[p2p-hackers] Measure per-application bandwidth in Win32

Ivan Arce ivan.arce at coresecurity.com
Mon Jun 19 21:42:19 UTC 2006

Regarding the ICMP tunneling discussion, ICMP covert channels have been
used by security researchers and attackers for at least 10 years.
Here's one of the first public reference implementations:
and the actual source code is here

As for the brain-damaged decision to cripple raw socket functionality in
Windows XP SP2, the easiest way to circumvent it is to use a device
driver and talk directly to it. The most popular option is winpcap
(http://www.winpcap.org/) which requires installing a kernel driver
(administrator) and a reboot but it is quite stable and mature code used
by a large number of popular networking and security tools. Winpcap is
usually used to capture packets off the wire but the functionality to
inject arbitrary packets is also available using the pcap_sendpacket()

David Barrett wrote:
> That'd work as well, but what's the latest on raw socket support in XP SP2?
> I seem to recall you need to install a device driver (which requires admin
> privileges and a reboot).  Is there any way to do raw sockets on XP SP2 with
> less hassle?
> -david
>> -----Original Message-----
>> From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org] On
>> Behalf Of Sam Gentle
>> Sent: Friday, June 16, 2006 11:31 AM
>> To: Peer-to-peer development.
>> Subject: Re: [p2p-hackers] Measure per-application bandwidth in Win32
>> On 6/16/06, David Barrett <dbarrett at quinthar.com> wrote:
>>> For example, is there some application like netstat or Sysinternal's
>> TCPview
>>> that not only shows which connections are currently active (and to which
>>> processes they belong), but how much bandwidth they are actually using?
>> There is a utility called AnalogX PacketMon that serves as a packet
>> sniffer (using win2k/xp's raw sockets) - I realise that's not exactly
>> what you're looking for, but I often use it to get an idea of what's
>> using bandwidth. It might be possible to use a system similar to that
>> to get definite numbers, if those are required.
>> Sam
>> _______________________________________________
>> p2p-hackers mailing list
>> p2p-hackers at zgp.org
>> http://zgp.org/mailman/listinfo/p2p-hackers
>> _______________________________________________

"Buy the ticket, take the ride" -HST

Ivan Arce


PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A

More information about the P2p-hackers mailing list