Ethereal is what you're looking for.

I studied the Ethereal source code a while back and come up with
the following outline of the ethereal/wincap interaction.  

You can find it with this link:
http://www.slink-software.com/W/SrcDoc_Top/ethereal-0.9.15/ethereal-0.9.15.sdoc/N_68

From the website, everyline in the following topics are
hyperlink to the source code/documents.

ethereal-0.9.15.sdoc
    Source Code Roadmap:
        WinCap
            Ndis
                NdisOpenAdapter - Packet.h:309
                NdisRegisterProtocol - Packet.c:125
                NdisDeregisterProtocol - Packet.c:182
                NdisCloseAdapter - Openclos.c:471
                NdisSend - Write.c:107
            _PACKET - Packet32.h:205
                PacketReceivePacket - Packet32.c:768
                    PacketSetHwFilter - Packet32.c:1305
                pcap_sendpacket - pcap-win32.c:337
            LPADAPTER - Packet32.h:198
            NdisRequestGeneric1 - Request.c:102
            DDK - Packet.h:309
            _errno - pthread.h:1134
            PacketSetHwFilter - Packet32.c:1305
        EtherReal Filters
            Protocol Tree
                proto_tree_add_ipv4_format - README.developer:1413
                proto_tree_add_uint_format - README.developer:1420
                proto_tree_add_uint - proto.c:1523
            dissect_tcp - packet-tcp.c:2117
                tcpinfo - packet-tcp.h:56
                decode_tcp_ports - packet-tcp.c:2039
            dissect_http - packet-http.c:201
            dissect_udp - packet-udp.c:137
                e_udphdr - packet-udp.h:36
            dissect_snmp - packet-snmp.c:2238
                SNMP_VERSION_3 - packet-snmp.c:181
                dissect_snmp_pdu - packet-snmp.c:1459
                dissect_snmp_tcp - packet-snmp.c:2274
            dissect_socks - packet-socks.c:956
            dissect_smb - packet-smb.c:16272
                dissect_smb_logon_cmds - packet-smb-logon.c:788
                dissect_smb_logon - packet-smb-logon.c:819
            dissect_ssh - packet-ssh.c:208
            dissect_ssl - packet-ssl.c:605
                dissect_ssl3_alert - packet-ssl.c:518
            BGP - packet-bgp.h:30
        lan_dvr_node_addr - packet-ncp2222.c:20745
    BuildInfo

---------------------------------------------------------------------
About SLink:
---------------------------------------------------------------------
If you like to download and use the SLink program with your own
source code, you can do it too for free.

You need to

1) download the Slink.zip from
  http://www.slink-software.com/download/slink.zip,

2) Use this link to get the free eval license.
  http://www.slink-software.com/W/UserReq_EvalLic_Form

Hi Eugene:
   Thanks Derek and "Google_Post" for their answers.
   You might also want to look at Netmon, it is written in VC++. I think
you may want to begin with a sample. Now, here it is:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AF0A6060-6566-408F-
9F11-EA2C80B8CAA0&displaylang=en
    You can find Network Monitor API here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netmon/netm
on/network_monitor.asp

Rhett Gong [MS]
Microsoft Online Partner Support

This posting is provided "AS IS" with no warranties, and confers no rights.
Please reply to newsgroups only. Thanks.