Capture packets with Winsock
Winsock can capture Internet Protocol packets on your network with Windows 2000. The information of the network interface layer isn't contained in the captured data. For example, the MAC address is not captured.
You require the administrator privilege of Windows 2000 to capture packets with Winsock. You must set the network interface to promiscuous mode. The function to do it is WSAIoctl() in Winsock 2.
You can find a reference to the SIO_RCVALL command in the page on WSAIoctl. In addition, the settings for the SIO_RCVALL command are not given in the WSAIoctl page. You find those values in the example "rcvall" in Network Programming for Microsoft Windows.
Here is the opcode setting and the input/output buffer of SIO_RCVALL.
Opcode: SIO_RCVALL (opcode setting: I==1, T==3)
Input Type: int
Output Type: <not used>
Meaning: Enables a socket to receive all IP packets on the network.
The input buffer contains integer value 1(=TRUE).
When you include the header file of Winsock 2, give the definition of SIO_RCVALL next.
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)