All geek questions in one place

Creating a program that intercepts network traffic in Windows

Regarding what I ask, "how to make a software firewall for Windows", but something is not so difficult. I am surprised that I can find so little when searching for this, just a random mention of the hooks. Therefore, it would be very helpful if someone could point me in the right direction.

I expect to do this with C (although if there is another language that you think will work better, I'm all ears). I want the application that monitors network traffic to be able to extract the IP address (source for incoming, target for outgoing) and can block the specified network activity.

This is similar to what it would be much easier to do in the kernel, but I do not want it to be there, somewhere there, and generally do not have access to this on Windows. I'm not worried about efficiency, and I'm not going to create a personal firewall. This is just an experiment on IP addresses.

Any pointers?

Note. It is also important to block network activity of the network, and not just monitor it.

+6
source share
5 answers

DIY mode will run in kernel mode using filter drivers (for Windows 2000-XP) or WFP callout drivers .

If you want others to do dirty work in kernel mode, the WinPcap driver / library has been involved in sports with many low-level network functions, including those that you need that you can use from user mode (note that using WinPcap cannot discard packets).

+5
source

It looks like you are looking for the Winsock Layered Service Provider (LSP) Service Provider Interface (SPI). From what you said, if you're dealing with Vista or newer, you probably want to implement an instance of the LSP_INSPECTOR class. For older versions of Windows, this class does not apply exactly, but the same general idea. In Vista / 7, you set a category (class) for your application with WSCSetApplicationCategory . To install a provider, you fill out the WSAPROTOCOL_INFO structure, then register it by calling WSCInstallProvider .

+3
source

You want to see libpcap and tcpdump .

+1
source

I think that you are looking for a packet sniffer, it will intercept almost all communications over the network. If you want to use the library, look at WinPCap , which is designed specifically for this purpose.

Also, if you think you just want to write something in advance and just want to change it, check out Wireshark . Although, reading code is often more difficult than writing.

+1
source

try winpcap . Like "tcpdump with GUI" you can try wireshark .

0
source

Source: https://habr.com/ru/post/886022/

More articles:


All Articles