[Winpcap-users] Pulling Actual Packets
Guy Harris
guy at alum.mit.edu
Tue Jul 29 17:23:24 GMT 2008
On Jul 29, 2008, at 7:28 AM, Ammar Asi wrote:
> I want to build an application which captures incoming and outgoing
> packets, modifies them and then release the packets, so that the
> packets sent to destination are different from the original ones. Is
> it possible to implement using Winpcap ?
No.
> I have seen the packet capturing example given in the winpcap
> tutorial, and i think it just copies the packets to the application
> - it does not pull the actual packets. Is it so ?
Yes. That's what it is intended to do, and what it is designed to do;
libpcap (and the underlying UN*X mechanisms it uses) and WinPcap are
for use in applications that either
1) passively capture network traffic (network analyzers, intrusion
detection systems, etc.)
and
2) applications that implement, in userland, protocols not
implemented in the OS's networking stack.
They're not for applications that insert themselves into the OS's
networking stack and modify incoming and outgoing packets; they would
have to use different mechanisms to do that, and would be useless for
their original purpose (passively capturing network traffic) if they
did.
More information about the Winpcap-users
mailing list