Packet Filtering in Windows (XP, 7, etc.)

Question

Packet Filtering in Windows (XP, 7, etc.)

How can I filter (allow, block, etc.) outgoing packets on Windows? I want to search in TCP or UDP packet types to search in a data segment, for example, this is "387602304fd236e048125453b1fa10c980e9dad4fa7f3f5dd2497c2e8b2b" and discard / block / block the packet if it matches the hexadecimal search string. I already tried WIPFW and PKTFILTER, but they only serve IP source filtering, dest, port, etc. They do not check packet data. I think the Berkeley Packet Filter does the job, but it is for unix ...

+4

windows winapi packet-sniffers

Skoupidi Feb 12 '11 at 14:59

source share

3 answers

Madnik7g · Answer 1 · 2012-01-24T23:53:39+0000

Here are some for filtering a package in windows:

WinDivert Free open source work for Windows 7, 2008 or higher. network layer.

WinpkFilter 3.0 Commercial, Windows XP and upper. datalink layer

pcausa , commercial. datalink layer

Modification Example of a Windows Filtering Platform Package A sample for creating a leader driver that uses WinDivert, now you need to implement the kernel driver. network layer.

ayush · Answer 2 · 2011-02-12T15:07:11+0000

You can use SmartSniff in windows.

Starting with version 1.10, you can filter out unwanted TCP / IP activity during the Capture Filter process or when displaying captured TCP / IP data (Display Filter)

Sorressean · Answer 3 · 2011-02-28T00:27:11+0000

Then you want to filter the application level (just by changing the payload). If you want to leave, I know that you can connect to Winsock, which will allow you to capture packets when they exit and configure a filter there. Windows 7 has also been added to your firewall, so you can use this API to capture outgoing packets; I'm not sure if this will allow you to specifically modify the payload data.

Packet Filtering in Windows (XP, 7, etc.)

More articles: