问题
How can i filter (allow, deny etc) outgoing packets in Windows? I want to search in TCP or UDP packet types to find in the data segment for example this "387602304fd236e048125453b1fa10c980e9dad4fa7f3f5dd2497c2e8b2b" and drop/block/deny the packet, if it matches the search hex string. I have already tried WIPFW and PKTFILTER but they only serve IP source, dest, port etc filtering. They don't inspect the packet's data. I think Berkeley Packet Filter doe's that job, but it's for unix...
回答1:
Here is some to filter packet in windows:
WinDivert Free open source project work on Windows 7, 2008 or upper. network layer.
WinpkFilter 3.0 Commercial, Windows XP and upper. datalink layer
pcausa, Commercial. datalink layer
Windows Filtering Platform Packet Modification Sample A sample to create callout driver that WinDivert use, you should now to implement kernel driver. network layer.
回答2:
you can use SmartSniff in windows.
Starting from version 1.10, you can filter unwanted TCP/IP activity during the capture process (Capture Filter), or when displaying the captured TCP/IP data (Display Filter)
回答3:
You want application level filtering then, (just changing the payload). If you want to be able to drop, I know you can hook into Winsock, which will allow you to capture packets as they go out and set up a filter there. Windows seven also added to their firewall, so you could use that API to grab outbound packets; I'm not sure if it will allow you to specifically alter the payload data, though.
来源:https://stackoverflow.com/questions/4978721/packet-filtering-in-windows-xp-7-etc