[Winpcap-users] packet redirection
Ben Greear
greearb at candelatech.com
Tue Sep 13 23:55:31 GMT 2005
Guy Harris wrote:
>
> On Sep 13, 2005, at 4:32 PM, Guy Harris wrote:
>
>> It does not, however, let you *intercept* packets received by that
>> machine. A WinPcap-based application cannot see those packets before
>> the rest of the networking stack sees the packets, and cannot prevent
>> the rest of the network stack from seeing the packet as received, and
>> cannot inject its own modified version of the packet.
>
>
> This is, by the way, mentioned in the WinPcap FAQ:
>
> http://www.winpcap.org/misc/faq.htm#Q-17
>
> "Q-17: Can I use WinPcap to drop the incoming packets? Is it possible
> to use WinPcap to build a firewall?
> A: No. WinPcap is implemented as a protocol, therefore it is able to
> capture the packets, but it can't be used to drop them before they
> reach the applications. The filtering capabilities of WinPcap work only
> on the sniffed packets. In order to intercept the packets before the
> TCP/IP stack, you must create an intermediate driver."
With a slightly modified driver, you can become a transparent bridge,
and then if you really wanted to, you could sit inline and modify packets
before transmitting them on their way...
The standard winpcap does not support sending packets (correctly), however.
For commercial ventures, it appears that these guys have a competing tool
that their sales guy *said* could transmit packets. I have not actually
had time to try it out yet...
http://microolap.com/products/network/pssdk/
If anyone has any experience with this, I'd like to hear.
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Winpcap-users
mailing list