Monitoring TCP traffic that contains specific strings in C#

Recently one of my machines was infected with malware using IRC to communicate back to it's command and control center.

This just sparked interest within me to see if there was a program I could create in C# that is capable of monitoring traffic over TCP that contains strings such as PONG / NICK / USER (strings the irc rfc needs to communicate), and then can tell me the process that that traffic is coming from.

It would be an interesting learning experience for me, and it's something that I want to attempt.

I've done some research and I found something that did make use of WinPcap but i think I'd like to avoid a solution using pcap if possible, can anyone send any suggestions my way?

I know I may be able to view connections between my computer and other hosts using System.Net.NetworkInformation.TcpConnectionInformation and possibly IPGlobalProperties but I'm not sure if there is anyway I can view the information in realtime, or easily trace开发者_如何转开发 it back to a process on my PC.

Thank you.

This is going to be hard. The API you need is native, Windows Filtering Platform (WFP). According to Microsoft, this is not accessible from C#, you would have to wrap it in C++/CLI first.

See here and here for discussion. The second thread has some 'could be useful' stuff for you.