So I've been playing around with very beginner networking stuff, and have decided that I want to try and build a packet sniffer. Now before anyone goes and says why do you need a packet sniffer? The reason is that I think it will be a good learning experience to learn more about network programming and eventually (Once I get more experience in networks) I hope to convert it into a intrusion detection system or something along those lines.
So my question is what would be the best library to use for something like this? I have been messing around with the SFML networking library but that is about it. Also I was wondering if there is any good tutorials and or books that I could use to help myself learn how to do this.
A packet sniffer generally requires a system driver last I remember. Even Wireshark uses a low-level driver which is why, on *nix, it either requires root permissions or for your user to be part of a special group that's made for using wireshark.
I assure you, a packet sniffer is not the way to begin. Plus, you'll find the word "intrusion" quite abstract.
Hmm I've been looking over some source code for packet sniffers and in all honesty they don't seem to hard to follow or recreate even though I have no networking experience. The general thing I have been seeing is that its easy to make a simple sniffer that functions but hard to get all the special case bugs fixed.
But ill take your word on in it and hold off until I have more experience in that area. What would you recommend for a good introductory project into networking? I would say I have intermediate skills (If there is such a thing as intermediate) with C++ and also C#, and have experience working different types of libraries (SFML, Windows API, DirectX)
Usually I don't have trouble coming up with projects to learn from or anything, but right now I'm pretty stumped about where to start with networking.
There's nothing really malicious about a packet sniffer. I use Wireshark pretty often at work for diagnostic reasons. But as computerquip said, writing your own packet sniffer is no easy task. They have to work at the lowest level really possible due to their nature (getting layer 2 frame information requires working with the NIC).
I hope to convert it into a intrusion detection system
Eh don't get your hopes up. An IDS is also quite a hefty thing. Our enterprise level IDS costs well over $10,000 USD.
Start small, write some programs that implement various ICMP messages. Or work higher up and develop some little client/server programs.