Re: NDIS IM and hidden proxy

---

• From: "serge" <pserge77@xxxxxxx>
• Date: Thu, 6 Oct 2005 20:14:58 +0300

---

Hello, Stephan!
You wrote on 6 Oct 2005 09:16:57 -0700:

SWM> What do you mean by "all TCP traffic"? The packets that comes in from
SWM> the network? The packets that your host is sending to the network?

Both.
When I connect to remote host via TCP, packets are coming in both
directions.

SWM> Is it that you are passing those packets to NdisSend() and expect them
SWM> to be received by the TCP/IP stack?

SWM> You should pass IP packets to be received by the TCP/IP stack in your
SWM> host to NdisMIndicateReceivePacket(). NdisSend() usually only goes out
SWM> to the wire (some exceptions apply).

This is already done with NdisMIndicateReceivePacket, bot does not work for
some reason. Do I need to modify ethernet header as well?

I am extending PASSTHRU sample that comes with DDK.

SWM> Not sure what you are trying to achieve.

I want to make a transparent proxy.
All packets directed to remote host must be transparently redirected to my
local proxy server for analysis.

For example, program connects to yahoo.com:80. The request must be
redirected to localhost:8080.
This must be done transparently to the program. I know hot to setup it to
use proxy server, but I can not do it.

For example, I want to receive entire HTML page, cut off banners, and send
modified page down to browser. On driver level, there can be situation when
HTML tag is split by 2 or more packets, so it's almost impossible to analyse
data flow.

The above is just an example. I am going to intercept data of other programs
as well, and it's not obvious how to setup a proxy server for them.

Thanks.

With best regards,
serge.


.

---

• Follow-Ups:
  • Re: NDIS IM and hidden proxy
    • From: Stephan Wolf [MVP]

• References:
  • NDIS IM and hidden proxy
    • From: serge
  • Re: NDIS IM and hidden proxy
    • From: Stephan Wolf [MVP]

• Prev by Date: Re: NDIS IM and hidden proxy
• Next by Date: Re: Wi-Fi AP selection by BSSID
• Previous by thread: Re: NDIS IM and hidden proxy
• Next by thread: Re: NDIS IM and hidden proxy
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: NDIS IM and hidden proxy ... > SWM> host to NdisMIndicateReceivePacket(). ... Try and run some network sniffer on the same host (e.g. Network Monitor ... Does it show any of the packets you pass to ... (microsoft.public.development.device.drivers) Re: NDIS IM: queueing question ... SWM> Hmm, what does that mean? ... SWM> MiniportSendPackets() is nothing more than MiniportSendbut for more ... i.e. append new packets to the queue until ... (microsoft.public.development.device.drivers) Re: NDIS IM: queueing question ... SWM> to fatal behavior for some protocols. ... I transparently count all the packets passed to me via MPSendPackets, ... But I do nothing in ProtocolReceive function. ... SWM> But there is a small chance that MiniportSend() gets called when the ... (microsoft.public.development.device.drivers) Re: Bandwidth limit with NDIS IM driver ... SWM> do not return the original NDIS_PACKET to NDIS. ... But now TCP connection breaks for some reason if I queue packets. ... All queued packets are sent in separate thread using origial MPSendPackets ... (microsoft.public.development.device.drivers) Re: Bandwidth limit with NDIS IM driver ... Which connections break - incoming or outgoing? ... > SWM> queue. ... But now TCP connection breaks for some reason if I queue packets. ... (microsoft.public.development.device.drivers)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.development.device.drivers  > 2005-10