[Winpcap-users] Replacing packets
guy at alum.mit.edu
Thu Jul 27 07:59:56 GMT 2006
> is it possible, using Winpcap, edit (replace) grabed packet and send
> this new one instead of old one?
As noted, the answer is "no".
WinPcap is a *passive* tap that lets you capture packets; the packets
you capture are still passed on to whatever networking code would
normally handle the packet.
This is a feature, not a bug - the idea is that WinPcap should allow
applications such as WinDump/Wireshark/etc. to capture traffic on your
machine *WITHOUT* disturbing the network stack, so you can watch what's
happening on your machine without *affecting* what's happening on your
It might be useful to have a library (and driver, if necessary) for
writing programs that do *NOT* passively tap network traffic, but insert
themselves into the data flow to allow an application to modify incoming
packets *before* the networking stack on the machine sees them, and to
modify outgoing packets *before* they're transmitted on the network by
the machine. However, the UN*X version of that library would, in most
if not all cases, *NOT* run atop the same mechanism that libpcap runs on
top of (as those mechanisms are designed to be used for passive tapping,
as that's a useful facility), but would run atop a different mechanism -
and any Windows driver that the library would use would connect to the
networking stack in a different way from the way in which the WinPcap
driver does (for the same reason).
I don't know whether there's any such library/driver.
More information about the Winpcap-users