[kf]

hm okay thx. how works the winpkfilter, for setting up the SEND / Received message?

and what do you think, how many packets are an overflow from the local mac if i capture theses by it

[kf]

i found the answer!.

unsigned short length = ntohs(pIpHeader->ip_len) - ( pIpHeader->ip_hl*4 + pTcpHeader->th_off*4);

can someone say yes or no? 😀

[kf]

ok thx. i think i got it.

[kf]

Hm okay, would try some things. Big thx for you help.

Last-Question:
How can i modify the destination MAC?

In addition to IP address you also have to change the destination MAC

[kf]

Okay thx.

The IP-Header stores the source and destination ip and port. if i capture a specific IP-Address (e.g. 66.127.13.23) and want to redirect the request over a proxy i change the destination ip to my proxy ip-address.

But how does the proxy know, where the ip-packages should be sent? The original ip (here 66.127.13.23) is at the proxy not available?

[kf]

Maybe i’ve the problem:

in may case i modify the ip-header – i change the destination requested IP (e.g. google.de) to my proxy(192.168.1.8).
In that case i delete the orginal destination IP and the proxy do not know where the packages should be sent…..

hmm.. Ok. But how can i say, that the package should first be sent to an other IP? (And how can i keep the orginal destionation IP?

[kf]

Okay it works fine! Thx. That link was very helpful:
http://www.ntndis.com/forum/viewtopic.php?p=917&sid=d5925c2d83c622468d49c84caca81b75
http://www.ntkernel.com/forum/viewtopic.php?t=550&highlight=check+cheque+sum

So my last question (problem):

If i use the RecalculateIPChecksum() without changing the ip-address, the packages are droped in the pipeline?

RecalculateIPChecksum( &PacketBuffer );

Next, How can i enter an ip-adress? (to: pIpHeader->ip_dst)
e.g. 192.168.1.9 ?

[kf]

I’ve found the source-code fore a new checksum.

Can i change the ip-address(es) and recompute the checksum is that everything i need?

::ZeroMemory( &pIpHeader->ip_dst, sizeof(in_addr));

::ZeroMemory( &pIpHeader->ip_src, sizeof(in_addr));



::RecalculateTCPChecksum( &PacketBuffer );

hmm whats wrong?

[kf]

The Source-code download requires an username & password ? 🙄

[kf]

Hm, thx. That is an empty url?

EDIT: Sry the url is perfect 🙂

[kf]

Hm… i tried to remote all destination informations like:

::ZeroMemory( &pIpHeader->ip_dst, sizeof(in_addr));

but the messages archive the goals?

Any ideas? 🙄

[kf]

Okay thx for that information.

PS:
Hm i’ve tested that for MySQL(port 33056) and posgreSQL (port: 5433). The packages from postgreSQL couldn’t be captured, but the messages from mysql are captured perfectly 🙄

[kf]

Wow – Big thanks for help!!!! 😛

[kf]

Now i’ve tested the software…. and i have to say its a very good software, good job 🙂

How can i filter packages from port 123 and how can i block it (that these packages do not archive its destination program?)

[kf]

I tried to compile the MVC++ Sample Source-Code:

But i still geht current error:

1>Compiling...

1>PacketSniffer.cpp

1>StdAfx.cpp

1>Generating Code...

1>Compiling manifest to resources...

1>Linking...

1>PacketSniffer.obj : error LNK2019: unresolved external symbol "__declspec(dllimport) public: __thiscall CNdisApi::CNdisApi(wchar_t const *)" (__imp_??0CNdisApi@@QAE@PB_W@Z) referenced in function "void __cdecl `dynamic initializer for 'api''(void)" (??__Eapi@@YAXXZ)

I’ve added the ndisapi.lib and the DLL is in the right directory 🙄

PS: I solved that problem – you have to change the “Character Set” in the project settings. 🙂

[Author]

Posts