Ethereal-dev: Re: [Ethereal-dev] Ethereal for Visual Basic

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 8 Oct 2001 10:13:31 -0700
On Mon, Oct 08, 2001 at 04:22:43PM +0000, Fiach Reid wrote:
>      This is my first posting to ethereal, so be nice (please).
> What I'm looking to do is to create a simple re-useable component
> that I can plug into my existing Visual Basic applications which
> will fire events (call backs) whenever a network packet appears on
> the phone line.

If all you want is an event whenever a network packet appears, you don't
necessarily need all of Ethereal; the core part of Ethereal does packet
dissection, the same way Network Associates Sniffers, Microsoft Network
Monitor, and so on do.

The library that Ethereal uses to capture packets is called libpcap on
UNIX, and WinPcap on Windows (WinPcap is a port of libpcap to Win32
OSes, plus a driver that adds to various Windows OSes the ability for a
user-mode program to capture packets, and a library that provides an
interface to those drivers).  The WinPcap Web site is at

	http://netgroup-serv.polito.it/winpcap/

and has a FAQ at

	http://netgroup-serv.polito.it/winpcap/misc/faq.htm

which has an entry that says

	Q-8: Can I use WinPcap with Visual Basic?

	A: We don't support Visual Basic and we are not able to provide
	help on this subject because we don't know enough about this
	language.  BeeSync has developed an ActiveX control that
	integrates winpcap packet capture functionality with Visual
	Basic or any other programming environment supporting Microsoft
	ActiveX technology.  You can find it at
	http://www.beesync.com/products.html.

so, with WinPcap and their PacketX control, you could, presumably, write
a Visual Basic program that can capture packets from a network
interface.

Given, however, that you said "phone line", you're presumably capturing
on a PPP connection on a modem; if so, then note that *another* entry in
the WinPcap FAQ says:

	Q-4: Can I use WinPcap on a PPP connection?

	A: We have tested WinPcap on PPP connections under Windows 95,
	Windows 98 and Windows ME.  In Windows 95, due to a bug in NDIS,
	WinPcap sometimes resets the PPP connection.  In Windows 98/ME
	this bug appears to be corrected, and WinPcap seems to work
	properly.  Under Windows NT and Windows 2000 there are problems
	with the binding process, that prevents a protocol driver from
	working properly on the WAN adapter.

so capturing on your modem line is likely not to work very well at all
on Windows NT or 2000, and it may also have problems on Windows 95.

>      As I believe, much of ethereal's functionality is encapsulated
> in a dll?,

*Some* of Ethereal's functionality is encapsulated in various libraries
that are DLLs on Windows.

Not much of it is, however; the packet capturing functionality is in the
WinPcap DLLs, and the ability to read saved capture files is in the
Wiretap DLL, which is part of Ethereal - note, however, that we do *NOT*
guarantee that the Wiretap DLL's programming or binary interface will
not change in future Ethereal releases, and note also that it requires
(as does Ethereal) the GLib library.

The ability to analyze the contents of packets, however, is *not*
encapsulated in a DLL.