Reply To: Need to know what application is associated with a packet

Home Forums Discussions Support Portal Need to know what application is associated with a packet Reply To: Need to know what application is associated with a packet

#5469

Vadim Smirnov
Moderator

I need this solution for 98 as well. But Localhost Minitor API is for NT platform. Can you please sugesst a solution for all windows platform.

You can also create TDI filter driver for Windows 9x/ME. An example sample code for Windows 9x/ME TDI filter driver can be found in the VToolsD (part of SoftIce Driver Suite and Driver Studio products from http://www.compuware.com) samples.

Another solution is LSP, it’s a user mode DLL which installed as proxy between Winsock interface and Winsock Service Provider. Please, read MSDN for the details.

I know the DNS requests. But I dont know how to redirect any request to some other domain/IP. Can you please be more specific about this. This redirection has to be done on between MSTCP table and application or in between Network Adeptor and MSTCP? I can drop the connection while reading the MSTCP based on IP or other filter but dont know how to redirect this.

Here are two ways:
1) Intercept DNS request packet, parse the content and check if it queries information for the domain you would like to forbid access. If it is then just drop this packet, system will fail to resolve IP for the domain and it will be unable to connect that host. Blocking can be also done for DNS response packet.
2) Intercept DNS response, check if it is for the domain you would like to forbid access. If it is then modify IP address information (to the host you would like to redirect to) and pass packet to the stack. On this way you cheat system with your redirect IP address and it will try to connect specified IP (you can place a web-page there like “Access to this site is restricted” or something).