[Winpcap-users] Pulling Actual Packets

Guy Harris guy at alum.mit.edu
Tue Jul 29 17:23:24 GMT 2008


On Jul 29, 2008, at 7:28 AM, Ammar Asi wrote:

> I want to build an application which captures incoming and outgoing  
> packets, modifies them and then release the packets, so that the  
> packets sent to destination are different from the original ones. Is  
> it possible to implement using Winpcap ?

No.

> I have seen the packet capturing example given in the winpcap  
> tutorial, and i think it just copies the packets to the application  
> - it does not pull the actual packets. Is it so ?

Yes.  That's what it is intended to do, and what it is designed to do;  
libpcap (and the underlying UN*X mechanisms it uses) and WinPcap are  
for use in applications that either

	1) passively capture network traffic (network analyzers, intrusion  
detection systems, etc.)

and

	2) applications that implement, in userland, protocols not  
implemented in the OS's networking stack.

They're not for applications that insert themselves into the OS's  
networking stack and modify incoming and outgoing packets; they would  
have to use different mechanisms to do that, and would be useless for  
their original purpose (passively capturing network traffic) if they  
did.


More information about the Winpcap-users mailing list