Hello Everyone,

I have been tasked to write a TCP sniffer that can run off the command line and can be tuned to view/dissect specific TCP messages sent between a client and server. I know there are such tools out there that will sniff the packets for me (e.g. wireshark) but we need something that doesn't need to be installed onto a system.

I chose to use Qt to write the program. As I have progressed through this I began wondering if Qt has a way for me to sniff TCP messages from a specific port without actually pulling the data off the port so that the actual consumer can consume the data it needs - I just want to display what has been sent. Do you know if the QTcpSocket::readData/readAll functions and the like will actually clear the port of any data or will it allow the specific consumer to still access the data?

Hopefully this is clear!

Thanks,

Keith

Wireshark has a portable version that does not require installation on Windows (it does require admin rights, as would your own tool). You could probably make a portable linux version that bundles some of the libraries or build a statically linked version. http://portablelinuxapps.org/ and https://www.wireshark.org/#download

You need to open a raw network interface in promiscuous mode so that all traffic that interface sees can be read (udp, tcp, icmp, whatever). Qt does not expose anything that will do that for you. Alternate approaches depend strongly on what traffic you need to capture and what control you have over the target app/machine.

You might also want to look at pcap https://en.wikipedia.org/wiki/Pcap

Cheers,
_