Capturing packets on Windows 7

I am trying to capture all of transferred packets on a computer. My code works fine in Windows XP but it only captures outgoing packets on Windows 7 and cannot see incoming packets.

Here is a version of the code which just calculate the size of received packets (it seems big but most of it is just definitions). This code works correctly on Windows XP but nothing happens on Windows 7 (it stuck at recvfrom) (the code is complete and you could give a try on Win7):

#include <Winsock2.h>
#include <Mstcpip.h>
#include <iostream>
#include <string>
using namespace std;
#pragma comment(lib,"Ws2_32.lib")

struct SIP4HEADER
{
    u_char  ver_ihl;    // Version (4 bits) + Internet header length (4 bits)
    u_char  tos;        // Type of service 
    u_short tlen;       // Total length 
    u_short ident;      // Identification
    u_short flags_fo;   // Flags (3 bits) + Fragment offset (13 bits)
    u_char  ttl;        // Time to live
    u_char  proto;      // Protocol
    u_short crc;        // Header checksum
    u_long  saddr;      // Source address
    u_long  daddr;      // Destination address
    u_int   op_pad;     // Option + Padding
};    

// Error handling parts is removed for clarity    
void main()
{
    WSAData wsa={0};
    WSAStartup(MAKEWORD(2,2),&wsa);

    string strIPAddress;
    cout << "Enter a local IP address to monitor: ";
    cin >> strIPAddress;
    SOCKET ListenSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
    sockaddr_in sa_in;
    sa_in.sin_family = AF_INET;
    sa_in.sin_addr.s_addr = inet_addr( strIPAddress.c_str() ); //My local IP address
    sa_in.sin_port = htons(0);      


    bind(ListenSocket,(SOCKADDR *) &sa_in, sizeof(sa_in));

    int rcv=RCVALL_IPLEVEL;
    DWORD b=0;
    WSAIoctl(ListenSocket,SIO_RCVALL,&rcv,sizeof(rcv),0,0,&b,0,0);

    char buf[2000];
    SIP4HEADER* ih = (SIP4HEADER*)buf;
    DWORD ReceivedKBytes = 0;
    DWORD t = 0;
    while( recvfrom(ListenSocket,buf,_countof(buf),0,NULL,NULL)!=-1 )
    {
        if(sa_in.sin_addr.s_addr == ih->daddr)
            t += ntohs(ih->tlen) ; 
        // update each 20KB
        if(t > 20*1024) 
        {
            t=0;
            ReceivedKBytes += 20;
            cout << "Received KBs: " << ReceivedKBytes << endl;
        }
    }
}

The only thing made me suspect was this article on MSDN who says:

A call to the bind function with a raw socket for the IPPROTO_TCP protocol is not allowed

but i am using IPPROTO_IP, and bind function documentation also says:

The bind function may also be used to bind to a raw socket (the socket was created by calling the socket function with the type parameter set to SOCK_RAW)

So it seems this is not the problem. Despite this, I don't get any error from calling bind and other functions in this code. I also omitted calling bind function which causes recvfrom make error 10022 Invalid argument. I also repl开发者_如何学Pythonaced IPPROTO_IP with IPPROTO_TCP but it doesn't help neither.

I am not sure whether I am doing it right or not, but this code works without any problem on Windows XP. Anyway, I am looking for a way to get received and sent packets related to a local IP address on Windows XP/7.

Also:

• I am running this code on privileged (admin) mode in Windows 7.
• The Winpcap or other third-party libraries is not an available option for me.

I had the same problem. Turned out it was Windows 7 Firewall that stopped the sniffer from seeing inbound data. Turned it off and finally, the code worked.

I run your code on my Win7 and it works. I do see following lines printed out: Received KBs: 20 Received KBs: 40 Received KBs: 60 Received KBs: 80 Received KBs: 100

Probably check your firewall?