Winpcap does not filter anything. It is implemented as an NDIS protocol driver, which gets a copy of packets received, and get send packets. It cannot prevent any packet from being transmitted.
If you want to do that, you have to modify (quite heavily) the driver source in order to implement an NDIS intermediate driver rather than a protocol driver. It will look like an adapter to protocol drivers, and like a protocol to adapters, and can do whatever it wants in between. But everything would happen in kernel mode, which can really be a pain :-( Jacques. At 17:14 29/07/2002, Adam Zeldis wrote: >So then it is possible? How about this: Filtering ALL outgoing packets, >and then re-sending the ones not containing the specified string...the ones >that do contain it will get edited and then resent. > >Thanks for any input. >Adam > >----- Original Message ----- >From: nergim >To: [EMAIL PROTECTED] >Sent: Monday, July 29, 2002 6:39 AM >Subject: Re: [WinPcap-users] "On the fly" Packet Editing > > >Packets you are sniffing is already on the line, hence you must do something >very tricky to avoid this. >----- Original Message ----- >From: Adam Zeldis >To: [EMAIL PROTECTED] >Sent: Monday, July 29, 2002 10:57 AM >Subject: [WinPcap-users] "On the fly" Packet Editing > > >I am rather new to development with Winpcap, as well as packet-based >development in general. > >What I was wondering is this: Is it possible, with winpcap, to write a >program that would check each outgoing packet for a specified string, and if >it contained that string, the packet would then be edited to contain another >string of the same length and the packet would still be sent as though >nothing had happened? Please let me know if this is feasible with winpcap. >If it isn't what would I need in order to do it? > >Thanks much. >Adam >[EMAIL PROTECTED]
