views:

580

answers:

4

Hy folks,

I'm kinda new to low level networking. I need to intercepts all TCP/UDP packets and potentially filter or substitute them with new ones.

What would be the best way to intercept these packets and inject new one? I'm only targeting Windows platforms.

+1  A: 

Write a program that uses libpcap at TCPDump contains tons of API for messing with low-level networking

Aiden Bell
A: 

You can use tools like wireshark to intercept traffic.

If you planning to write a program which will do all this stuff , then you may need to go to driver level to intercept all traffic.

wireshark uses libpcap . I am not sure but that may help

Alien01
+1  A: 

You want WinPcap if you're on Windows. What you're going to need to do is intercept (and filter) packets with WinPcap and then write a program that does packet creation when/if you want it.

Sam DeFabbia-Kane
I heard that WinPcap allows to capture packet, but does it allow injection too?
Lotfi
It doesn't, but the WinPcap about page lists a command-line utility (Nemesis) and an API (Libnet) for injection.
Sam DeFabbia-Kane
+1  A: 

I want to develop a program, not just use a tool

This page has some references to other pages which introduce the network device driver architectures: NDIS Intermediate driver interface.

ChrisW