|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to intercept IP packet from an application ???I actually need to develop a Firewall.
What i want to do is intercept all the IP packets generated by an application running in the same machine as my firewall application. Do you know how to intercept the IP packets. Thank you very much for your help ! What you want to develop is basically called a "packet sniffer." It monitors
TCP packets on a network, or on a particular machine, and it's not an easy app to write. Depending on your needs, you may be able to write a client for the WinPCap public access software library. See http://www.winpcap.org/. Another alternative is to use another packet-sniffing library, of which there are several, some even for .Net. See: http://www.google.com/search?hl=en&q=.Net+packet+sniffer -- Show quoteHTH, Kevin Spencer Microsoft MVP Professional Development Numbskull Nyuck nyuck nyuck "simtouch" <simto***@discussions.microsoft.com> wrote in message news:95E2E58E-514B-4789-A8E2-FC3398C55AF8@microsoft.com... >I actually need to develop a Firewall. > What i want to do is intercept all the IP packets generated by an > application running in the same machine as my firewall application. Do you > know how to intercept the IP packets. Thank you very much for your help ! Thank you Kevin for your fast response. I have another question regarding
intercepting IP packet from a specific process. Is it feasible to intercept all the IP packet from an identified process, for exemple all the Skype processes that are currently running in the machine. Thank you Show quote "Kevin Spencer" wrote: > What you want to develop is basically called a "packet sniffer." It monitors > TCP packets on a network, or on a particular machine, and it's not an easy > app to write. Depending on your needs, you may be able to write a client for > the WinPCap public access software library. See http://www.winpcap.org/. > > Another alternative is to use another packet-sniffing library, of which > there are several, some even for .Net. See: > > http://www.google.com/search?hl=en&q=.Net+packet+sniffer > > -- > HTH, > > Kevin Spencer > Microsoft MVP > Professional Development Numbskull > > Nyuck nyuck nyuck > > > "simtouch" <simto***@discussions.microsoft.com> wrote in message > news:95E2E58E-514B-4789-A8E2-FC3398C55AF8@microsoft.com... > >I actually need to develop a Firewall. > > What i want to do is intercept all the IP packets generated by an > > application running in the same machine as my firewall application. Do you > > know how to intercept the IP packets. Thank you very much for your help ! > > > simtouch wrote:
> Thank you Kevin for your fast response. I have another question regarding Hi,> intercepting IP packet from a specific process. Is it feasible to intercept > all the IP packet from an identified process, for exemple all the Skype > processes that are currently running in the machine. > > Thank you > .... If you need only to monitor packets, not to actually drop or modify, there is a C# sample available at: http://www.mentalis.org/soft/projects/pmon/ It's done through opening raw socket and setting socket IO control to SIO_RCVALL. It's user mode approach, no drivers are necessary. Regards, Goran Hello,
Actually, i need to modify the IP packet, is there any other solution for that ? Thanks for your help ... Show quote "Goran Sliskovic" wrote: > simtouch wrote: > > Thank you Kevin for your fast response. I have another question regarding > > intercepting IP packet from a specific process. Is it feasible to intercept > > all the IP packet from an identified process, for exemple all the Skype > > processes that are currently running in the machine. > > > > Thank you > > > .... > > Hi, > If you need only to monitor packets, not to actually drop or modify, > there is a C# sample available at: > > http://www.mentalis.org/soft/projects/pmon/ > > It's done through opening raw socket and setting socket IO control to > SIO_RCVALL. It's user mode approach, no drivers are necessary. > > Regards, > Goran > > > simtouch wrote:
