Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network (Packets) Informer #2060

Open
AndreiMuntea opened this issue May 9, 2024 · 2 comments
Open

Network (Packets) Informer #2060

AndreiMuntea opened this issue May 9, 2024 · 2 comments
Labels
enhancement

Comments

@AndreiMuntea
Copy link

Description of the feature, modification, idea or suggestion

Hi! First of all, I want to say that I love System Informer projects! I find it a very useful learning resource! Great work!

I'd like to add a feature request.
I know there is a "Network" tab which display the active connections. I think a really useful addition would be a packet inspection-like capability. Would be very useful to record and reconstruct packets from a specific connection.

Proposed implementation details (optional)

Maybe something like the network/trans/inspect/sys driver sample from Windows-driver-samples.
@3zerevelt
Copy link

Description of the feature, modification, idea or suggestion

Hi! First of all, I want to say that I love System Informer projects! I find it a very useful learning resource! Great work!

I'd like to add a feature request. I know there is a "Network" tab which display the active connections. I think a really useful addition would be a packet inspection-like capability. Would be very useful to record and reconstruct packets from a specific connection.

Proposed implementation details (optional)

Maybe something like the network/trans/inspect/sys driver sample from Windows-driver-samples.

Sounds like an interesting feature I'm also interested in. I'd like to contribute to the project as a way to polish my skills, so I've got a couple of questions to make sure we're on the same page.

Should we focus on packets from specific connections only?

For integrating this into the UI, how do you envision users will start and stop the packet capture? Also, how should we display the captured data? I'm thinking a dedicated panel or perhaps a downloadable log could be neat ways to handle this.

@AndreiMuntea
Copy link
Author

Hi! Thank you!

I am thinking that the ability to set IP based rules for traffic packets you are interested into is useful.
Maybe support filter based on ip/mask ranges and by default is not capturing anything. This way you can set it to filter traffic related to one ip or everything, or nothing at all.

For integration in the UI, I like both your ideas. We can maybe combine them - as they are both very useful!
A downloadable connection log would be advantageous - especially for short-lived connections, you can inspect the content at your pace and you don't have to click on the connection when it pops up in the already existing network tab. It is also very useful when setting the informer at boot and there are maybe early connections being made.
On the other hand a dedicated plugin-like view (similar with the pe-view for mzpe files), that would allow to display and analyse the content of the connection log files so you don't have to F3 in total cmd or use other tools would be a good addition as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AndreiMuntea @3zerevelt