build a antispam/firewall

Home Forums Discussions General Discussion build a antispam/firewall

This topic contains 2 replies, has 2 voices, and was last updated by  oromano 11 years, 8 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #4997

    oromano
    Participant

    Hi,

    How do I get only pop3/smtp packets using winpkfilter? How do I decode raw packets to see the content? Where may I find more VB examples of using that?

    Regards,

    Romano

    #5981

    Vadim Smirnov
    Moderator

    How do I get only pop3/smtp packets using winpkfilter?

    You will get all packets with WinpkFilter but you can selectively process SMTP/POP3 packets. In order to implement this you have to parse packet headers (Ethernet, IP, TCP) and check source/destination ports for SMTP/POP3 ones (25/110).

    How do I decode raw packets to see the content? Where may I find more VB examples of using that?

    In C parsing is easy (typecasting to structures):

    pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;

    if ( ntohs(pEthHeader->h_proto) == ETH_P_IP )
    {
    pIpHeader = (iphdr*)(PacketBuffer.m_IBuffer + ETHER_HEADER_LENGTH);
    if (pIpHeader->ip_p == IPPROTO_TCP)
    {
    // This is TCP packet, get TCP header pointer
    pTcpHeader = (tcphdr*)(((PUCHAR)pIpHeader) + sizeof(DWORD)*pIpHeader->ip_hl);
    ....

    I’m not a VB expert but getting Ethernet header is shown in WinpkFilter VB samples, getting other headers should be very similar.

    #5982

    oromano
    Participant

    Anybody could help me to translate this to VB? Thanks in advance

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.