Monitoring and reacting to incoming and outgoing traffic.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello All.

If I where to capture network traffic, dropping packets and modifying
packets. I.e write firewall functionality. Which API or SDK would be the
correct choice? I would prefer to do it in .net.

Do I have to use the DDK package or is there any other way?

Im quite lost here.
 
Hello, Björn!

BO> If I where to capture network traffic, dropping packets and modifying
BO> packets. I.e write firewall functionality. Which API or SDK would be
BO> the correct choice? I would prefer to do it in .net.

Win PCAP library can be good start, however it is unmanaged.
( http://www.winpcap.org/ )

BO> Do I have to use the DDK package or is there any other way?

If you want to filter not only sockets traffic, then definetly DDK. You will have to write kernel-mode device driver.
If sockets traffic is okay for you you can stay on user mode and write LSP ( Layered Service Provider )

--
Regards, Vadym Stetsyak
www: http://vadmyst.blogspot.com
 
Thanks for your reply :)

I was looking into the PCAP documentation at first but found this in its FAQ:
"Q-17: Can I use WinPcap to drop the incoming packets? Is it possible to use
WinPcap to build a firewall?

A: No. WinPcap is implemented as a protocol, therefore it is able to capture
the packets, but it can't be used to drop them before they reach the
applications. The filtering capabilities of WinPcap work only on the sniffed
packets. In order to intercept the packets before the TCP/IP stack, you must
create an intermediate driver.
"

Will I be able to to drop and modify packets with a LAyered Service Provider?
Can you point me in some direction where I can find more information on LSP?
 
Hello, Björn!

BO> Will I be able to to drop and modify packets with a LAyered Service
BO> Provider?

yes

BO> Can you point me in some direction where I can find more information on
BO> LSP?

( http://www.microsoft.com/msj/0599/LayeredService/LayeredService.aspx )
( http://www.ndis.com/papers/winpktfilter.htm )
( http://www.ndis.com/papers/winpktfilter.htm#WinsockLSP )
( http://www.ndis.com/papers/winpktfilter.htm#W2KPktFilterInterface )
--
Regards, Vadym Stetsyak
www: http://vadmyst.blogspot.com
 
Thanks again for all the info. :)
Ive managed to read through it now and downloaded the latest windows server
2003 DDK. However I cant find anything named Layered services on the cd. :(
Have I gone blind?
 
Hello, Björn!

BO> Thanks again for all the info. :)
BO> Ive managed to read through it now and downloaded the latest windows
BO> server 2003 DDK. However I cant find anything named Layered services on
BO> the cd. :( Have I gone blind?

Nope, LSP is not a part of DDK, LSPs are user mode applications.
Take a look ( http://www.microsoft.com/msj/0599/LayeredService/LayeredService.aspx )
especially code sample, it is a good start point

--
Regards, Vadym Stetsyak
www: http://vadmyst.blogspot.com
 
Back
Top