10-11-2024 03:13 AM
I am looking for C++ code to read and send frames directly from/to NIC. I don’t want the gram to reach the window network kernel.
10-11-2024 03:19 AM - edited 10-11-2024 03:20 AM
10-11-2024 03:25 AM
As far as I know, Wireshark take a copy of the packet. The packets will keep going to windows network kernel.
what I want is to redirect all the received frames to my code similar to what firewall does.
10-11-2024 03:35 AM - edited 10-11-2024 03:50 AM
@Abushaar wrote:
As far as I know, Wireshark take a copy of the packet. The packets will keep going to windows network kernel.
what I want is to redirect all the received frames to my code similar to what firewall does.
It is a hard task, you have to develop something like NDIS Intermediate Driver to hook on the traffic. May be it will be more simple to capture packets before Windows Firewall (I guess NPcap shall be able to do that as long as Wireshark can), and then simply block traffic with standard Windows Firewall as you like. Alternative approach is to make something like proxy, if the sender and receiver can be configured to use different ports, then you can communicate with both and stay in the middle like client/server, then block or not the packets depend on your rules. This can be simply done in LabVIEW.
10-11-2024 04:20 AM
Thank you for your reply. Capture packet is fine to me. But does NPcap intercept the packet or just take a copy(sniffing) of the packet? I don’t want the packet to reach window network Kernel.
10-11-2024 05:27 AM
@Abushaar wrote:
Thank you for your reply. Capture packet is fine to me. But does NPcap intercept the packet or just take a copy(sniffing) of the packet? I don’t want the packet to reach window network Kernel.
As far as I can see on internet - no, the Pcap will take a copy, but will not block packets for further propagation, here you need to design and develop your own driver, act as self-made firewall. But here we are at a very low level, this is not related to LabVIEW at all.
10-11-2024 06:28 AM
At this stage, using an Ethernet IPCore from Xilinx and trying to do it on FPGA might even be easier.....
10-11-2024 08:38 AM
@Intaris wrote:
At this stage, using an Ethernet IPCore from Xilinx and trying to do it on FPGA might even be easier.....
I would echo that. Basically you need to write a NDIS filter driver. This is basically a kernel device driver. Good fun to debug! Not! This is very specialistic work. The NPCap filter driver is basically one such thing, except it does of course just intercept packets in order to be able to sniff on them, not stop them. You could take the NPCap source code and modify it.
But! Writing (and even modifying) device drivers is a serious low level business! It starts with setting up the compile tool chain to create device drivers, goes further with getting such drivers installed in the system that one can actually debug them, then getting a valid code signing certificate to sign the driver binary. Without signing a device driver binary with a valid (read commercial) certificate that costs money, Windows 10 and newer will simply refuse to load such a driver unless you set it into a special debug mode. How many man months can you spend on this?