kf

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 19 total)
  • Author
    Posts
  • in reply to: detect Sent or received message? #6545
    kf
    Participant

      hm okay thx. how works the winpkfilter, for setting up the SEND / Received message?

      and what do you think, how many packets are an overflow from the local mac if i capture theses by it

      in reply to: Packet Length via ip_len failed? #6542
      kf
      Participant

        i found the answer!.


        unsigned short length = ntohs(pIpHeader->ip_len) - ( pIpHeader->ip_hl*4 + pTcpHeader->th_off*4);

        can someone say yes or no? πŸ˜€

        in reply to: IP-Adress Redirect? #6416
        kf
        Participant

          ok thx. i think i got it.

          in reply to: IP-Adress Redirect? #6414
          kf
          Participant

            Hm okay, would try some things. Big thx for you help.

            Last-Question:
            How can i modify the destination MAC?

            In addition to IP address you also have to change the destination MAC

            in reply to: IP-Adress Redirect? #6412
            kf
            Participant

              Okay thx.

              The IP-Header stores the source and destination ip and port. if i capture a specific IP-Address (e.g. 66.127.13.23) and want to redirect the request over a proxy i change the destination ip to my proxy ip-address.

              But how does the proxy know, where the ip-packages should be sent? The original ip (here 66.127.13.23) is at the proxy not available?

              in reply to: IP-Adress Redirect? #6410
              kf
              Participant

                Maybe i’ve the problem:

                in may case i modify the ip-header – i change the destination requested IP (e.g. google.de) to my proxy(192.168.1.8).
                In that case i delete the orginal destination IP and the proxy do not know where the packages should be sent…..

                hmm.. Ok. But how can i say, that the package should first be sent to an other IP? (And how can i keep the orginal destionation IP?

                in reply to: How to manage (Proxy) Re-Routing Packages? #6409
                kf
                Participant

                  Okay it works fine! Thx. That link was very helpful:
                  http://www.ntndis.com/forum/viewtopic.php?p=917&sid=d5925c2d83c622468d49c84caca81b75
                  http://www.ntkernel.com/forum/viewtopic.php?t=550&highlight=check+cheque+sum

                  So my last question (problem):

                  If i use the RecalculateIPChecksum() without changing the ip-address, the packages are droped in the pipeline?


                  RecalculateIPChecksum( &PacketBuffer );

                  Next, How can i enter an ip-adress? (to: pIpHeader->ip_dst)
                  e.g. 192.168.1.9 ?

                  in reply to: How to manage (Proxy) Re-Routing Packages? #6408
                  kf
                  Participant

                    I’ve found the source-code fore a new checksum.

                    Can i change the ip-address(es) and recompute the checksum is that everything i need?


                    ::ZeroMemory( &pIpHeader->ip_dst, sizeof(in_addr));
                    ::ZeroMemory( &pIpHeader->ip_src, sizeof(in_addr));

                    ::RecalculateTCPChecksum( &PacketBuffer );

                    hmm whats wrong?

                    in reply to: How to manage (Proxy) Re-Routing Packages? #6407
                    kf
                    Participant

                      The Source-code download requires an username & password ? πŸ™„

                      in reply to: How to manage (Proxy) Re-Routing Packages? #6406
                      kf
                      Participant

                        Hm, thx. That is an empty url?

                        EDIT: Sry the url is perfect πŸ™‚

                        in reply to: How to manage (Proxy) Re-Routing Packages? #6404
                        kf
                        Participant

                          Hm… i tried to remote all destination informations like:


                          ::ZeroMemory( &pIpHeader->ip_dst, sizeof(in_addr));

                          but the messages archive the goals?

                          Any ideas? πŸ™„

                          in reply to: WinpkFilter – capture local packages? #6400
                          kf
                          Participant

                            Okay thx for that information.

                            PS:
                            Hm i’ve tested that for MySQL(port 33056) and posgreSQL (port: 5433). The packages from postgreSQL couldn’t be captured, but the messages from mysql are captured perfectly πŸ™„

                            in reply to: TCP/IP Hook – Traffic observing for all IP’s #6396
                            kf
                            Participant

                              Wow – Big thanks for help!!!! πŸ˜›

                              in reply to: TCP/IP Hook – Traffic observing for all IP’s #6394
                              kf
                              Participant

                                Now i’ve tested the software…. and i have to say its a very good software, good job πŸ™‚

                                How can i filter packages from port 123 and how can i block it (that these packages do not archive its destination program?)

                                in reply to: TCP/IP Hook – Traffic observing for all IP’s #6393
                                kf
                                Participant

                                  I tried to compile the MVC++ Sample Source-Code:

                                  But i still geht current error:


                                  1>Compiling...
                                  1>PacketSniffer.cpp
                                  1>StdAfx.cpp
                                  1>Generating Code...
                                  1>Compiling manifest to resources...
                                  1>Linking...
                                  1>PacketSniffer.obj : error LNK2019: unresolved external symbol "__declspec(dllimport) public: __thiscall CNdisApi::CNdisApi(wchar_t const *)" (__imp_??0CNdisApi@@QAE@PB_W@Z) referenced in function "void __cdecl `dynamic initializer for 'api''(void)" (??__Eapi@@YAXXZ)

                                  I’ve added the ndisapi.lib and the DLL is in the right directory πŸ™„

                                  PS: I solved that problem – you have to change the “Character Set” in the project settings. πŸ™‚

                                Viewing 15 posts - 1 through 15 (of 19 total)