Forum Replies Created
-
AuthorPosts
-
hm okay thx. how works the winpkfilter, for setting up the SEND / Received message?
and what do you think, how many packets are an overflow from the local mac if i capture theses by it
i found the answer!.
unsigned short length = ntohs(pIpHeader->ip_len) - ( pIpHeader->ip_hl*4 + pTcpHeader->th_off*4);
can someone say yes or no? π
ok thx. i think i got it.
Hm okay, would try some things. Big thx for you help.
Last-Question:
How can i modify the destination MAC?In addition to IP address you also have to change the destination MAC
Okay thx.
The IP-Header stores the source and destination ip and port. if i capture a specific IP-Address (e.g. 66.127.13.23) and want to redirect the request over a proxy i change the destination ip to my proxy ip-address.
But how does the proxy know, where the ip-packages should be sent? The original ip (here 66.127.13.23) is at the proxy not available?
Maybe i’ve the problem:
in may case i modify the ip-header – i change the destination requested IP (e.g. google.de) to my proxy(192.168.1.8).
In that case i delete the orginal destination IP and the proxy do not know where the packages should be sent…..hmm.. Ok. But how can i say, that the package should first be sent to an other IP? (And how can i keep the orginal destionation IP?
Okay it works fine! Thx. That link was very helpful:
http://www.ntndis.com/forum/viewtopic.php?p=917&sid=d5925c2d83c622468d49c84caca81b75
http://www.ntkernel.com/forum/viewtopic.php?t=550&highlight=check+cheque+sumSo my last question (problem):
If i use the RecalculateIPChecksum() without changing the ip-address, the packages are droped in the pipeline?
RecalculateIPChecksum( &PacketBuffer );
Next, How can i enter an ip-adress? (to: pIpHeader->ip_dst)
e.g. 192.168.1.9 ?I’ve found the source-code fore a new checksum.
Can i change the ip-address(es) and recompute the checksum is that everything i need?
::ZeroMemory( &pIpHeader->ip_dst, sizeof(in_addr));
::ZeroMemory( &pIpHeader->ip_src, sizeof(in_addr));
::RecalculateTCPChecksum( &PacketBuffer );
hmm whats wrong?
The Source-code download requires an username & password ? π
Hm, thx. That is an empty url?
EDIT: Sry the url is perfect π
Hm… i tried to remote all destination informations like:
::ZeroMemory( &pIpHeader->ip_dst, sizeof(in_addr));
but the messages archive the goals?
Any ideas? π
Okay thx for that information.
PS:
Hm i’ve tested that for MySQL(port 33056) and posgreSQL (port: 5433). The packages from postgreSQL couldn’t be captured, but the messages from mysql are captured perfectly πWow – Big thanks for help!!!! π
Now i’ve tested the software…. and i have to say its a very good software, good job π
How can i filter packages from port 123 and how can i block it (that these packages do not archive its destination program?)
I tried to compile the MVC++ Sample Source-Code:
But i still geht current error:
1>Compiling...
1>PacketSniffer.cpp
1>StdAfx.cpp
1>Generating Code...
1>Compiling manifest to resources...
1>Linking...
1>PacketSniffer.obj : error LNK2019: unresolved external symbol "__declspec(dllimport) public: __thiscall CNdisApi::CNdisApi(wchar_t const *)" (__imp_??0CNdisApi@@QAE@PB_W@Z) referenced in function "void __cdecl `dynamic initializer for 'api''(void)" (??__Eapi@@YAXXZ)
I’ve added the ndisapi.lib and the DLL is in the right directory π
PS: I solved that problem – you have to change the “Character Set” in the project settings. π
-
AuthorPosts