  Google's index page or where exactly?

yes -- it's simply looking to see a specific string in the page it retrieves, in this case the string "Privacy" expected on the google page.  when found it means the page was seen.

first advice: completely forget about automatic network adapter detection -- just turn it off, it serves no value except to save you the trouble of selecting your adapter from the drop down list.

the real problem is your intel wireless adapter may not be supported by winpcap.

Well, I played around with it a bit more and logged into a VPN I use that uses OpenVPN and low and behold URLSnooper was able to sniff traffic through the TAP-Win32 Adapter V9 driver.

Strange that Winpcap wouldn't support my wireless driver, as it's the standard Intel onboard adapter that comes with many laptops.  It's the Intel Wifi Link 1000 BGN.  Here's a screen shot of my device drivers screen with the 2 Microsoft adapters, Intel wifi, ethernet, and TAP-Win32 drivers listed.  URLSnooper just doesn't see the Intel one.

http://img695.images.../networkadapters.jpg

I did upgrade from Winpcap 3.1.1 to 3.1.2 prior to making this post, but I haven't tried updating the wifi adapter's drivers from the vendor/Intel.  Does Winpcap publish a list of adapters they support?  Any other suggestions?

Thanks for the help mouser.

8
UrlSnooper / Re: No network adapters detected!?
« on: October 06, 2010, 06:09 PM »
I'm having a similar problem.  I'm on Win7 x64 using Winpcap 4.1.2 and URLSnooper2 2.28.01.  It won't autodetect my adapter and it's not in the list.  I'm using a wireless adapter (onboard - Intel) and in URLSnooper it has listed Microsoft, Microsoft, TAP-Win32 Adapter V9, and Broadcom Netlink Gigabit Ethernet driver.  Autodetect fails every time.  When I run windump -d I get the following output:

windump: listening on \Device\NPF_{0C2B00A0-B520-4434-AFE1-6AD19B283BAE} (000) ret #96

I tried each of the listed adapters manually and sniffed around but it came back with nothing each time.

I tried running URLSnooper as an admin and in compatibility mode for Vista and XP SP2 with no change.  I'm wondering about the auto detect adapter string, which by default says "Privacy".   Where is this line of text supposed to be coming from?  Google's index page or where exactly?

Is there anything else I could try to manually add my adapter such as the registry keys for URLSnooper or any adjustments for the settings?

Thanks in advance,
pogue

9
UrlSnooper / Re: Most recent version of StreamBox VCR Suite?
« on: August 18, 2007, 02:58 PM »
Thanks tinyvillager, I will check those out.  If anyone else has any other suggestions, keep em coming. 

I'm hoping to compile a list of these types of programs for an article on my blog.  I'm writing a second article in a series on ripping streaming video and I'm going to mention URLSnooper2, as an alternative to the paid program URL Helper (made by the same company who makes HiDownload).  I'm hoping to find a program w/ the functionality of HiDownload that's freeware or open source.

10
UrlSnooper / Most recent version of StreamBox VCR Suite?
« on: August 18, 2007, 05:02 AM »
Hi all,

I was just looking around at the other forum on ezboard and noticed the section about Streambox.  I didn't see much about it, so I did a search and found a link to download StreamBox VCR Suite 2.0 at Afterdawn and Videohelp.  The only thing is that these seem to have been last released in 2003, is that correct or is there an updated version?

I've always used HiDownload to rip streaming video, but I was looking for a freeware program that could rip MMS/RTSP streams.  Are there any alternatives to HiDownload or StreamBox that are freeware or open source and a little more recent?  Thanks for the help,

pogue

Pages: [1]