I have always wondered how software firewalls work under the covers, and would like to be able to write my own custom tools to analyze or intercept packets before they are sent or received by the OS. I'm fairly acquainted with core networking principles; I just have no clue where to start if I want to write software that fits inside the networking stack similar to the way firewalls do. Could anyone give me some pointers?
I would be especially interested if this can be accomplished using C#, but I can do other languages too. I am mainly focusing on Windows, but would like to know if there were any cross-platform libraries out there as well.
EDIT Using an NDIS driver (as Wireshark does) sounds like a good option, and Vista's packet filtering capabilities sound neat, but how do firewalls do it, say, on Windows XP? They don't have to install a special driver that I know of.