poorman's windows sniffer v0.1
 by nad@somethinginteresting.org

 i decided to write a tiny readme just in case.
 after all, the thing is just 1 c file and 1 h file,
 but the usage is a little complicated.

 the gyst of it is thus: simple command-line windows
 sniffer using a raw socket so no packet driver is
 required. it'll yank tcp, udp, or icmp packets off
 the wire and display them in a default fashion
 unless you override the format strings. directions
 for doing that can be found by typing poorsniff -h.

 there are a few things that are kind of broken,
 specifically some packet fields aren't available
 as format string options (add whatever you want)
 and the data slicing stuff could be a lot more
 complex. also, there could be more packet filtering
 options but again, i don't really care that much.
 anything you'd like to do to it feel free, this code
 (as it says in the source) is all public domain. use
 it, hack it up, sell it, piss on it, i don't give
 a shit.

 i wrote and compiled this using lcc-win32 
 (http://www.cs.virginia.edu/~lcc-win32/) which is a
 free compiler system for windows. i recommend you try
 it out. it is all more or less straight up Win API so
 it will probably work under Visual C++ too.

 lastly, i wrote this because of what i feel is a
 dramatic shortage of open-source command-line sniffers
 for windows. there are a few that all require winpcap,
 but i kind of like the simplicity of this approach.
 incidentally, if you want to do something more complex
 (like dsniff for win32 or something), winpcap does dynamic
 driver binding now with some limitations so you don't
 have to preinstall anything. i did some research into that
 area, eventually i'll post something. the gist is that if
 you have the driver and the packet.dll in the directory of
 your app you don't need to preinstall pcap. like i said,
 i'll post some code eventually.

    nad


thanks to:

the guy who wrote:
 http://blacksun.box.sk/tutorials/format.php3?file=part3.html
 the code there was pretty helpful.

also, ngsec for releasing a closed-source sniffer and inspiring
 me to
 a) use raw sockets intead of winpcap and
 b) actually try and finish what i was working on for once

lastly, mad shoutouts to malden

TODO:

right now ctrl-c doesn't really kill things cleanly
some sort of gpf somewhere in parsing code
interface list would be nice
text printing options for things like icmp type and code?