Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 856 through 870 (of 1,486 total)
  • Author
    Posts
  • in reply to: Some questions about the Samples #6787
    Vadim Smirnov
    Keymaster

      1- In m_ValidFields in static filters, there are only 3 predescribed values Data_Link_Layer_Valid, Networ_Link_Layer_Valid and Transport_Link_Layer_Valid which they are 1, 2 and 4 respectively.
      But sometimes it is set to 0, especially to pass all packets. What does 0 means?

      It means that none of the validity fields is defined.

      2- Why the network mask is 255.255.255.255? It was used when access to http://www.ntkernel.com website was blocked.

      To block the particular IP address. If you use another mask you may block more than single IP.

      3- How can I know how many packets been dropped?

      All filters gather statistics of the packets for which filter did the action. You can query this statistics using API.

      in reply to: Installing Winpkfilter for VISTA #6782
      Vadim Smirnov
      Keymaster

        snetcfg is shipped in source code to all WinpkFilter licensees.

        in reply to: Got build error on VC project #6774
        Vadim Smirnov
        Keymaster

          Looks like ndisapi.lib still does not link into your application for some reason…

          in reply to: WinpkFilter start up #6775
          Vadim Smirnov
          Keymaster

            You have to start from PassThur sample.

            For the authorized users you just pass packet through. When you detect HTTP GET request from unauthorized user you should generate HTTP redirect response packet. Since you pass all network packets through your application you can easily inspect/modify the traffic flow.

            in reply to: WinpkFilter and Windows 7 #6776
            Vadim Smirnov
            Keymaster

              Current version f WInpkFilter installer does not recognize Windows 7, but you can install WinpkFilter drivers manually. It works just fine.

              in reply to: virtual MACs from NDIS_WAN_LINE_UP/NDIS_WAN_LINE_DOWN #6766
              Vadim Smirnov
              Keymaster

                WinpkFilter 3.0.4 does not support this feature. Although it was added in the development version and available to WinpkFilter customers. The new added API allows to retrieve the information about currently active WAN connections. Structures for getting this information are defined as the following:

                typedef
                struct _RAS_LINK_INFO
                {
                #define RAS_LINK_BUFFER_LENGTH 1024
                ULONG LinkSpeed; // Specifies the speed of the link, in units of 100 bps.
                // Zero indicates no change from the speed returned when the protocol called NdisRequest with OID_GEN_LINK_SPEED.
                ULONG MaximumTotalSize; // Specifies the maximum number of bytes per packet that the protocol can send over the network.
                // Zero indicates no change from the value returned when the protocol called NdisRequest with OID_GEN_MAXIMUM_TOTAL_SIZE.
                UCHAR RemoteAddress [ETHER_ADDR_LENGTH]; // Represents the address of the remote node on the link in Ethernet-style format. NDISWAN supplies this value.
                UCHAR LocalAddress [ETHER_ADDR_LENGTH]; // Represents the protocol-determined context for indications on this link in Ethernet-style format.
                ULONG ProtocolBufferLength;// Specifies the number of bytes in the buffer at ProtocolBuffer
                UCHAR ProtocolBuffer [RAS_LINK_BUFFER_LENGTH]; // Containing protocol-specific information supplied by a higher-level component that makes connections through NDISWAN
                // to the appropriate protocol(s). Maximum size is 600 bytes (on Windows Vista)
                } RAS_LINK_INFO, *PRAS_LINK_INFO;

                typedef
                struct _RAS_LINKS
                {
                #define RAS_LINKS_MAX 256
                ULONG nNumberOfLinks;
                RAS_LINK_INFO RasLinks[RAS_LINKS_MAX];

                } RAS_LINKS, *PRAS_LINKS;
                in reply to: Admin!happy new year from lovepkfilter #6768
                Vadim Smirnov
                Keymaster

                  Thanks. Happy New Year to you too!

                  I’ve been a bit overloaded last time. Need to find some free time to complete the new release. Hopefully in March.

                  in reply to: How to know the captured package belong to which process? #6771
                  Vadim Smirnov
                  Keymaster

                    You can use IP helper API to query current active connections table and match your packet against this table using IP address and port information you have. Since Windows XP connections table contains process ID. Another way is using LSP or TDI filter driver.

                    in reply to: Getting Payload with Delphi #6773
                    Vadim Smirnov
                    Keymaster

                      Most probably there is something wrong with structures definitions. Or you may be trying to process non TCP packet.

                      in reply to: Using VirtNet HELP !!! #6621
                      Vadim Smirnov
                      Keymaster

                        How do you expect to use VirtNet?

                        in reply to: The MSVC filter example and wireless network. #6764
                        Vadim Smirnov
                        Keymaster

                          All samples are ok for WiFi.

                          in reply to: The default filter question #6763
                          Vadim Smirnov
                          Keymaster

                            Yes, you are right.

                            in reply to: SetPacketFilterTable question #6762
                            Vadim Smirnov
                            Keymaster

                              Yes, sure you can. Old table is dropped and new one is set.

                              in reply to: DELPHI PACKET MANIPLATION AND ROUTING #6737
                              Vadim Smirnov
                              Keymaster

                                Under “using MSTCP default behavior” I mean that you may modify incoming/outgoing packets and let TCP/IP route them. Like in case of NAT, WIndows TCP/IP stack by default routes packets coming from LAN into default gateway interface (connected to the Internet). To implement NAT you can only capture packets from external (Internet connected) network interface:
                                – For outgoing packets change source IP address to Internet interface assigned one and port allocated/according NAT table
                                -For incoming packets change destination IP/port according NAT table

                                This way you use Microsoft TCP/IP routing and don’t have to implement it on your own.

                                Is that clear now?

                                in reply to: DELPHI PACKET MANIPLATION AND ROUTING #6735
                                Vadim Smirnov
                                Keymaster

                                  Internet Gateway is only available in C++.

                                  PassThru is basic packet filtering sample.

                                  Under MSTCP I mean Microsoft TCP/IP stack implementation. You don’t have to use it from your application, but you can use its default behavior to solve the routing task.

                                Viewing 15 posts - 856 through 870 (of 1,486 total)