发表新帖
发表新帖

How do I hook the TCP stack in Windows to sniff and modify packets?

后端 未结
关注
7 1272
没有蜡笔的小新
没有蜡笔的小新 2021-01-31 22:44

I\'d like to write a packet sniffer and editor for Windows. I want to able to see the contents of all packets entering and leaving my system and possibly modify them. Any lang

相关标签:
7条回答
  • 情深已故
    2021-01-31 23:01

    C# code to do this is here

    0 讨论(0)
  • 没有蜡笔的小新
    2021-01-31 23:01

    There's a question you need to ask which you don't know you need to ask; do you want to know which applications sockets belong to? or are you happy to be restricted to the IP:port quad for a connection?

    If you want to know applications, you need to write a TDI filter driver, but that makes handling the receive almost impossible, since you can't block on the receive path.

    If you're happy with IP:port, go in at the NDIS level, and I believe you can block on receive to your hearts content.

    A word of warning; if you have no prior kernel experience, writing either of these drivers (although TDI is significantly harder) will take about two years, full time.

    0 讨论(0)
  • 渐次进展
    2021-01-31 23:15

    this:

    TdiFw is a simple TDI-Based Open Source Personal Firewall for Windows NT4/2000/XP/2003

    http://tdifw.sourceforge.net/

    may help you

    0 讨论(0)
  • 陌清茗
    2021-01-31 23:16

    I'm pretty sure you'd need to write a filter driver. http://en.wikipedia.org/wiki/Filter_driver I don't know much more than that :). It would definitely be a C/C++ Win32 app and you'd likely being doing some kernel side work. Start by downloading the DDK and finding some of the sample filter drivers.

    If you just want to monitor what goes in and out of IIS, consider an ISAPI filter. Still C/C++ in Win32, but relatively easier than writing a device driver.

    0 讨论(0)
  • 迷失自我
    2021-01-31 23:16

    I actually did this, several years ago. I'm hazy on the details at this point, but I had to develop a filter/pass-thru/intermediate driver using the Windows DDK. I got a lot of good information from pcausa. Here's a url which points to their product that does this: http://www.pcausa.com/pcasim/Default.htm

    0 讨论(0)
  • 渐次进展
    2021-01-31 23:22

    If you're doing this for practical reasons, and not just for fun, then you should take a look at Microsoft Network Monitor. The home page talks about the version 3.3 beta, but you can download version 3.2 from the Downloads page. There is also an SDK for NM, and the ability to write parsers for your own network protocols.

    0 讨论(0)
 看不清?
提交回复
热议问题