Inspecting packet flows modified by WinpkFilter

Home Forums Discussions General Inspecting packet flows modified by WinpkFilter

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #12768
    BaconPackets
    Participant

      Hello!

      I was wondering if there was any trace when a packet flow is modified by WinpkFilter. I am currently playing around with a GPN that seems to leverage WinpkFilter to actually intercept and redirect flows that are related to games.

      I would be curious to understand a bit more how it’s structured and the selection logic between flows it ignores and flows that are hijacked.

      The software is called ExitLag.

      Thanks!

      #12769
      Vadim Smirnov
      Keymaster

        Yes, you are right about ExitLag, it does indeed use WinpkFilter to intercept and process network traffic. However, I’m afraid the only way I can suggest for researching how it affects traffic flow is to create two winpkfilter-derived drivers and set one above and one below ExitLag in the stack. Thus, you can capture and record the traffic from these two drivers, save to a PCAP file, and analyze the difference in Wireshark.

      Viewing 2 posts - 1 through 2 (of 2 total)
      • You must be logged in to reply to this topic.