A question for a networking guru………..

Home Forums Discussions General Discussion A question for a networking guru………..

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #4862

    Hi All,
    I’m a student and I’m working on my degree work.
    I need that a Client IP application can send and receive data to/from a Server IP application. The problem is that the Client application believes the Server application is located on a different machine when instead it is located on the same machine.
    This machine can’t have a network card. No adapters, No MAC addresses are available – It’s a requirement of my prof 🙁

    The problem is that the Client IP application only knows that the Server application is available on “IP_X:Port_X” (where IP_X is a valid internet address). I need to develop an application, called “Interceptor”, able to pick up the connection that the Client application attempts to do with “IP_X:Port_X” and reroute it to “” where the Server application is available.

    How can I develop my “Interceptor” application??????????????

    If someone is able to help me, since I don’t have much money, I will do a bank transfer to him to buy a big Pizza.

    Vadim Smirnov

    Is it possible to use virtual network interface? Or even virtual NIC is not allowed? In the last case you have the only choice – TDI filter driver.


    You can use instead TDI driver LSP (layerd service provider).


    My application has to do probably something more that reroute packets. I try to explain better what I have to do and how I want to solve the problem.

    intercept data that an application sends and redirect the payload to a localhost server. Read also destination address and port. A user could enable/disable add/remove a device closing in this way the application socket

    My solution:

    The following is what I would like to do.

    1 – intercept when an application A1 wants to open a socket to an address IP_X:Port_X

    2 – open a socket S1 with my localhost server LHS on port PS

    3 – read socket informations (address IP_X:Port_X) and send the payload to LHS port PS

    5 – LHS responds to the application and the comunication continues. I’ll start with a single application.

    A) I think my application needs to intercept the flow at a high level because a user could enable/disable add/remove a device closing in this way the socket. Operating system should see always the same device connected or no device at all(I prefer).
    B) I’ve not to implement something like NAT, because no tcp packet is formed and data flows inside the socket I’ve redirected.

    Please, tell me if you agree with my steps or you see a simplier way/errors.

    About the implementation, I’ve no experience on windows networking programming. Referring to image in
    I ‘ve seen that two solutions could be Transport Data Interface Filter Driver (TDI Filter) or Layered Service Provider (LSP)

    I’ve read that LSP is simplier so I’ve found in windows sdk an example (winsock/lsp). The readme.txt file reports that

    This code sample illustrates a Winsock 2 layered service provider (LSP).
    An LSP is a method of inserting a layer between the Winsock 2 API and
    applications. This is achieved by creating a DLL which implements the
    entire set of Winsock provider functions.
    There are two types of LSPs.
    1- The first type is known as a base provider.
    A base provider exposes access to a protocol (such as TCP/IP). Not only
    does it require a user mode DLL which implements the WSP functions but
    it also requires a kernel mode component which communicates with the
    underlying protocol driver (usually via the TDI interface – consult
    the DDK for TDI information).
    2-The other type of LSP is the type we mentioned in the first paragraph.
    It is a layer that lies above a base provider which is what this sample
    is. You can install this LSP above any installed base provider. Microsoft
    operating systems ship with a variety of base providers such as
    ‘MSAFD Tcpip [TCP/IP]’ (the TCP/IP provider). You can even install this
    LSP over other installed LSPs.”
    – I think that referring to ndis.com, sdk’s LSP1 is winsock replacement method and LSP2 is as in ndsi.com
    – As reported in ndis.com, with winsock replacement I could have some trouble for future installations, but this is not a problem for me.

    Have you any suggestion to me?
    If I am not wrong, SerpentFly suggests me to use a TDI Filter, while Taras a LSP2 as reported above. What do you think about winsock replacement(LSP1)?
    Thank you in advance.

    Vadim Smirnov

    LSP is user mode solution, but TDI is kernel one. So, LSP is much more easier way. I don’t think that you should intercept clients who work with TDI directly, so probably LSP fits you.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.