build a antispam/firewall

Home Forums Discussions General build a antispam/firewall

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #4997
    oromano
    Participant

      Hi,

      How do I get only pop3/smtp packets using winpkfilter? How do I decode raw packets to see the content? Where may I find more VB examples of using that?

      Regards,

      Romano

      #5981
      Vadim Smirnov
      Keymaster

        How do I get only pop3/smtp packets using winpkfilter?

        You will get all packets with WinpkFilter but you can selectively process SMTP/POP3 packets. In order to implement this you have to parse packet headers (Ethernet, IP, TCP) and check source/destination ports for SMTP/POP3 ones (25/110).

        How do I decode raw packets to see the content? Where may I find more VB examples of using that?

        In C parsing is easy (typecasting to structures):

        pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;

        if ( ntohs(pEthHeader->h_proto) == ETH_P_IP )
        {
        pIpHeader = (iphdr*)(PacketBuffer.m_IBuffer + ETHER_HEADER_LENGTH);
        if (pIpHeader->ip_p == IPPROTO_TCP)
        {
        // This is TCP packet, get TCP header pointer
        pTcpHeader = (tcphdr*)(((PUCHAR)pIpHeader) + sizeof(DWORD)*pIpHeader->ip_hl);
        ....

        I’m not a VB expert but getting Ethernet header is shown in WinpkFilter VB samples, getting other headers should be very similar.

        #5982
        oromano
        Participant

          Anybody could help me to translate this to VB? Thanks in advance

        Viewing 3 posts - 1 through 3 (of 3 total)
        • You must be logged in to reply to this topic.