-What is it?

NetworkSnoop is a patch which purpose is similiar to SnoopDos but it is aimed at tracing bsdsocket.library calls. This is not a program for an ordinary user - it is not going to improve the functionality of TCP/IP stack. NetworkSnoop is for developers who develop tools which use bsdsocket.library. This tool offers them ability to check eg. content of the buffers of such functions as recv(), send(), content of the system's structures which are used by bsdsocket.library. The developers may also like to check if the function receives proper parameteres and what are they.

This tool can also be used to monitor "uncertain" software:  suspected for spamming, software that sends 
unwanted information in non-specified web places.

-Requirements

Current version works flawlessly on AmigaOS 3.x, AmigaOS 4.0 and MorphOS. Soon there will be also 
individually compiled native versions for AmigaOS/AmigaOS-like systems (AmigaOS 4.x, MorphOS, AROS).

Requirements are as follows:

-any TCP/IP stack compatible with bsdsocket.library (practically all stacks; bsdsocket.library 
emulation built into WinUAE also works)
-MUI 3.x or newer,
-MUI NList class,
-any tool that uses bsdsocket.library (to test on something)

There might be also necessary to raise a stack of the tool which uses bsdsocket.library. It might be needed 
to avoid the consequences of getting out of stack problems.

-How does it work?

As already mentioned, NetworkSnoop patches bsdsocket.library functions and exec.library functions 
(OldOpenLibrary(), OpenLibrary(), CloseLibrary()). The patches are tracing all the calls to the basic 
API of bsdsocket.library (currently NetworkSnoop traces calls of procedures in offsets table of jumps 
within the range of -30 and -300).  It is a common knowledge that each process that uses bsdsocket.library 
has to open the library only for its very own purposes - database of the library is connected with the 
process and can not be shared between other processes.  According to this and in contrary to all the 
others AmigaOS libraries, it is impossible to assemble a single patch for bsdsocket.library as well as 
simply monitor the calls of this library.  It is necessary to assemble patches dynamically into each 
database of bsdsocket.library which was created by exec.libary/OpenLibrary() calls. Basically it 
means that NetworkSnoop must be run BEFORE any tool which has to be monitored.

-What exactly can I do with NetworkSnoop?

You may observe the functions' calls and their parameters (top lister).  In the bottom lister there are 
contents of structures or buffers of functions which assign more complexed parameters. In the second 
tab you can turn on/off patches, choose the name of the process to trace (by default, NetworkSnoop 
traces all the process which in any way are connected with bsdsocket.library), turn on/off saving to 
file information about the buffers of the functions recv()/send() (you can choose between saving to 
progdir or to the directory of the traced process). Every session is logged and can be saved to a text 
file. All the changes take place immediately, including saving the preferences.

-Future

I wrote this tool to fulfil my personal needs in the matter of debugging bsdsocket.library calls.  
If you think that NetworkSnoop can be in any way improved or serve other, different purposes in 
its range, write an e-mail to me and explain your suggestions.  The same you should do in case 
you find a bug.

-Contact with the author:

Marcin "MiniQ" Kielesiński
ministerq@amiga.pl

Thanks for Sebastian 'mailman' Rosa for translation. :)

 PERMSSN    UID  GID    PACKED    SIZE  RATIO METHOD CRC     STAMP          NAME
---------- ----------- ------- ------- ------ ---------- ------------ -------------
[generic]                 1815    5759  31.5% -lh5- f594 Nov 20 19:59 NetworkSnooper/locale/NS.cd
[generic]                 1953    4952  39.4% -lh5- 2faa Nov 20 20:50 NetworkSnooper/locale/polski/NetworkSnoop.catalog
[generic]                 2994   10096  29.7% -lh5- 3ecb Nov 20 20:49 NetworkSnooper/locale/polski/NS.ct
[generic]                 1665    3666  45.4% -lh5- 105c Nov 20 21:15 NetworkSnooper/NetworkSnoop_EN.readme
[generic]                34606   72720  47.6% -lh5- 8377 Nov 20 21:01 NetworkSnooper/NetworkSnoop_m68k.exe
[generic]                 1089    1840  59.2% -lh5- 5666 Nov 16 00:55 NetworkSnooper/NetworkSnoop_m68k.exe.info
[generic]                 1955    4054  48.2% -lh5- ced1 Nov 20 20:59 NetworkSnooper/NetworkSnoop_PL.readme
---------- ----------- ------- ------- ------ ---------- ------------ -------------
 Total         7 files   46077  103087  44.7%            Nov 21 19:17