[Winpcap-users] Want to get original Packet!

[ahsan askari]

Hi,

I am developing a firewall application for my dissertation. The idea is that
my firewall application runs on system with two network interfaces(via
VMWARE). One is connected to the outside world and the other one is
connected to the internal network. My application has to capture packets
comming from outside for the internal network take some decisions and
forward it to the internal network or drop the packet. I am using winpcap
for capturing packets and I know that winpcap only gets a copy of the packet
not the original packet. But my idea was to disable routing on the machine
running my application so that even if kernel has the original copy of the
packet it can't deliver it to the internal network. But the problem is that
after doing every thing i.e disable routing and deleting the route of the
internal network from application running host, the kernel stills delievers
it to the destination.

1. My question is Could anyone please tell me an easy way to capture the
original packet from the network ?
2. Do I have to write a NDIS driver to do the above task ? (I am afraid
doing this because I haven't done any driver development before)

Please let me know because I don't have much time.

Thank you
Ahsan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20060721/967356d2/attachment.htm