July 19, 2004 at 4:33 pm #4862
I’m a student and I’m working on my degree work.
I need that a Client IP application can send and receive data to/from a Server IP application. The problem is that the Client application believes the Server application is located on a different machine when instead it is located on the same machine.
This machine can’t have a network card. No adapters, No MAC addresses are available – It’s a requirement of my prof 🙁
The problem is that the Client IP application only knows that the Server application is available on “IP_X:Port_X” (where IP_X is a valid internet address). I need to develop an application, called “Interceptor”, able to pick up the connection that the Client application attempts to do with “IP_X:Port_X” and reroute it to “127.0.0.1:Port_X” where the Server application is available.
How can I develop my “Interceptor” application??????????????
If someone is able to help me, since I don’t have much money, I will do a bank transfer to him to buy a big Pizza.
***************************************July 19, 2004 at 4:55 pm #5591
Is it possible to use virtual network interface? Or even virtual NIC is not allowed? In the last case you have the only choice – TDI filter driver.July 21, 2004 at 6:40 am #5592
You can use instead TDI driver LSP (layerd service provider).July 21, 2004 at 3:54 pm #5593
My application has to do probably something more that reroute packets. I try to explain better what I have to do and how I want to solve the problem.
intercept data that an application sends and redirect the payload to a localhost server. Read also destination address and port. A user could enable/disable add/remove a device closing in this way the application socket
The following is what I would like to do.
1 – intercept when an application A1 wants to open a socket to an address IP_X:Port_X
2 – open a socket S1 with my localhost server LHS on port PS
3 – read socket informations (address IP_X:Port_X) and send the payload to LHS port PS
5 – LHS responds to the application and the comunication continues. I’ll start with a single application.
A) I think my application needs to intercept the flow at a high level because a user could enable/disable add/remove a device closing in this way the socket. Operating system should see always the same device connected or no device at all(I prefer).
B) I’ve not to implement something like NAT, because no tcp packet is formed and data flows inside the socket I’ve redirected.
Please, tell me if you agree with my steps or you see a simplier way/errors.
About the implementation, I’ve no experience on windows networking programming. Referring to image in
I ‘ve seen that two solutions could be Transport Data Interface Filter Driver (TDI Filter) or Layered Service Provider (LSP)
I’ve read that LSP is simplier so I’ve found in windows sdk an example (winsock/lsp). The readme.txt file reports that
This code sample illustrates a Winsock 2 layered service provider (LSP).
An LSP is a method of inserting a layer between the Winsock 2 API and
applications. This is achieved by creating a DLL which implements the
entire set of Winsock provider functions.
There are two types of LSPs.
1- The first type is known as a base provider.
A base provider exposes access to a protocol (such as TCP/IP). Not only
does it require a user mode DLL which implements the WSP functions but
it also requires a kernel mode component which communicates with the
underlying protocol driver (usually via the TDI interface – consult
the DDK for TDI information).
2-The other type of LSP is the type we mentioned in the first paragraph.
It is a layer that lies above a base provider which is what this sample
is. You can install this LSP above any installed base provider. Microsoft
operating systems ship with a variety of base providers such as
‘MSAFD Tcpip [TCP/IP]’ (the TCP/IP provider). You can even install this
LSP over other installed LSPs.”
– I think that referring to ndis.com, sdk’s LSP1 is winsock replacement method and LSP2 is as in ndsi.com
– As reported in ndis.com, with winsock replacement I could have some trouble for future installations, but this is not a problem for me.
Have you any suggestion to me?
If I am not wrong, SerpentFly suggests me to use a TDI Filter, while Taras a LSP2 as reported above. What do you think about winsock replacement(LSP1)?
Thank you in advance.July 21, 2004 at 4:36 pm #5594
LSP is user mode solution, but TDI is kernel one. So, LSP is much more easier way. I don’t think that you should intercept clients who work with TDI directly, so probably LSP fits you.
You must be logged in to reply to this topic.