Re: c# sniffer filter

---

• From: enzeez <nospam@xxxxxxxxxxxxxxxxx>
• Date: Sat, 17 May 2008 13:38:50 +0530

---

Volodymyr M. Shcherbyna wrote:

Hello,

There are many ways of traffic interception. But in general, the most popular techniques are the following. In user mode: LSP component. In kernel mode: filters for TDI or NDIS layer.

For sure writing a device driver in C# is impossible [for now of course, Singularity is coming ;) ] . However, you can struggle with writing an LSP in C# and .NET framework. This will require much work on P/Invoke API functions and marshalling structures. I do not recommend to do it in managed environment. C++ and unmanaged world is more preferable way to solve this task. If your project is purely managed, you can take a look into direction of making a small C++ LSP which is communication with managed applications regarding the rules, etc.

Thank you, this solves my problem.
i 'll look into unmanaged c++ way.
.

---

• References:
  • c# sniffer filter
    • From: enzeez
  • Re: c# sniffer filter
    • From: Volodymyr M. Shcherbyna

• Prev by Date: Re: Problem with file copy over a LAN
• Next by Date: problems with WlanConnect()
• Previous by thread: Re: c# sniffer filter
• Next by thread: how can i programmatically enable /disable "File and printer shari
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: What driver i have to develope ... Maybe LSP in user mode with be enough for your? ... > 2) To filter URL's ... > What driver i have to develope? ... (microsoft.public.development.device.drivers) Re: WinSock function hook? ... Writing and debugging ... LSP would take a lot of time. ... you can simply hook import table of ... (microsoft.public.win32.programmer.networks)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.win32.programmer.networks  > 2008-05