winpcap能截包转发吗,该如何处理
winpcap能截包转发吗
我要达到截断包的效果,比如原来发给192.168.7.130的包转发到192.168.7.121去,192.168.7.130不收到包,winpcap能达到这个效果吗
如不能的话还有其他可以实现的方法吗
我知道ddk驱动可以实现,但是太复杂如果只有这种方法的话请说一下要注意哪些问题,比如是不是win2000和win2003ddk不一样,不同硬件会不会有冲突,需不需要自己实现上层协议等。
------解决方案--------------------
The purpose of WinPcap is to give this kind of access to Win32 applications; it provides facilities to:
capture raw packets, both the ones destined to the machine where it 's running and the ones exchanged by other hosts (on shared media)
filter the packets according to user-specified rules before dispatching them to the application
transmit raw packets to the network
gather statistical information on the network traffic
What WinPcap can 't do
WinPcap receives and sends the packets independently from the host protocols, like TCP-IP. This means that it isn 't able to block, filter or manipulate the traffic generated by other programs on the same machine: it simply "sniffs " the packets that transit on the wire. Therefore, it does not provide the appropriate support for applications like traffic shapers, QoS schedulers and personal firewalls
What kind of programs use WinPcap
The WinPcap programming interface can be used by many types of network tools for analysis, troubleshooting, security and monitoring. In particular, classical tools that rely on WinPcap are:
network and protocol analyzers
network monitors
traffic loggers
traffic generators
user-level bridges and routers
network intrusion detection systems (NIDS)
network scanners
security tools
------解决方案--------------------
UPJF
学习
------解决方案--------------------
可以的
------解决方案--------------------
截断是不行的,如果同网段的话发给192.168.7.130的包仍然可以被192.168.7.130收到
虽然你可以转发到192.168.7.121,但是如果是TCP协议的话192.168.7.130如果回复消息,那么IP包的序号问题是不能解决的
你只是伪造了新的包,但你所产生出来的包与协议是不符的
------解决方案--------------------
engine.cqvip.com/content/tp/96730x/2004/017/012/gc116_tp5_11417610.pdf
------解决方案--------------------
blog.****.net/ggg82/archive/2005/06/20/398259.aspx
https://www.xfocus.net/bbs/index.php?act=ST&f=3&t=36181&page=2
------解决方案--------------------
不太清楚 呵呵 不过楼上说的应该对了
------解决方案--------------------
要在内核做,应用层收到包时已经发出去了
我要达到截断包的效果,比如原来发给192.168.7.130的包转发到192.168.7.121去,192.168.7.130不收到包,winpcap能达到这个效果吗
如不能的话还有其他可以实现的方法吗
我知道ddk驱动可以实现,但是太复杂如果只有这种方法的话请说一下要注意哪些问题,比如是不是win2000和win2003ddk不一样,不同硬件会不会有冲突,需不需要自己实现上层协议等。
------解决方案--------------------
The purpose of WinPcap is to give this kind of access to Win32 applications; it provides facilities to:
capture raw packets, both the ones destined to the machine where it 's running and the ones exchanged by other hosts (on shared media)
filter the packets according to user-specified rules before dispatching them to the application
transmit raw packets to the network
gather statistical information on the network traffic
What WinPcap can 't do
WinPcap receives and sends the packets independently from the host protocols, like TCP-IP. This means that it isn 't able to block, filter or manipulate the traffic generated by other programs on the same machine: it simply "sniffs " the packets that transit on the wire. Therefore, it does not provide the appropriate support for applications like traffic shapers, QoS schedulers and personal firewalls
What kind of programs use WinPcap
The WinPcap programming interface can be used by many types of network tools for analysis, troubleshooting, security and monitoring. In particular, classical tools that rely on WinPcap are:
network and protocol analyzers
network monitors
traffic loggers
traffic generators
user-level bridges and routers
network intrusion detection systems (NIDS)
network scanners
security tools
------解决方案--------------------
UPJF
学习
------解决方案--------------------
可以的
------解决方案--------------------
截断是不行的,如果同网段的话发给192.168.7.130的包仍然可以被192.168.7.130收到
虽然你可以转发到192.168.7.121,但是如果是TCP协议的话192.168.7.130如果回复消息,那么IP包的序号问题是不能解决的
你只是伪造了新的包,但你所产生出来的包与协议是不符的
------解决方案--------------------
engine.cqvip.com/content/tp/96730x/2004/017/012/gc116_tp5_11417610.pdf
------解决方案--------------------
blog.****.net/ggg82/archive/2005/06/20/398259.aspx
https://www.xfocus.net/bbs/index.php?act=ST&f=3&t=36181&page=2
------解决方案--------------------
不太清楚 呵呵 不过楼上说的应该对了
------解决方案--------------------
要在内核做,应用层收到包时已经发出去了