Prev: Vhidmini
Next: ndislwf monitoring filter preventing network connectivity
From: Maverick on 6 Jan 2010 00:31
Hi,

I need a network packet filtering SDK for Windows using which I'd be
able to sniff packets over the network and block them after
inspection.
I need this for an Intrusion Detection system I'm planning to develop.
The SDK should provide me with APIs (no matter user mode or kernel
mode) to read incoming packets,
I'll do a content search over the packet data and decide whether the
packet should be dropped or forwarded ahead.
Due to shortage of time, I cannot opt for writing an NDIS Intermediate
driver on my own.

I've found the following 3 SDKs until now:

1. WinPkFilter
http://www.ntkernel.com/w&p.php?id=7

2. MicroOLAP's PSSDK
http://www.microolap.com/products/network/pssdk/

3. IP Packet Redirector
http://pcausa.com/filters/ipredir.htm

I want to know if anyone can recommend me of an SDK better than the
above 3, or something which is more popular.

Thanks
From: Maverick on 6 Jan 2010 04:28
I've come to know that
MicroOLAP's PSSDK cannot drop packets.

So there remains only WinPkFilter and IP Packet Redirector capable of
network packet filtering and dropping packets if required.

WinPkFilter is a perfect example of an SDK or packet filtering library
I'm looking for.
But there's lot of work involved that happens in user mode, thereby
slowing down the network activity.

Can anyone recommend me of a Packet Filtering Library that works
mostly in Kernel mode and hardly any work is done in User mode?
From: Nike Chen on 6 Jan 2010 05:38
On 1月6日, 下午5時28分, Maverick <koushal.for...(a)gmail.com> wrote:
> I've come to know that
> MicroOLAP's PSSDK cannot drop packets.
>
> So there remains only WinPkFilter and IP Packet Redirector capable of
> network packet filtering and dropping packets if required.
>
> WinPkFilter is a perfect example of an SDK or packet filtering library
> I'm looking for.
> But there's lot of work involved that happens in user mode, thereby
> slowing down the network activity.
>
> Can anyone recommend me of a Packet Filtering Library that works
> mostly in Kernel mode and hardly any work is done in User mode?

Winpcap is what you want, http://www.winpcap.org/

From: Maverick on 6 Jan 2010 08:42

> Winpcap is what you want,http://www.winpcap.org/

Have you tried blocking network traffic of other programs using
Winpcap??

Coz Winpcap's documentation page states that WinPcap isn't able to
block, filter or manipulate traffic generated by other programs on the
same machine.
Refer to the section "What Winpcap can't do" in Winpcap's
documentation. Here's the link:
http://www.winpcap.org/docs/docs_40_2/html/main.html

If there's something that is being misinterpreted here, can you shed
some more light over how we can block network traffic of other
programs using WinPcap??
If not, then is there any other packet filtering library other than
WinPkFilter??
From: Thomas F. Divine on 6 Jan 2010 09:57
WinPCap cannot drop packets. It can "sniff" or monitor (log) packets, but
not block or modify them.

Thomas F. Divine


"Maverick" <koushal.forums(a)gmail.com> wrote in message
news:24dc60cf-46f9-4cce-8f40-c4b233f200fb(a)p8g2000yqb.googlegroups.com...
>
>> Winpcap is what you want,http://www.winpcap.org/
>
> Have you tried blocking network traffic of other programs using
> Winpcap??
>
> Coz Winpcap's documentation page states that WinPcap isn't able to
> block, filter or manipulate traffic generated by other programs on the
> same machine.
> Refer to the section "What Winpcap can't do" in Winpcap's
> documentation. Here's the link:
> http://www.winpcap.org/docs/docs_40_2/html/main.html
>
> If there's something that is being misinterpreted here, can you shed
> some more light over how we can block network traffic of other
> programs using WinPcap??
> If not, then is there any other packet filtering library other than
> WinPkFilter??

 |  Next  |  Last
Pages: 1 2
Prev: Vhidmini
Next: ndislwf monitoring filter preventing network connectivity