Forum Replies Created
-
Posts
-
Since this is a virtual network interface you can’t connect two systems with it, but you can emulate the connection between two VirtNet adapters with WinpkFilter. However, you will need some real transport between you computers (another network adapter, direct cable connection, bluetooth or etc…)
1. How can we redirect the ip which is browsing the restricted websites to the desired page. Though our program blocks the website but it is unable to redirect the page.
You can’t redirect connections using existing LNM API, it would require an additional kernel level extension. Actually redirects are far easier implemented using WinpkFilter.
2. We connected two PC via LAN wire and gave internet connection to one of them(gateway). We are accessing the internet on another PC via the previous one. But the data of the non-gateway PC is encrypted and hence we are unable to monitor its requests.
The only correct way I can see is installing your software on gateway system and monitoring the Internet connection with WinpkFilter. LNM API does not have access to the routed packets.
How do other people get these files?
Commercial licenses of WinpkFilter are also available and do include all required redistributables.
Quote from WinpkFilter run-time license:
WinpkFilter 3.0 Runtime Libraries is provided as freeware for private (non commercial), or educational (including non-profit organization) use.It may not be distributed for profit, nor may it be included in products or otherwise distributed by commercial entities to their clients or customers without the prior written permission of the author.
So basically WinpkFilter run-time is not supposed to be used for creating redistributable WinpkFilter based software and therefore does not install all redistributable components.
What’s about your WinpkFilter – Framework?
WinpkFilter operates at the NDIS level and can’t associate packet with PID without any additional information.
I just saw your Local Network Monitor API, that seems to be the right stuff?
You are right, Local Network Monitor API can be used for this.
but,I don’t know whether NeT Firewall is a Stateful-inspection firewall
Yes, it is stateful inspection firewall 8)
I have checked your software configuration and I would say that you have a pretty large amount of various low level network software and among other things there is neofltr_600_12507 Juniper Networks TDI Filter Driver (NEOFLTR_600_12507). This can be a reason for software conflict. As you may noticed we try to fix incompatibilities with 3rd party TDI filters (like the latest 2.2.5 release was relative to compatibility with TDI filter from McAfee). Of course the best approach would taking a fresh OS installation and adding software until the problem appears.
Looks like some sort of software conflict. Please e-mail winmsd output to support(at)ntkernel.com, it may shed some light.
I know at least several widely used software products which use LNM engine. At least one of them is used for database monitoring. So I would say this is realistic.
Try using Local Network Monitor to avoid the possibility that you use incorrect filters combination.
I can see only two possibilities:
1) Incorrect set of filters loaded
2) Software conflict with some third party firewall applicationIt is difficult to say what was the exact reason. To avoid software conflict possibility I would recommend running the same configuration on the freshly installed OS without firewall/anti virus software because the last one can include own TDI filter which interfere LNM.
DWORD is defined as unsigned long which is a different type than unsigned int. Although both types has the same implementation (32 bit unsigned value) in MS Windows compiler generates an error.
You have two options to resolve this:
1) Change your thread function definition
2) Explicitly type cast the function pointer
