How to intercept IP packet from an application ???

G

Guest

I actually need to develop a Firewall.
What i want to do is intercept all the IP packets generated by an
application running in the same machine as my firewall application. Do you
know how to intercept the IP packets. Thank you very much for your help !
 
K

Kevin Spencer

What you want to develop is basically called a "packet sniffer." It monitors
TCP packets on a network, or on a particular machine, and it's not an easy
app to write. Depending on your needs, you may be able to write a client for
the WinPCap public access software library. See http://www.winpcap.org/.

Another alternative is to use another packet-sniffing library, of which
there are several, some even for .Net. See:

http://www.google.com/search?hl=en&q=.Net+packet+sniffer

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Development Numbskull

Nyuck nyuck nyuck
 
G

Guest

Thank you Kevin for your fast response. I have another question regarding
intercepting IP packet from a specific process. Is it feasible to intercept
all the IP packet from an identified process, for exemple all the Skype
processes that are currently running in the machine.

Thank you
 
G

Goran Sliskovic

simtouch said:
Thank you Kevin for your fast response. I have another question regarding
intercepting IP packet from a specific process. Is it feasible to intercept
all the IP packet from an identified process, for exemple all the Skype
processes that are currently running in the machine.

Thank you
Click to expand...
....

Hi,
If you need only to monitor packets, not to actually drop or modify,
there is a C# sample available at:

http://www.mentalis.org/soft/projects/pmon/

It's done through opening raw socket and setting socket IO control to
SIO_RCVALL. It's user mode approach, no drivers are necessary.

Regards,
Goran
 
G

Guest

Hello,

Actually, i need to modify the IP packet, is there any other solution for
that ?
Thanks for your help ...
 
G

Goran Sliskovic

simtouch said:
Hello,

Actually, i need to modify the IP packet, is there any other solution for
that ?
Thanks for your help ...
Click to expand...
....

I think you'll need kernel mode driver for that (.NET is not an option
for that). Check winpcap library, maybe they have something (not sure,
it used to be only capture library last time I checked).

Regards,
Goran
 
S

Saad Rehmani

simtouch,

I don't think this can be achieved using the CLR libraries.

What part of the packet are you trying to modify?

If you're just trying to wrap the data or modify source / destination headers,
I'd search for a NAT solution that's written in .NET (i doubt there is one),
it should help you get closer.

I think other people have mentioned this before, but i'll say it anyways.
This isn't an easy undertaking.

Good luck,
 
K

Kevin Spencer

I thought you were developing a Firewall. A Firewall doesn't modify packets.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Development Numbskull

Nyuck nyuck nyuck
 
G

Guest

Actually, i want to add a QoS functionnality to the firewall, i want to mark
the IP packet and change the DS byte (formerly call TOS Byte).
Thank you ...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Catch Flash applications ip transmissions 4
WCF Solution 1
Send UDP packet From Server to Client over internet 0
Socket Bind(virtual IP) LocalEndpoint 1
How do the TCP/IP Stack and a Packet Filter work together? 1
How to intercept what HttpWebRequest sends? 5
Intercept key from an unfocus application 1
Warning: Facebook Packet Sniffer 3

Top