Catch Flash applications ip transmissions

[Finn Stampe Mikkelsen]

Hi...

Maybe it’s the wrong group, but i’m sort of going on the coding of the matter...

Is there a way for dotnet/c# code to monitor and identify ip packets sent from a flash application running in a browser on a computer...

I have this application running, that i want to simulate. Since i’m not able to get the source-code for the flash app, i thought that if i could monitor and intercept/duplicate the ip-packets sent from the app. to the central server the app is communicating with, i could maybe reproduce them after interpreting them myself...

Does anybody know how this could be accomplished and if so, maybe point me i the right direction or maybe even show me some code...

TIA

/Finn

 

[Arne Vajhøj]

Maybe it’s the wrong group, but i’m sort of going on the coding of the
matter...
Is there a way for dotnet/c# code to monitor and identify ip packets
sent from a flash application running in a browser on a computer...
I have this application running, that i want to simulate. Since i’m not
able to get the source-code for the flash app, i thought that if i could
monitor and intercept/duplicate the ip-packets sent from the app. to the
central server the app is communicating with, i could maybe reproduce
them after interpreting them myself...
Does anybody know how this could be accomplished and if so, maybe point
me i the right direction or maybe even show me some code...

There are plenty of tools that already does that.

One of the most well known is Wireshark.

Unless you have requirements not mentioned here I would go
for that and not try to write a custom app.

If you need to or want to write an app, then for IP
level sniffing I would not use C# but C/C++ (you could
use C# for GUI and C/C++ for the sniffing part).

For HTTP level sniffing C# would be fine.

Arne

 

[Finn Stampe Mikkelsen]

"Arne Vajhøj" skrev i meddelelsen

Maybe it’s the wrong group, but i’m sort of going on the coding of the
matter...

There are plenty of tools that already does that.

One of the most well known is Wireshark.

Unless you have requirements not mentioned here I would go
for that and not try to write a custom app.

If you need to or want to write an app, then for IP
level sniffing I would not use C# but C/C++ (you could
use C# for GUI and C/C++ for the sniffing part).

For HTTP level sniffing C# would be fine.

Arne

Hi Arne...

Been looking at WireShark and i can see it can do something like i want, but there is so much traffic that it becomes very difficult
to sort out what is the flash-app and what is other stuff...

I'm a firm believe in not inventing the deep pan, when other already have done so... But do you know of a way to easily identify
what traffic is comming from the specific flash-app... I have closed all other tabs and all other possible traffic creating code,
but there still seems to be fired way to much traffic to several IP's and i cannot see why the flash-app (in this case a game) when
not is doing anything but waiting for user to interact, should pop-out huge amount of ip traffic and to at least 8 different ip's...

So it would really help, if there were a way to isolate the flash app's ip traffic, if there were some way to identify that flash
instance and then figure out what ip packets were transmitted from here...

/Finn

 

[bradbury9]

El domingo, 22 de abril de 2012 04:27:11 UTC+2, Finn Stampe Mikkelsen escribió:

Hi...</div>

 </div>

Maybe it’s the wrong group, but i’m sort of going on the coding of the
matter...</div>

 </div>

Is there a way for dotnet/c# code to monitor and identify ip packets sent
from a flash application running in a browser on a computer...</div>

 </div>

I have this application running, that i want to simulate. Since i’m not
able to get the source-code for the flash app, i thought that if i could monitor
and intercept/duplicate the ip-packets sent from the app. to the central server
the app is communicating with, i could maybe reproduce them after interpreting
them myself...</div>

 </div>

Does anybody know how this could be accomplished and if so, maybe point me
i the right direction or maybe even show me some code...</div>

 </div>

TIA</div>

 </div>

/Finn</div></div></div></div>

I share Arne's opinion on beter reusing existing tools.

To isolate specific traffic I would either:

a) Use a Regex to whole traffic sniffed.
b) Install Snort and configure it creating a specific rule.

Option A has a disk space big disadvantage.
Option B is more complex to implement, but maybe easier to mantain.

 

[Arne Vajhøj]

"Arne Vajhøj" skrev i meddelelsen

Been looking at WireShark and i can see it can do something like i want,
but there is so much traffic that it becomes very difficult to sort out
what is the flash-app and what is other stuff...

I'm a firm believe in not inventing the deep pan, when other already
have done so... But do you know of a way to easily identify what traffic
is comming from the specific flash-app... I have closed all other tabs
and all other possible traffic creating code, but there still seems to
be fired way to much traffic to several IP's and i cannot see why the
flash-app (in this case a game) when not is doing anything but waiting
for user to interact, should pop-out huge amount of ip traffic and to at
least 8 different ip's...

So it would really help, if there were a way to isolate the flash app's
ip traffic, if there were some way to identify that flash instance and
then figure out what ip packets were transmitted from here...

You should be able to identify what ports Flash is using
via netstat.

And then you should be able to filter on the PC's IP address
and the found port numbers.

Note that I am not a WireShark user myself.

Arne