How do I get only pop3/smtp packets using winpkfilter?
You will get all packets with WinpkFilter but you can selectively process SMTP/POP3 packets. In order to implement this you have to parse packet headers (Ethernet, IP, TCP) and check source/destination ports for SMTP/POP3 ones (25/110).
How do I decode raw packets to see the content? Where may I find more VB examples of using that?
In C parsing is easy (typecasting to structures):
pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;
if ( ntohs(pEthHeader->h_proto) == ETH_P_IP )
{
pIpHeader = (iphdr*)(PacketBuffer.m_IBuffer + ETHER_HEADER_LENGTH);
if (pIpHeader->ip_p == IPPROTO_TCP)
{
// This is TCP packet, get TCP header pointer
pTcpHeader = (tcphdr*)(((PUCHAR)pIpHeader) + sizeof(DWORD)*pIpHeader->ip_hl);
....I’m not a VB expert but getting Ethernet header is shown in WinpkFilter VB samples, getting other headers should be very similar.