Hi,<br><br>I am developing a firewall application for my dissertation. The idea is that my firewall application runs on system with two network interfaces(via VMWARE). One is connected to the outside world and the other one is connected to the internal network. My application has to capture packets comming from outside for the internal network take some decisions and forward it to the internal network or drop the packet. I am using winpcap for capturing packets and I know that winpcap only gets a copy of the packet not the original packet. But my idea was to disable routing on the machine running my application so that even if kernel has the original copy of the packet it can't deliver it to the internal network. But the problem is that after doing every thing
i.e disable routing and deleting the route of the internal network from application running host, the kernel stills delievers it to the destination. <br><br>1. My question is Could anyone please tell me an easy way to capture the original packet from the network ?
<br>2. Do I have to write a NDIS driver to do the above task ? (I am afraid doing this because I haven't done any driver development before)<br><br>Please let me know because I don't have much time.<br><br>Thank you <br>Ahsan