<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2912" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>
<DIV><FONT face=Arial size=2>My 2 cents:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>You might use an already made NDIS IM driver, like
a passthru derivation, to block all packets to the routing
process.</FONT></DIV>
<DIV><FONT face=Arial size=2>I've once modified one of those to introduce
latency or drop specific packets. You can modify it so to drop "all".
</FONT></DIV>
<DIV><FONT face=Arial size=2>It works for packets going up the stack to App L7,
so it should also work for those being routed. </FONT><FONT face=Arial
size=2>The source code is here: <A
href="">http://www.wd-3.com/archive/ExtendingPassthru2.htm</A> </FONT></DIV>
<DIV><FONT face=Arial size=2>The hard topic is to ensure that Winpcap still
receives a copy of the packet before the "original" is dropped. That depends on
the Winpcap driver position in respect to the dropping driver.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>As an alternative, you have what u said on 1, u
forget about Winpcap for receiving packets, implement a copy-to-user-level
mechanism on the NDIS IM driver, and then use Winpcap only to send packets to
the destination Interface.</FONT></DIV>
<DIV><FONT face=Arial size=2>Anyway it might be a nice project
:-)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Good luck</FONT></DIV>
<DIV><FONT face=Arial size=2>Pedro Lucas</FONT></DIV>
<DIV><FONT face=Arial size=2>Team Netcount</FONT></DIV></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=ahsanaskari@gmail.com href="mailto:ahsanaskari@gmail.com">ahsan
askari</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, July 21, 2006 11:57
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] Want to get
original Packet!</DIV>
<DIV><BR></DIV>Hi,<BR><BR>I am developing a firewall application for my
dissertation. The idea is that my firewall application runs on system with two
network interfaces(via VMWARE). One is connected to the outside world and the
other one is connected to the internal network. My application has to capture
packets comming from outside for the internal network take some decisions and
forward it to the internal network or drop the packet. I am using winpcap for
capturing packets and I know that winpcap only gets a copy of the packet not
the original packet. But my idea was to disable routing on the machine running
my application so that even if kernel has the original copy of the packet it
can't deliver it to the internal network. But the problem is that after doing
every thing i.e disable routing and deleting the route of the internal network
from application running host, the kernel stills delievers it to the
destination. <BR><BR>1. My question is Could anyone please tell me an easy way
to capture the original packet from the network ? <BR>2. Do I have to write a
NDIS driver to do the above task ? (I am afraid doing this because I haven't
done any driver development before)<BR><BR>Please let me know because I don't
have much time.<BR><BR>Thank you <BR>Ahsan <BR>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>