For one of my latest projects, I needed to capture certain TCP packets coming from a certain IP address and port. This is called a packet sniffer.

Luckily, a complete Windows packet capture library already exists: WinPcap (based on the libpcap Unix API). This is a popular library used by many well known packet capture applications, such as Wireshark. The documentation for WinPcap is decent, but IMHO there aren’t that many C++ examples of simple Windows packet sniffers (let alone examples in C++/CLI…). So I wrote a TCP packet sniffer in C++/CLI myself, using the UDP sniffer tutorial as a reference. The result is a small Windows application I called SimpleCap.

SimpleCap v0.1 can currently capture TCP packets from either all sources, or from a specific IP address and port. Not quite the next Wireshark, but the goal was only to show how I implemented a TCP packet sniffer in Visual C++. I hope I succeeded. If there are any problems, please let me know (either in the comment section or via the contact page).

Click here to download the SimpleCap v0.1 source files.

When starting your own packet capture project in Visual C++, don’t forget to:

• Include all WinPcap header files
• Add the following dependencies to your project: Ws2_32.lib (Winsock library) and wpcap.lib (WinPcap library).
  Do this by opening project properties -> Linker -> Input -> Additional Dependencies: Ws2_32.lib wpcap.lib
• Set the /clr option (Common Language Runtime Support) on via project properties -> General -> CLR support