> Hello, I think you'll need kernel mode driver for that (.NET is not an option > > Actually, i need to modify the IP packet, is there any other solution for > that ? > Thanks for your help ... > .... for that). Check winpcap library, maybe they have something (not sure, it used to be only capture library last time I checked). Regards, Goran simtouch,
I don't think this can be achieved using the CLR libraries. What part of the packet are you trying to modify? If you're just trying to wrap the data or modify source / destination headers, I'd search for a NAT solution that's written in .NET (i doubt there is one), it should help you get closer. I think other people have mentioned this before, but i'll say it anyways. This isn't an easy undertaking. Good luck, -- Show quoteSaad Rehmani / Prodika / Dallas / TX / USA > Hello, > > Actually, i need to modify the IP packet, is there any other solution > for > that ? > Thanks for your help ... > "Goran Sliskovic" wrote: > >> simtouch wrote: >> >>> Thank you Kevin for your fast response. I have another question >>> regarding intercepting IP packet from a specific process. Is it >>> feasible to intercept all the IP packet from an identified process, >>> for exemple all the Skype processes that are currently running in >>> the machine. >>> >>> Thank you >>> >> .... >> >> Hi, >> If you need only to monitor packets, not to actually drop or modify, >> there is a C# sample available at: >> http://www.mentalis.org/soft/projects/pmon/ >> >> It's done through opening raw socket and setting socket IO control to >> SIO_RCVALL. It's user mode approach, no drivers are necessary. >> >> Regards, >> Goran I thought you were developing a Firewall. A Firewall doesn't modify packets.
-- Show quoteHTH, Kevin Spencer Microsoft MVP Professional Development Numbskull Nyuck nyuck nyuck "simtouch" <simto***@discussions.microsoft.com> wrote in message news:EF118FF2-6A97-4295-AE08-C65DC85105B1@microsoft.com... > Hello, > > Actually, i need to modify the IP packet, is there any other solution for > that ? > Thanks for your help ... > > "Goran Sliskovic" wrote: > >> simtouch wrote: >> > Thank you Kevin for your fast response. I have another question >> > regarding >> > intercepting IP packet from a specific process. Is it feasible to >> > intercept >> > all the IP packet from an identified process, for exemple all the Skype >> > processes that are currently running in the machine. >> > >> > Thank you >> > >> .... >> >> Hi, >> If you need only to monitor packets, not to actually drop or modify, >> there is a C# sample available at: >> >> http://www.mentalis.org/soft/projects/pmon/ >> >> It's done through opening raw socket and setting socket IO control to >> SIO_RCVALL. It's user mode approach, no drivers are necessary. >> >> Regards, >> Goran >> >> >> Actually, i want to add a QoS functionnality to the firewall, i want to mark
the IP packet and change the DS byte (formerly call TOS Byte). Thank you ... Show quote "Kevin Spencer" wrote: > I thought you were developing a Firewall. A Firewall doesn't modify packets. > > -- > HTH, > > Kevin Spencer > Microsoft MVP > Professional Development Numbskull > > Nyuck nyuck nyuck > > > "simtouch" <simto***@discussions.microsoft.com> wrote in message > news:EF118FF2-6A97-4295-AE08-C65DC85105B1@microsoft.com... > > Hello, > > > > Actually, i need to modify the IP packet, is there any other solution for > > that ? > > Thanks for your help ... > > > > "Goran Sliskovic" wrote: > > > >> simtouch wrote: > >> > Thank you Kevin for your fast response. I have another question > >> > regarding > >> > intercepting IP packet from a specific process. Is it feasible to > >> > intercept > >> > all the IP packet from an identified process, for exemple all the Skype > >> > processes that are currently running in the machine. > >> > > >> > Thank you > >> > > >> .... > >> > >> Hi, > >> If you need only to monitor packets, not to actually drop or modify, > >> there is a C# sample available at: > >> > >> http://www.mentalis.org/soft/projects/pmon/ > >> > >> It's done through opening raw socket and setting socket IO control to > >> SIO_RCVALL. It's user mode approach, no drivers are necessary. > >> > >> Regards, > >> Goran > >> > >> > >> > > >  |
|||||||||||||||||||||||
Other interesting topics