How to analyze / intercept packets before sending / receiving the OS?

Question

How to analyze / intercept packets before sending / receiving the OS?

I always wondered how software firewalls work under covers, and would like to be able to write my own tools for analyzing or intercepting packets before sending them or receiving an OS. I am familiar with the basic principles of networking; I just don't know where to start if I want to write software that fits into the network stack, similar to how firewalls do it. Can someone give me some pointers?

I would be particularly interested if this can be done using C #, but I can do other languages as well. I mainly focus on Windows, but would like to know if there are cross-platform libraries there.

EDIT Using the NDIS driver (like Wireshark) sounds like a good option, and Vista's filtering options sound neat, but how do firewalls do it, say, in Windows XP? They do not need to install a special driver that I know of.

+3

networking network-programming packet-capture

Phil 21 sept '09 at 23:54

source share

4 answers

, NDIS. (Network Interface Card), , NIC, - - Ethernet.

#. C ++ .

UPDATE: Windows XP. , , , API, Windows Vista .

+1

Colin Mackay 21 . '09 23:59

, " O/S", WireShark libpcap.

+1

Tim Sylvester 22 . '09 0:09

WinPcap - NDIS . , , /, , . http://www.winpcap.org/docs/docs_40_2/html/group__internals.html:

-, , . , . , , Netgroup (NPF); Windows 95, Windows 98, Windows ME, Windows NT 4, Windows 2000 Windows XP. , . (, ftp ), - , (, , ).

0

jnylen Sep 22 '09 at 1:09

source share

Michael · Accepted Answer · 2009-09-21T23:58:41+0000

In Windows Vista and above, you can see the Windows Filtering Platform . In earlier versions of Windows, you need to use filter drivers (the link to the MSDN page mentions which technologies replaces WFP.)

How to analyze / intercept packets before sending / receiving the OS?

More articles: