[Winpcap-users] packet redirection
Guy Harris
guy at alum.mit.edu
Tue Sep 13 23:36:03 GMT 2005
On Sep 13, 2005, at 4:32 PM, Guy Harris wrote:
> It does not, however, let you *intercept* packets received by that
> machine. A WinPcap-based application cannot see those packets
> before the rest of the networking stack sees the packets, and
> cannot prevent the rest of the network stack from seeing the packet
> as received, and cannot inject its own modified version of the packet.
This is, by the way, mentioned in the WinPcap FAQ:
http://www.winpcap.org/misc/faq.htm#Q-17
"Q-17: Can I use WinPcap to drop the incoming packets? Is it possible
to use WinPcap to build a firewall?
A: No. WinPcap is implemented as a protocol, therefore it is able to
capture the packets, but it can't be used to drop them before they
reach the applications. The filtering capabilities of WinPcap work
only on the sniffed packets. In order to intercept the packets before
the TCP/IP stack, you must create an intermediate driver."
More information about the Winpcap-users
mailing list