Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Windows network packet modification

Tags:

c++

c

networking

packet

I'm looking to write a small program which will intercept network packets (on the local machine) and modify them before they go out on the network. I need to be able to modify the headers as well, not just the data.

I've already looked through several possibilities but am unsure which one is best to pursue. There are open source packet filters out there, but filtering only seems to be able to either allow or reject packets, not much else.

The other solution would be to write an NDIS intermediate driver, but writing drivers is a beyond me. Even the simple pass-thru example in the WinDDK is thousands of lines. I'm also not looking forward to having to constantly reinstall a driver and reboot to test my code.

I'd ideally like the program to be self contained, and not rely on the installation of 3rd party drivers/software/whatever.

So if you people could point me in the right direction, throw some helpful links my way, whatever, I'd appreciate it.

like image 829
jay.lee Avatar asked Dec 22 '22 06:12

jay.lee

2 Answers

Depends what kind of packets do you want to filter/modify.

If you're after application-level filtering, and want to get your hands on HTTP or similar packets, your best bet would probably be an LSP. Note however, following this path has certain disadvantages. First MS seems to be trying to get rid of this technology, and IIRC a part of Windows 7 logo requirements is "no LSP in your product", they seem to be promoting the Windows Filtering Platform. Second, you'd be very surprised with how much trouble you're getting into in terms of 3rd party LSP compatibility. Third, a very dummy LSP is still around 2 KLOC :)

If you're after an IP level packet filtering you'd need to go for a driver.

Windows Filtering Platform provides you with functionality needed in either case. However, it's only available on Windows Vista and later products, so no XP there. Another thing to take into consideration, WFP was only capable of allow/reject packets in user-land, and if you need to modify them, you'd need to go kernel-mode. (At least that what the situation was at the time it appeared, maybe they've improved something by now).

like image 108
Dmitry Avatar answered Jan 03 '23 18:01

Dmitry

IMHO, If you want to modify packets you'll need something to talk to the hardware, a driver of some kind. If you do not want to use your own, you should get a 3rd party driver to inter-operate with.

For filtering there's libraries like: winpcap or libpcap.

Also have a look here: http://www.ntkernel.com/w&p.php?id=7

Another link: http://bittwist.sourceforge.net/

Hope this helps!

like image 40
Tony The Lion Avatar answered Jan 03 '23 20:01

Tony The Lion
Sign in to Comment

Related questions

Language integration
Unlocked access to stl vector::size safeness
Can I expect float variable values that I set from literal constants to be unchanged after assignment to other variables?
unsigned char array to unsigned int back to unsigned char array via memcpy is reversed
Why can't gdb attach to server application summoned with inetd?
where should I put my test code for my class?
Transition from MFC to QT
Get stack trace from uncaught exception?
C++: How to Perform Deep Cloning of Generic Type
Problem with iterators for std::list of boost::shared_ptr
How to find what's new in VC++ v10?
Encapsulating a private enum
passing Temporary variables to reference arg in Constructor works. but not for functions in general. Why? [duplicate]
reasons for choosing com
Casting a pointer to a sub-class (C++)
How can I implement scripting in my game?
Native Makefile alternative for windows
How do I detect a custom plugin in Firefox/IE/Chrome?
Windows.h error
Xcode STL C++ Debug compile error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!