Re: How to intercept traffic on different OSs?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Arkady Frenkel (arkadyf_at_hotmailxdotx.com)
Date: 08/02/04 

Date: Mon, 2 Aug 2004 10:12:43 +0300

No, you can catch with LSP only winsock data and not all network data , like
TDI client calls , NetBios and so on. Driver can receive all traffic in
promiscuos mode oppositely.
Arkady

"Voronkov Konstantin" <no@more.mails> wrote in message
news:%23xlCMTZdEHA.3412@TK2MSFTNGP11.phx.gbl...
> Arkady,
>
> Putting socket in promiscuous mode differs from what I have
> with LSP Architecture in Windows. With LSP one can intercept
> and change all traffic. With changing socket mode you will have
> control only on socket you set promiscuous mode, is not it?
>
> I'm interesting much in cross-platform way of intercepting
> and *changing* traffic. Do you know any library which can
> offer me this both on Windows and other OSs.
>
> I'll looked winpcap library and discovered it is only
> intended to sniff packets, not to modify it
>
> http://winpcap.polito.it/misc/faq.htm#Q-17
>
> >Q-17: Can I use WinPcap to drop the incoming packets?
> > Is it possible to use WinPcap to build a firewall?
>
> >A: No. WinPcap is implemented as a protocol, therefore it is able
> > to capture the packets, but it can't be used to drop them. The filtering
> > capabilities of WinPcap work only on the sniffed packets. In order
> > to intercept the packets before the TCP/IP stack, you must create
> > an intermediate driver.
>
> Is there any cross-platform way/library to intercept and modify
> traffic? I found information that to modify traffic on Windows I need
> to write intermediate driver, but what should I do if I want to modify
> traffic on Unix?
>
>
> Best Regards,
> Konstantin
>
>
> "Arkady Frenkel" <arkadyf@hotmailxdotx.com> wrote in message
> news:cea7vt$roh$1@home.itg.ti.com...
> > Not at all. Additionally , as Chris wrote , in linux you can put socket
in
> > promiscuous mode by
> > line s = socket( AF_NET , SOCK_PACKET , htons( ETH_P_ALL ) ) ; and now
you
> > can listen all packets in the case you have hub connection
> > Arkady
> >
> >
> > "Voronkov Konstantin" <no@more.mails> wrote in message
> > news:uYL7T7MdEHA.3132@TK2MSFTNGP11.phx.gbl...
> > > Thank you for the information.
> > >
> > > Konstantin
> > >
> > >
> > > "Arkady Frenkel" <arkadyf@hotmailxdotx.com> wrote in message
> > > news:ce8jjs$q7p$1@home.itg.ti.com...
> > > > Both linux and unix have pcap library and so in windows
> > > > winpcap library was created and used in windump and ethereal. Last
one
>
> > > have
> > > > unix/linux variants as for windows
> > > > Arkady
> > > >
> > > >
> > > > "Chris P. [MVP]" <msdn@chrisnet.net> wrote in message
> > > > news:%23T%23OcTBdEHA.3020@TK2MSFTNGP11.phx.gbl...
> > > > > Voronkov Konstantin wrote:
> > > > > > Hello All!
> > > > > >
> > > > > > I want to ask you whether you know how to intercept traffic on
> Unix
> > > > > > or any other OS then Windows. Is there anything like LSP?
> > > > > >
> > > > > > Any information, links would be useful for me.
> > > > >
> > > > > I believe Linux has RAW packet options similar to Windows. You
will
> > > > likely
> > > > > have to be an administrator to run in promiscuous mode.
> > > > >
> > > > > No offense, but the Microsoft groups probably aren't the best
place
> to
> > > > look
> > > > > for Unix experts :)
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>

Relevant Pages

  • Re: How to intercept traffic on different OSs?
    ... That's no single library for changing packets because you ... need driver for that, pcap use protocol driver and it's OS specific, to ... >> Putting socket in promiscuous mode differs from what I have ... With changing socket mode you will have ...
    (microsoft.public.win32.programmer.networks)
  • Re: Realtek RTL 8139C and Linux Kernel 2.4.22.
    ... >>2.2 kernel. ... ppp0 Link encap:Point-to-Point Protocol ... 66:eth1: 8139too Fast Ethernet driver 0.9.18-pre4 Jeff Garzik ... 82-device ppp0 entered promiscuous mode ...
    (Debian-User)
  • Re: Promiscuous Mode
    ... I have a question concerning "Promiscuous Mode", I know what it is, ... into the trenches of your device driver. ... the driver will notify the chipset of your particular device ... then checks the first six bytes of this packet against the filter. ...
    (Pen-Test)
  • Re: QoS in Wi-Fi driver and winsock
    ... Without any other propositions, I'm back with advise to use LSP, which parse ... and send data to your protocol driver which in turn send to miniport. ... > and pass the entire QoS struct to my driver. ... > LSP hook, a TC hook, or RSVPSP hook or all of them? ...
    (microsoft.public.development.device.drivers)
  • Re: QoS in Wi-Fi driver and winsock
    ... Without any other propositions, I'm back with advise to use LSP, which parse ... and send data to your protocol driver which in turn send to miniport. ... > and pass the entire QoS struct to my driver. ... > LSP hook, a TC hook, or RSVPSP hook or all of them? ...
    (microsoft.public.win32.programmer.kernel)