locked
how to capture packets in an app that must be installed as non-admin? RRS feed

  • Question

  • Hi,

    Is it possible to write a Windows app that can capture packets on the PC such that this application can be installed/run as non-admin?  If yes, what would be the approach, e.g. which language, which API/Library to use etc

    I've looked at Network Monitor API's however the issue here is that NM needs to be installed, and this requires "admin" access (to get the driver in place).

    Note what I'm after is to capture/monitor packets to sum frame sizes for all packets of a particular type [e.g. HTTP] going out to a specific set of IPs.

     

    thanks


    Tuesday, July 13, 2010 3:26 AM

Answers

  • All of the supported methods to perform packet inspection require a driver.  Is there a reason you can't elevate for the installation?

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    • Marked as answer by callagga Thursday, July 15, 2010 3:19 AM
    Tuesday, July 13, 2010 6:45 PM
    Moderator

All replies

  • All of the supported methods to perform packet inspection require a driver.  Is there a reason you can't elevate for the installation?

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    • Marked as answer by callagga Thursday, July 15, 2010 3:19 AM
    Tuesday, July 13, 2010 6:45 PM
    Moderator
  • it's more from the point of view of running with a design that didn't hinder that percentage of users that couldn't elevate themselves (i.e. just trying to make it easy as possible in other words) - but it does seem the Windows security model doesn't allow it from what I've found so far - I did note on one site it suggested raw sockets was an alternatives (with some disadvantages) but it required admin access too (c.f. driver approach)
    Tuesday, July 13, 2010 9:02 PM